www.bleepingcomputer.com Open in urlscan Pro
104.20.59.209 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Submission: On July 04 via api (July 4th 2019, 4:08:35 pm UTC) from US

Summary HTTP 269 Redirects Links 31 Behaviour Indicators

Summary

This website contacted 48 IPs in 7 countries across 44 domains to perform 269 HTTP transactions. The main IP is 104.20.59.209, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is www.bleepingcomputer.com.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on May 12th 2018. Valid for: 2 years.

This is the only time www.bleepingcomputer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.20.59.209 104.20.59.209	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
4	2a00:1450:400... 2a00:1450:4001:815::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
32	104.24.1.61 104.24.1.61	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	2a04:4e42:1b:... 2a04:4e42:1b::645	54113 (FASTLY) (FASTLY - Fastly)
1	2a00:1450:400... 2a00:1450:4001:824::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
4 6	2a00:1450:400... 2a00:1450:4001:819::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
8	216.58.210.2 216.58.210.2	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2606:4700:20:... 2606:4700:20::6819:bf72	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
8	2a00:1450:400... 2a00:1450:4001:81b::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2600:9000:204... 2600:9000:2047:fc00:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	2a00:1450:400... 2a00:1450:4001:81b::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:81a::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
9	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2600:9000:200... 2600:9000:200c:3c00:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
8	2a04:4e42:3::645 2a04:4e42:3::645	54113 (FASTLY) (FASTLY - Fastly)
1	18.207.76.63 18.207.76.63	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	52.222.157.56 52.222.157.56	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	52.222.157.150 52.222.157.150	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
5	35.188.71.214 35.188.71.214	15169 (GOOGLE) (GOOGLE - Google LLC)
1	54.192.94.221 54.192.94.221	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
4	3.214.45.211 3.214.45.211	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
11	172.217.21.194 172.217.21.194	15169 (GOOGLE) (GOOGLE - Google LLC)
3	23.22.162.56 23.22.162.56	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	52.222.157.91 52.222.157.91	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	52.222.157.166 52.222.157.166	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	91.228.74.238 91.228.74.238	27281 (QUANTCAST) (QUANTCAST - Quantcast Corporation)
1 3	2.19.43.224 2.19.43.224	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	23.210.250.13 23.210.250.13	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	2600:9000:204... 2600:9000:2047:7c00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	3.92.90.105 3.92.90.105	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
3	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
3	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK - Facebook)
21	2a00:1450:400... 2a00:1450:4001:819::2001	15169 (GOOGLE) (GOOGLE - Google LLC)
13	2a00:1450:400... 2a00:1450:4001:820::2001	15169 (GOOGLE) (GOOGLE - Google LLC)
3 6	216.58.207.70 216.58.207.70	15169 (GOOGLE) (GOOGLE - Google LLC)
4	35.226.36.58 35.226.36.58	15169 (GOOGLE) (GOOGLE - Google LLC)
4	2a00:1450:400... 2a00:1450:4001:81d::2014	15169 (GOOGLE) (GOOGLE - Google LLC)
2	185.33.223.100 185.33.223.100	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
2	2a02:fa8:8806... 2a02:fa8:8806:13::1460	41041 (VCLK-EU-) (VCLK-EU-)
1	54.215.180.144 54.215.180.144	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	2606:4700:10:... 2606:4700:10::6814:8528	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	34.229.36.213 34.229.36.213	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
5	208.100.17.183 208.100.17.183	32748 (STEADFAST) (STEADFAST - Steadfast)
2 4	173.241.240.143 173.241.240.143	36089 (OPENX-AS1) (OPENX-AS1 - OPENX TECHNOLOGIES)
2	2606:4700::68... 2606:4700::6812:1aef	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	2.18.232.130 2.18.232.130	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
269	48

1 104.20.59.209 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.bleepingcomputer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:815::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 104.24.1.61 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.bleepstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:1b::645 (Ascension Island)

ASN54113 (FASTLY - Fastly, US)

cdn.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdns.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:819::2004 (Frankfurt am Main, Germany) 4 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 216.58.210.2 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s07-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::6819:bf72 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

a.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:81b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2047:fc00:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:200c:3c00:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

static.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a04:4e42:3::645 (Ascension Island)

ASN54113 (FASTLY - Fastly, US)

ck.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.207.76.63 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-18-207-76-63.compute-1.amazonaws.com

core.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.157.56 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-222-157-56.fra53.r.cloudfront.net

privacy-api-gateway.quantcast.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.222.157.150 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-222-157-150.fra53.r.cloudfront.net

audit.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.188.71.214 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 214.71.188.35.bc.googleusercontent.com

d.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.192.94.221 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-192-94-221.fra2.r.cloudfront.net

freestar-io.videoplayerhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.214.45.211 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-3-214-45-211.compute-1.amazonaws.com

rtb.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 172.217.21.194 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s12-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.22.162.56 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-23-22-162-56.compute-1.amazonaws.com

trk.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.157.91 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-222-157-91.fra53.r.cloudfront.net

api.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.222.157.166 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-222-157-166.fra53.r.cloudfront.net

ad-delivery.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.228.74.238 (United Kingdom)

ASN27281 (QUANTCAST - Quantcast Corporation, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.19.43.224 (Ascension Island) 1 redirects

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-19-43-224.deploy.static.akamaitechnologies.com

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.210.250.13 (Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-210-250-13.deploy.static.akamaitechnologies.com

s.ntv.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2047:7c00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.92.90.105 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-3-92-90-105.compute-1.amazonaws.com

cluster-na.cdnjquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:819::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:820::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 216.58.207.70 (Mountain View, United States) 3 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s25-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.226.36.58 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 58.36.226.35.bc.googleusercontent.com

c.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81d::2014 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

amp-error-reporting.appspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.223.100 (Netherlands)

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: 373.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:fa8:8806:13::1460 (Sweden)

ASN41041 (VCLK-EU-, SE)

web.hb.ad.cpe.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.215.180.144 (San Jose, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-215-180-144.us-west-1.compute.amazonaws.com

jadserve.postrelease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:10::6814:8528 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

i.connectad.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.connectad.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.229.36.213 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-229-36-213.compute-1.amazonaws.com

sync.bfmio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 208.100.17.183 (Chicago, United States)

ASN32748 (STEADFAST - Steadfast, US)
PTR: ip183.208-100-17.static.steadfastdns.net

de.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 173.241.240.143 (Amsterdam, Netherlands) 2 redirects

ASN36089 (OPENX-AS1 - OPENX TECHNOLOGIES, INC., US)
PTR: ox-173-241-240-143.xa.dc.openx.org

u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:1aef (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdn.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.232.130 (Ascension Island)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-232-130.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
32	bleepstatic.com www.bleepstatic.com	252 KB
23	doubleclick.net 3 redirects googleads.g.doubleclick.net securepubads.g.doubleclick.net ad.doubleclick.net	114 KB
21	ampproject.org cdn.ampproject.org	541 KB
21	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com Failed	275 KB
18	connatix.com cdn.connatix.com cdns.connatix.com ck.connatix.com core.connatix.com rtb.connatix.com i.connatix.com trk.connatix.com	622 KB
11	pub.network a.pub.network d.pub.network c.pub.network ssp.pub.network Failed	217 KB
8	gstatic.com fonts.gstatic.com	87 KB
8	google.com 4 redirects www.google.com cse.google.com adservice.google.com	2 KB
6	consensu.org quantcast.mgr.consensu.org static.quantcast.mgr.consensu.org audit.quantcast.mgr.consensu.org api.quantcast.mgr.consensu.org	94 KB
5	tynt.com de.tynt.com
4	adnxs.com ib.adnxs.com acdn.adnxs.com	2 KB
4	appspot.com amp-error-reporting.appspot.com	256 B
4	openx.net connatix-d.openx.net Failed freestar-d.openx.net Failed u.openx.net	580 B
4	googleapis.com fonts.googleapis.com	3 KB
3	connectad.io i.connectad.io Failed cdn.connectad.io	643 B
3	facebook.com www.facebook.com	526 B
3	facebook.net connect.facebook.net	78 KB
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com	2 KB
3	googletagservices.com www.googletagservices.com	66 KB
2	districtm.io dmx.districtm.io Failed cdn.districtm.io
2	dotomi.com web.hb.ad.cpe.dotomi.com	1 KB
2	bfmio.com display.bfmio.com Failed sync.bfmio.com
2	ad-delivery.net ad-delivery.net	1 KB
2	google-analytics.com www.google-analytics.com	17 KB
1	postrelease.com jadserve.postrelease.com	505 B
1	cdnjquery.com cluster-na.cdnjquery.com	379 B
1	quantcount.com rules.quantcount.com	1 KB
1	ntv.io s.ntv.io	79 KB
1	quantserve.com secure.quantserve.com	6 KB
1	videoplayerhub.com freestar-io.videoplayerhub.com	16 KB
1	quantcast.com privacy-api-gateway.quantcast.com	80 KB
1	google.de adservice.google.de	171 B
1	googletagmanager.com www.googletagmanager.com	25 KB
1	bleepingcomputer.com www.bleepingcomputer.com	15 KB
0	brealtime.com Failed biddr.brealtime.com Failed edba.brealtime.com Failed
0	emxdgt.com Failed hb.emxdgt.com Failed
0	sharethrough.com Failed btlr.sharethrough.com Failed
0	33across.com Failed ssc.33across.com Failed
0	rubiconproject.com Failed fastlane.rubiconproject.com Failed eus.rubiconproject.com Failed
0	gumgum.com Failed g2.gumgum.com Failed
0	3lift.com Failed tlx.3lift.com Failed ib.3lift.com Failed
0	media.net Failed hbx.media.net Failed
0	adtelligent.com Failed s.adtelligent.com Failed
0	addthis.com Failed s9.addthis.com Failed
269	44

	Domain	Requested by
32	www.bleepstatic.com	www.bleepingcomputer.com cdn.connatix.com www.bleepstatic.com pagead2.googlesyndication.com
21	cdn.ampproject.org	securepubads.g.doubleclick.net
13	tpc.googlesyndication.com	a.pub.network www.bleepingcomputer.com securepubads.g.doubleclick.net
11	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net www.bleepingcomputer.com
8	fonts.gstatic.com	www.bleepingcomputer.com www.bleepstatic.com
8	pagead2.googlesyndication.com	www.bleepingcomputer.com pagead2.googlesyndication.com
7	i.connatix.com	www.bleepingcomputer.com
6	ad.doubleclick.net	3 redirects www.bleepingcomputer.com
6	googleads.g.doubleclick.net	pagead2.googlesyndication.com www.bleepingcomputer.com
6	www.google.com	4 redirects www.bleepingcomputer.com
5	de.tynt.com	a.pub.network
5	d.pub.network	a.pub.network
4	u.openx.net	2 redirects a.pub.network
4	amp-error-reporting.appspot.com	cdn.ampproject.org
4	c.pub.network	a.pub.network
4	rtb.connatix.com	cdns.connatix.com
4	fonts.googleapis.com	www.bleepingcomputer.com securepubads.g.doubleclick.net
3	www.facebook.com	www.bleepingcomputer.com connect.facebook.net
3	connect.facebook.net	a.pub.network connect.facebook.net
3	sb.scorecardresearch.com	1 redirects a.pub.network www.bleepingcomputer.com
3	trk.connatix.com	www.bleepingcomputer.com
3	www.googletagservices.com	pagead2.googlesyndication.com a.pub.network securepubads.g.doubleclick.net
2	acdn.adnxs.com	a.pub.network
2	cdn.districtm.io	a.pub.network
2	cdn.connectad.io	a.pub.network
2	sync.bfmio.com	a.pub.network
2	web.hb.ad.cpe.dotomi.com	a.pub.network
2	ib.adnxs.com	a.pub.network
2	ad-delivery.net	freestar-io.videoplayerhub.com www.bleepingcomputer.com
2	audit.quantcast.mgr.consensu.org	static.quantcast.mgr.consensu.org
2	static.quantcast.mgr.consensu.org	quantcast.mgr.consensu.org
2	www.google-analytics.com	www.googletagmanager.com www.bleepingcomputer.com
2	a.pub.network	www.bleepingcomputer.com a.pub.network
1	jadserve.postrelease.com	a.pub.network
1	i.connectad.io	a.pub.network
1	cluster-na.cdnjquery.com	freestar-io.videoplayerhub.com
1	rules.quantcount.com	secure.quantserve.com
1	s.ntv.io	a.pub.network
1	secure.quantserve.com	a.pub.network
1	api.quantcast.mgr.consensu.org	quantcast.mgr.consensu.org
1	freestar-io.videoplayerhub.com	a.pub.network
1	privacy-api-gateway.quantcast.com	quantcast.mgr.consensu.org
1	core.connatix.com	cdns.connatix.com
1	ck.connatix.com	cdns.connatix.com
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	quantcast.mgr.consensu.org	www.bleepstatic.com
1	cdns.connatix.com	cdn.connatix.com
1	cse.google.com	www.bleepingcomputer.com
1	www.googletagmanager.com	www.bleepingcomputer.com
1	cdn.connatix.com	www.bleepingcomputer.com
1	www.bleepingcomputer.com
0	edba.brealtime.com Failed	www.bleepingcomputer.com
0	eus.rubiconproject.com Failed	a.pub.network
0	biddr.brealtime.com Failed	a.pub.network
0	ib.3lift.com Failed	a.pub.network
0	dmx.districtm.io Failed	a.pub.network
0	hb.emxdgt.com Failed	a.pub.network
0	btlr.sharethrough.com Failed	a.pub.network
0	ssc.33across.com Failed	a.pub.network
0	ssp.pub.network Failed	a.pub.network
0	display.bfmio.com Failed	a.pub.network
0	fastlane.rubiconproject.com Failed	a.pub.network
0	freestar-d.openx.net Failed	a.pub.network
0	g2.gumgum.com Failed	a.pub.network
0	tlx.3lift.com Failed	a.pub.network
0	hbx.media.net Failed	a.pub.network
0	s.adtelligent.com Failed	a.pub.network
0	connatix-d.openx.net Failed	cdns.connatix.com
0	s9.addthis.com Failed	www.bleepingcomputer.com
269	70

This site contains links to these domains. Also see Links.

Domain
www.quantcast.com
www.facebook.com
twitter.com
plus.google.com
www.youtube.com
deals.bleepingcomputer.com
www.proofpoint.com
blog.trendmicro.com
connatix.com
documents.trendmicro.com
malpedia.caad.fkie.fraunhofer.de
portal.msrc.microsoft.com

Subject Issuer	Validity	Valid
bleepingcomputer.com COMODO RSA Domain Validation Secure Server CA	`2018-05-12` - `2020-05-17`	2 years	crt.sh
*.googleapis.com Google Internet Authority G3	`2019-06-11` - `2019-09-03`	3 months	crt.sh
ssl391376.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-06-20` - `2019-12-27`	6 months	crt.sh
*.connatix.com Go Daddy Secure Certificate Authority - G2	`2018-08-20` - `2019-10-19`	a year	crt.sh
*.google-analytics.com Google Internet Authority G3	`2019-06-11` - `2019-09-03`	3 months	crt.sh
*.google.com Google Internet Authority G3	`2019-06-11` - `2019-09-03`	3 months	crt.sh
*.g.doubleclick.net Google Internet Authority G3	`2019-06-11` - `2019-09-03`	3 months	crt.sh
ssl376957.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-07-01` - `2020-01-07`	6 months	crt.sh
quantcast.mgr.consensu.org Amazon	`2019-05-06` - `2020-06-06`	a year	crt.sh
*.quantcast.com DigiCert SHA2 High Assurance Server CA	`2018-09-06` - `2019-10-01`	a year	crt.sh
*.pub.network Go Daddy Secure Certificate Authority - G2	`2019-02-09` - `2020-05-16`	a year	crt.sh
*.videoplayerhub.com Amazon	`2018-08-01` - `2019-09-01`	a year	crt.sh
ad-delivery.net Amazon	`2019-03-07` - `2020-04-07`	a year	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2018-10-16` - `2019-10-21`	a year	crt.sh
*.scorecardresearch.com COMODO RSA Organization Validation Secure Server CA	`2018-11-28` - `2019-12-26`	a year	crt.sh
*.ntv.io DigiCert SHA2 Secure Server CA	`2018-06-12` - `2019-12-11`	a year	crt.sh
*.assetbucket.net Amazon	`2018-09-26` - `2019-10-26`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2019-06-06` - `2019-09-04`	3 months	crt.sh
misc-sni.google.com Google Internet Authority G3	`2019-06-11` - `2019-09-03`	3 months	crt.sh
tpc.googlesyndication.com Google Internet Authority G3	`2019-06-11` - `2019-09-03`	3 months	crt.sh
*.doubleclick.net Google Internet Authority G3	`2019-06-11` - `2019-09-03`	3 months	crt.sh
www.google.com Google Internet Authority G3	`2019-06-11` - `2019-09-03`	3 months	crt.sh
*.appspot.com Google Internet Authority G3	`2019-06-11` - `2019-09-03`	3 months	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
ad.cpe.dotomi.com GlobalSign Organization Validation CA - SHA256 - G2	`2018-05-25` - `2020-05-25`	2 years	crt.sh
*.postrelease.com Amazon	`2019-03-27` - `2020-04-27`	a year	crt.sh
connectad.io CloudFlare Inc ECC CA-2	`2018-08-18` - `2019-08-18`	a year	crt.sh
*.bfmio.com Go Daddy Secure Certificate Authority - G2	`2016-09-05` - `2019-09-05`	3 years	crt.sh
*.tynt.com COMODO RSA Domain Validation Secure Server CA	`2014-10-14` - `2019-10-13`	5 years	crt.sh
*.openx.net DigiCert ECC Secure Server CA	`2019-02-08` - `2020-05-12`	a year	crt.sh
districtm.io CloudFlare Inc ECC CA-2	`2019-03-26` - `2020-03-26`	a year	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2019-04-23` - `2020-02-19`	10 months	crt.sh

This page contains 33 frames:

Primary Page: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Frame ID: A574108E4322ED6661DADCE1644C80D3
Requests: 179 HTTP requests in this frame

Frame: https://cdns.connatix.com/p/1586/min/connatix.renderer.infeed.min_dc.js
Frame ID: 28B1B0FB6D47AC02C100E60F3F2D80EC
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/r20190626/r20190131/show_ads_impl.js
Frame ID: 1CC3D3BF1A5B0921EC535B704F519A8C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20190626/r20190131/zrt_lookup.html
Frame ID: A4FEFAE03B797710F44A6F48AC3ABE16
Requests: 1 HTTP requests in this frame

Frame: https://static.quantcast.mgr.consensu.org/v21/cmp-3pc-check.html
Frame ID: 904986A4BACFCB91D33C4B3A5B405118
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0920899300397823&output=html&h=500&slotname=4359266829&adk=3764243768&adf=155314479&w=834&cr_col=4&cr_row=2&fwrn=2&lmt=1562251157&rafmt=9&guci=1.2.0.0.2.2.0.0&format=834x500&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&flash=0&crui=image_stacked&fwr=0&wgl=1&adsid=NT&dt=1562256482487&bpp=11&bdt=247&fdt=97&idt=98&shv=r20190626&cbv=r20190131&saldr=aa&abxe=1&correlator=6460334598135&frm=20&pv=2&ga_vid=222572338.1562256483&ga_sid=1562256483&ga_hid=697304623&ga_fc=0&iag=0&icsg=549758443520&dssz=39&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=208&ady=5887&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=20040012%2C21060853&oid=3&rx=0&eae=0&fc=912&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=144&bc=31&osw_key=3733268371&ifi=1&uci=1.2axj1fxmmtpj&fsb=1&xpc=U0PhHsefNR&p=https%3A//www.bleepingcomputer.com&dtd=130
Frame ID: EF0ED97DAE8EFC8115E4600C6A415DEF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0920899300397823&output=html&adk=1812271804&adf=3025194257&lmt=1562251157&plat=1%3A32776%2C2%3A16809992%2C8%3A32776%2C9%3A32776%2C16%3A8388608%2C30%3A34635776&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1562256482512&bpp=4&bdt=272&fdt=115&idt=115&shv=r20190626&cbv=r20190131&saldr=aa&abxe=1&prev_fmts=834x500&nras=1&correlator=6460334598135&frm=20&pv=1&ga_vid=222572338.1562256483&ga_sid=1562256483&ga_hid=697304623&ga_fc=0&iag=0&icsg=9345851465728&dssz=40&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=20040012%2C21060853&oid=3&rx=0&eae=2&fc=912&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&osw_key=2001182872&ifi=1&uci=1.6pq7fn9uozy2&fsb=1&dtd=119
Frame ID: 0D71C788B87C2B7341616A98E5816FAA
Requests: 1 HTTP requests in this frame

Frame: https://s.adtelligent.com/sync.html?aid=410295
Frame ID: 8D3CC8676FD1D877C75C7B5787EB183E
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js
Frame ID: C48727A0302DAF3B53DB6B549563560B
Requests: 18 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js
Frame ID: CFCF0A6ABAFD57D5845681BE1C30A3AA
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/safeframe/1-0-35/html/container.html
Frame ID: 070C52DD9384F0F7B1E5658A0FB13F57
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsumCzC1-_yyii96jyTTvyPBx1qe1h56skZy95FlB1lLUWYyAGJjHhh-YRZc_T7bU7WJu7CSbP2SgRGV3clDYdLouGAjXXKd2JQKoXT03SxaikEG8-hgBnFzNMLKThkxdJJUIUqX3DEgwuwC5b-Z9uYyPnotdgO5IPsblKw7YgH5mYmBqNaDdKdaBgPnLVGdQPEep1PtMZVAztGHvdu4mKaAmy6NBO_Z0WeaJ1RBiW4kKRQKNEp7k-BsFdMmifD3MazvdvGLZK6vxuYyxmel3Nr9oCFA&sig=Cg0ArKJSzHnyqgNAWb0BEAE&urlfix=1&adurl=
Frame ID: 9A23EC5E8519FF419EFC4579FAFE6588
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js
Frame ID: B083F5B8FBE9BA22E391BD64A39F5DA3
Requests: 12 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 942DAADE1AE9A19DFA26F2E901E8FFFC
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js
Frame ID: 7F071698E7897CB0E8F222216787F8B4
Requests: 20 HTTP requests in this frame

Frame: https://sync.bfmio.com/sync_iframe?ifg=1&id=92fd6b68-fe21-44c5-bce8-6f519808339c&gdpr=0&gc=&gce=1
Frame ID: 991A87C4D616EA91ACF8F71BECE3DC55
Requests: 1 HTTP requests in this frame

Frame: https://cdn.connectad.io/connectmyusers.php
Frame ID: EC0334F1FB200603DD1184C628758D29
Requests: 1 HTTP requests in this frame

Frame: https://de.tynt.com/deb/v2?m=xch&rt=html&id=cMP4reZxWr6jPmaKlId8sQ
Frame ID: 34B661D451140E56BD214952A93293A1
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?cc=1
Frame ID: 17F443DCA1C380AB4B86C0767F232ED4
Requests: 1 HTTP requests in this frame

Frame: https://de.tynt.com/deb/v2?m=xch&rt=html&id=bBb-SI6fGr6iocaKkv7mNO
Frame ID: C2666AAE8B911153E4C85A3D2871949E
Requests: 1 HTTP requests in this frame

Frame: https://ib.3lift.com/sync
Frame ID: C327F91AA986E42A40ADB187D3EFCAE2
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 9FC2373ED1DAF57746BA538BE5EEFAD9
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 5C1FAC58F9212461011CD087879EA0FF
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?cc=1
Frame ID: B897390BED3BF01A4D6D150D6E9761E0
Requests: 1 HTTP requests in this frame

Frame: https://cdn.connectad.io/connectmyusers.php
Frame ID: F46236A13DE4EEA4D44367055C02DFC9
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 9D8E2D7B758A06071B918C625DC5FB3C
Requests: 1 HTTP requests in this frame

Frame: https://de.tynt.com/deb/v2?m=xch&rt=html&id=bzPstcZxSr6lrlaKkv7mNO
Frame ID: B6FC698350503B7B41ABE6F8A6A38FB0
Requests: 1 HTTP requests in this frame

Frame: https://de.tynt.com/deb/v2?m=xch&rt=html&id=dxLHU2ZxSr6lrlaKkv7mNO
Frame ID: 151C02F6C5B0D505D53D23E86CC0BF7F
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 6C6AF05F5A6E149547548BC6A8E2D858
Requests: 1 HTTP requests in this frame

Frame: https://sync.bfmio.com/sync_iframe?ifg=1&id=92fd6b68-fe21-44c5-bce8-6f519808339c&gdpr=0&gc=&gce=1
Frame ID: DE2D3A792B703C8057E6C2DB91408639
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 1CD8672F8DB0FA7D8D0989FE79042992
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: DFCAF5476636B2455CF2A0FA76CB8453
Requests: 1 HTTP requests in this frame

Frame: https://de.tynt.com/deb/v2?m=xch&rt=html&id=ddRMkSZxSr6lrlaKkv7mNO
Frame ID: B6D39C1E3C26856481415275D5258294
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Quantcast (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /\.quantserve\.com\/quant\.js/i

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

html /<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i
script /\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

269
Requests

72 %
HTTPS

47 %
IPv6

44
Domains

70
Subdomains

48
IPs

7
Countries

2598 kB
Transfer

6956 kB
Size

0
Cookies

31 Outgoing links

These are links going to different origins than the main page.

URL: https://www.quantcast.com/gdpr/consent-management-solution/?utm_source=Quantcast%20Choice&utm_medium=Product%20Logo
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/BleepingComputer

Search URL Search Domain Scan URL

URL: https://twitter.com/BleepinComputer

Search URL Search Domain Scan URL

URL: https://plus.google.com/+bleepingcomputer/posts

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/BleepingComputer

Search URL Search Domain Scan URL

URL: https://deals.bleepingcomputer.com/
Title: Deals

Search URL Search Domain Scan URL

URL: https://deals.bleepingcomputer.com/deals/elearning?utm_source=bleepingcomputer.com&utm_medium=dd_cat
Title: eLearning

Search URL Search Domain Scan URL

URL: https://deals.bleepingcomputer.com/deals/certifications?utm_source=bleepingcomputer.com&utm_medium=dd_cat
Title: IT Certification Courses

Search URL Search Domain Scan URL

URL: https://deals.bleepingcomputer.com/deals/gear-gadgets?utm_source=bleepingcomputer.com&utm_medium=dd_cat
Title: Gear + Gadgets

Search URL Search Domain Scan URL

URL: https://deals.bleepingcomputer.com/collections/tag-cyber-security?utm_source=bleepingcomputer.com&utm_medium=dd_cat
Title: Security

Search URL Search Domain Scan URL

URL: https://www.proofpoint.com/us/threat-insight/post/Dridex-Actors-Get-In-the-Ransomware-Game-With-Locky
Title: Locky ransomware

Search URL Search Domain Scan URL

URL: https://blog.trendmicro.com/trendlabs-security-intelligence/latest-spam-campaigns-from-ta505-now-using-new-malware-tools-gelup-and-flowerpippi/
Title: seen by Trend Micro

Search URL Search Domain Scan URL

URL: https://connatix.com/
Title: .st0{fill:#FFFFFF;}.st1{fill:#0099FF;}

Search URL Search Domain Scan URL

URL: https://documents.trendmicro.com/assets/Tech-Brief-Latest-Spam-Campaigns-from-TA505-Now-Using-New-Malware-Tools-Gelup-and-FlowerPippi.pdf
Title: technical analysis

Search URL Search Domain Scan URL

URL: https://malpedia.caad.fkie.fraunhofer.de/details/win.andromeda
Title: Andromeda

Search URL Search Domain Scan URL

URL: https://malpedia.caad.fkie.fraunhofer.de/details/win.qtbot
Title: QtLoader

Search URL Search Domain Scan URL

URL: https://twitter.com/MsftSecIntel
Title: Microsoft Security Intelligence

Search URL Search Domain Scan URL

URL: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882
Title: CVE-2017-11882

Search URL Search Domain Scan URL

URL: https://twitter.com/MsftSecIntel/status/1137118979896430592
Title: actively being used

Search URL Search Domain Scan URL

URL: https://blog.trendmicro.com/trendlabs-security-intelligence/shifting-tactics-breaking-down-ta505-groups-use-of-html-rats-and-other-techniques-in-latest-campaigns/
Title: detected a similar campaign

Search URL Search Domain Scan URL

URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta505-dridex-globeimposter
Title: 1

Search URL Search Domain Scan URL

URL: https://www.proofpoint.com/us/threat-insight/post/leaked-ammyy-admin-source-code-turned-malware
Title: 2

Search URL Search Domain Scan URL

URL: https://www.proofpoint.com/us/threat-insight/post/trat-new-modular-rat-appears-multiple-email-campaigns
Title: RATs

Search URL Search Domain Scan URL

URL: https://www.proofpoint.com/us/threat-insight/post/new-modular-downloaders-fingerprint-systems-prepare-more-part-1-marap
Title: malware downloaders

Search URL Search Domain Scan URL

URL: https://www.proofpoint.com/us/threat-insight/post/ta505-abusing-settingcontent-ms-within-pdf-files-distribute-flawedammyy-rat
Title: 1

Search URL Search Domain Scan URL

URL: https://www.proofpoint.com/us/threat-insight/post/ta505-targets-us-retail-industry-personalized-attachments
Title: 2

Search URL Search Domain Scan URL

URL: https://documents.trendmicro.com/assets/Appendix-Latest-Spam-Campaigns-from-TA505-Now-Using-New-Malware-Tools-Gelup-and-FlowerPippi.pdf
Title: HERE

Search URL Search Domain Scan URL

URL: https://www.proofpoint.com/us/threat-insight/post/ta505-begins-summer-campaigns-new-pet-malware-downloader-andromut-uae-south
Title: HERE

Search URL Search Domain Scan URL

URL: https://twitter.com/MsftSecIntel/status/1141858909721808897
Title: digitally signed executables

Search URL Search Domain Scan URL

URL: https://twitter.com/MsftSecIntel/status/1141858910401257475
Title: FlawedAmmyy RAT

Search URL Search Domain Scan URL

URL: https://twitter.com/serghei

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11

https://www.google.com/coop/cse/brand?form=cse-search-box&lang=en HTTP 302
https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request Chain 100

https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_ucfr=1&ns__t=1562256484507&ns_c=UTF-8&cv=3.1&c8=New%20Backdoor%20and%20Malware%20Downloader%20Used%20in%20TA505%20Spam%20Campaigns&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1562256484507&ns_c=UTF-8&cv=3.1&c8=New%20Backdoor%20and%20Malware%20Downloader%20Used%20in%20TA505%20Spam%20Campaigns&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&c9=

Request Chain 133

https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.247937948;dc_trk_aid=444500704;dc_trk_cid=117027577;ord=3347692637;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.247937948;dc_pre=CK_76PfSm-MCFQHHdwod9dQNdg;dc_trk_aid=444500704;dc_trk_cid=117027577;ord=3347692637;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=

Request Chain 140

https://ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/B21456284.229002654;dc_trk_aid=426910088;dc_trk_cid=103966985;ord=251726114;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/B21456284.229002654;dc_pre=CN_76PfSm-MCFQkEiwodjPQHtQ;dc_trk_aid=426910088;dc_trk_cid=103966985;ord=251726114;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=

Request Chain 148

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 149

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 151

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 171

https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.248289117;dc_trk_aid=444500836;dc_trk_cid=117024702;ord=3368313340;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.248289117;dc_pre=CNLI7ffSm-MCFY7RdwodYxcH6A;dc_trk_aid=444500836;dc_trk_cid=117024702;ord=3368313340;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=

Request Chain 261

https://u.openx.net/w/1.0/pd HTTP 302
https://u.openx.net/w/1.0/pd?cc=1

Request Chain 266

https://u.openx.net/w/1.0/pd HTTP 302
https://u.openx.net/w/1.0/pd?cc=1

269 HTTP transactions
10 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/ 70 KB
15 KB 1919ms
579ms Document
text/html 104.20.59.209
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3cb52f528fbf03a9bb562ef0c01fd748b405de3f512835b4963075749061b6f7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

:method: GET
:authority: www.bleepingcomputer.com
:scheme: https
:path: /news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Thu, 04 Jul 2019 16:08:02 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d298767da07eeee6c2d00251782414ead1562256481; expires=Fri, 03-Jul-20 16:08:01 GMT; path=/; domain=.bleepingcomputer.com; HttpOnly session_id=8bab306436f80f57afe4a2d4836e4b7a; path=/; domain=.bleepingcomputer.com; httponly;Secure lav=6320; expires=Sat, 03-Aug-2019 16:08:02 GMT; Max-Age=2592000; path=/;Secure
content-security-policy: upgrade-insecure-requests;
x-frame-options: SAMEORIGIN
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
last-modified: Thu, 04 Jul 2019 14:39:17 GMT
vary: Accept-Encoding,User-Agent
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 4f125b026da3d8f5-AMS
content-encoding: br

GET
H2 200 css
fonts.googleapis.com/ 14 KB
897 B 19ms
17ms Stylesheet
text/css 2a00:1450:4001:815::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

e1ed25f4abd181e54349b19a94bd563692385ef339df2540abbee5638ccb3765

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 04 Jul 2019 16:08:02 GMT
server: ESF
access-control-allow-origin: *
date: Thu, 04 Jul 2019 16:08:02 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Thu, 04 Jul 2019 16:08:02 GMT

GET
H2 200 bootstrap.css
www.bleepstatic.com/css/redesign/ 111 KB
17 KB 120ms
24ms Stylesheet
text/css 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/css/redesign/bootstrap.css
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e7c74d95df84ef3a6be5c4fcde54fae313a04a9bd611059e6a97a23ff09f26f

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
content-encoding: br
cf-cache-status: HIT
age: 2634059
cf-polished: origSize=137522
status: 200
cf-bgj: minify
last-modified: Fri, 23 Sep 2016 14:33:06 GMT
server: cloudflare
etag: W/"2184297232"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 4f125b06bda4d901-AMS
expires: Tue, 26 Mar 2019 04:25:05 GMT

GET
H2 200 main.css
www.bleepstatic.com/css/redesign/ 51 KB
9 KB 121ms
26ms Stylesheet
text/css 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c9e727b37a735a7983ea8bdad06a38b246261c239bb80b86cc0ff3663c910adb

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
content-encoding: br
cf-cache-status: HIT
age: 647008
cf-polished: origSize=60842
status: 200
cf-bgj: minify
last-modified: Thu, 16 Aug 2018 15:28:40 GMT
server: cloudflare
etag: W/"4249134023"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 4f125b06bda5d901-AMS
expires: Thu, 14 Mar 2019 04:21:16 GMT

GET
H2 200 home.css
www.bleepstatic.com/css/redesign/ 12 KB
3 KB 118ms
22ms Stylesheet
text/css 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/css/redesign/home.css
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b3498f138f5418bd58413e79e4c0969e618d6f2fee2d9d98c0f4e70a6cbd04ad

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
content-encoding: br
cf-cache-status: HIT
age: 2485312
cf-polished: origSize=14998
status: 200
cf-bgj: minify
last-modified: Sat, 24 Mar 2018 16:18:00 GMT
server: cloudflare
etag: W/"2402535603"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 4f125b06bda8d901-AMS
expires: Wed, 27 Mar 2019 21:45:08 GMT

GET
H2 200 news.css
www.bleepstatic.com/css/redesign/ 27 KB
5 KB 115ms
20ms Stylesheet
text/css 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/css/redesign/news.css
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6d4ea4e2f95dcd77bc3acb8408f8ed9c2d9453aeafef8af9387b04e6c9a8ff9

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
content-encoding: br
cf-cache-status: HIT
age: 1225654
cf-polished: origSize=32748
status: 200
cf-bgj: minify
last-modified: Mon, 28 Jan 2019 20:41:57 GMT
server: cloudflare
etag: W/"3696970514"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 4f125b06bda7d901-AMS
expires: Thu, 20 Jun 2019 11:39:31 GMT

GET
H2 200 jquery-1.11.1.min.js Show response
www.bleepstatic.com/js/redesign/ 94 KB
32 KB 123ms
28ms Script
text/javascript 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/redesign/jquery-1.11.1.min.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 23 Apr 2015 12:36:44 GMT
server: cloudflare
age: 2416459
etag: W/"3647451394"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: max-age=3024000
cf-ray: 4f125b06bdaad901-AMS
access-control-allow-origin: *
expires: Thu, 28 Mar 2019 16:53:04 GMT

GET
H2 200 news.js Show response
www.bleepstatic.com/js/redesign/ 183 B
523 B 113ms
18ms Script
text/javascript 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/redesign/news.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 827252be04765631f8ff21fee8ffe1028e27dfa52f62c08ef3182609a0a0e991

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
content-encoding: br
cf-cache-status: HIT
age: 39181
cf-polished: origSize=247
status: 200
cf-bgj: minify
last-modified: Wed, 16 Dec 2015 15:41:46 GMT
server: cloudflare
etag: W/"4218930423"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 4f125b06bdabd901-AMS
expires: Thu, 21 Mar 2019 05:10:14 GMT

GET
H2 200 connatix.renderer.infeed.min.js Show response
cdn.connatix.com/min/ 957 B
1 KB 29ms
6ms Script
application/javascript 2a04:4e42:1b::645
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.connatix.com/min/connatix.renderer.infeed.min.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:1b::645 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: Varnish /
Resource Hash: af67e0e08b5bb03ee78a9ff33abfac609e968a9856b2ffeeae3d636221b6387a

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
via: 1.1 varnish
server: Varnish
age: 0
x-cache: HIT
content-type: application/javascript
status: 200
cache-control: no-cache, no-store, must-revalidate, max-age=0
x-cache-hits: 0
accept-ranges: bytes
x-timer: S1562256482.276613,VS0,VE0
content-length: 957
retry-after: 0
x-served-by: cache-hhn4028-HHN

GET
H2 200 qc-consent.js Show response
www.bleepstatic.com/js/qc-consent/ 3 KB
1 KB 28ms
27ms Script
text/javascript 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b6a84a416edfb98ed7608dad8cd26ffd7123e54bce2bb13a4a3394e0b948382

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
content-encoding: br
cf-cache-status: HIT
age: 2555784
cf-polished: origSize=3848
status: 200
cf-bgj: minify
last-modified: Thu, 07 Feb 2019 13:49:44 GMT
server: cloudflare
etag: W/"3981350888"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 4f125b06fe3ed901-AMS
expires: Wed, 27 Mar 2019 02:09:12 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 65 KB
25 KB 17ms
15ms Script
application/javascript 2a00:1450:4001:824::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-91740-1

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

db602e6da4aa64c6a1526838e73da1ed4e3ddac389322946bc961b849674cfec

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
content-encoding: br
last-modified: Thu, 04 Jul 2019 15:00:00 GMT
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 25539
x-xss-protection: 0
expires: Thu, 04 Jul 2019 16:08:02 GMT

GET
H2 200 logo.png
www.bleepstatic.com/images/site/ 1 KB
1 KB 18ms
16ms Image
image/webp 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/logo.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 19db4a2cde712e2ceaac317e732b4ec40b62818a938a8bf8391ad68470845019

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status: HIT
age: 157649
cf-polished: origFmt=png, origSize=1882
status: 200
content-disposition: inline; filename="logo.webp"
cf-bgj: imgq:85
content-length: 1152
last-modified: Sat, 04 Mar 2017 04:12:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4f125b070e72d901-AMS
expires: Thu, 01 Aug 2019 20:20:33 GMT

GET
H2

200

brand Show response
cse.google.com/coop/cse/
Redirect Chain

https://www.google.com/coop/cse/brand?form=cse-search-box&lang=en
https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en

3 KB
1 KB

26ms
6ms

Script
text/javascript

2a00:1450:4001:809::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

pfe /

Resource Hash

4eeb4df3522892ea2ec61de6a58e870e8262019f8e3c759c099450cefb589313

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 15:59:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: pfe
age: 536
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: public, max-age=1800
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 1181
x-xss-protection: 0
expires: Thu, 04 Jul 2019 16:29:06 GMT

Redirect headers

date: Thu, 04 Jul 2019 16:08:02 GMT
x-content-type-options: nosniff
server: sffe
location: https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en
content-type: text/html; charset=UTF-8
status: 302
cache-control: private
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 266
x-xss-protection: 0

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 91 KB
34 KB 26ms
24ms Script
text/javascript 216.58.210.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

cafe /

Resource Hash

5dfcc2746e6dbf11b0ac1dc8823688f2cdff5b6d4afbe00e256384bfdff399c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length: 34389
x-xss-protection: 0
server: cafe
etag: 4062630801850784253
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 04 Jul 2019 16:08:02 GMT

GET
H2 200 twitter.png
www.bleepstatic.com/images/site/login/ 475 B
598 B 23ms
21ms Image
image/png 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/login/twitter.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f9278e008fc4edcd157a9a7b3f5dfbd75c167f405d11296e19c313dc5d052cc2

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status: HIT
last-modified: Sat, 04 Mar 2017 20:46:52 GMT
server: cloudflare
age: 924580
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4f125b070e74d901-AMS
access-control-allow-origin: *
content-length: 475
expires: Fri, 24 May 2019 23:15:26 GMT

GET
H2 200 bootstrap.js Show response
www.bleepstatic.com/js/redesign/ 44 KB
10 KB 23ms
22ms Script
text/javascript 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/redesign/bootstrap.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e5e0f326458e8b8ed839d42a0cf6892df80bf26d7dc7e4f8276a65c41582ab85

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
content-encoding: br
cf-cache-status: HIT
age: 2458392
cf-polished: origSize=65813
status: 200
cf-bgj: minify
last-modified: Thu, 23 Apr 2015 12:36:43 GMT
server: cloudflare
etag: W/"3930092018"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 4f125b070e79d901-AMS
expires: Thu, 28 Mar 2019 05:13:57 GMT

GET
H2 200 blazy.min.js Show response
www.bleepstatic.com/js/blazy/ 5 KB
2 KB 27ms
26ms Script
text/javascript 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/blazy/blazy.min.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f427d0f88a0698c955ff63bf13af4ca80c9b32f218b5e210847450da901a74f

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 16 Aug 2018 21:06:19 GMT
server: cloudflare
age: 2446517
etag: W/"753357888"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: max-age=3024000
cf-ray: 4f125b06fe3cd901-AMS
access-control-allow-origin: *
expires: Thu, 28 Mar 2019 08:32:18 GMT

GET
H2 200 bleep.js Show response
www.bleepstatic.com/js/redesign/ 3 KB
805 B 19ms
17ms Script
text/javascript 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/redesign/bleep.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 22e977346d45bab9f531ce1132d7ecfbe8e46868eaea790a0d4dcd1d0649d74b

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
content-encoding: br
cf-cache-status: HIT
age: 2978089
cf-polished: origSize=3600
status: 200
cf-bgj: minify
last-modified: Mon, 01 Oct 2018 12:47:57 GMT
server: cloudflare
etag: W/"2696894447"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 4f125b070e7bd901-AMS
expires: Fri, 22 Mar 2019 04:49:09 GMT

GET
H2 200 jquery.fancybox.js Show response
www.bleepstatic.com/js/redesign/fancybox/ 31 KB
9 KB 19ms
18ms Script
text/javascript 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/redesign/fancybox/jquery.fancybox.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31cd7d9398307ca2e6cfaa111bbe7b69d69cbaaed2ff74034412ebc5008671fd

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
content-encoding: br
cf-cache-status: HIT
age: 2719114
cf-polished: origSize=48706
status: 200
cf-bgj: minify
last-modified: Wed, 14 Oct 2015 20:25:51 GMT
server: cloudflare
etag: W/"327140449"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 4f125b070e7cd901-AMS
expires: Mon, 25 Mar 2019 04:42:04 GMT

GET
H2 200 fixto.min.js Show response
www.bleepstatic.com/js/fixto/ 8 KB
3 KB 20ms
18ms Script
text/javascript 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/fixto/fixto.min.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7d6d26827b887aa09b2a5eb7c001e35b93773e53c36ddbfc127ad824e0a6ba39

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 13 Jun 2015 21:34:42 GMT
server: cloudflare
age: 37367
etag: W/"1740214911"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: max-age=3024000
cf-ray: 4f125b070e6fd901-AMS
access-control-allow-origin: *
expires: Thu, 21 Mar 2019 05:36:11 GMT

GET addthis_widget.js
s9.addthis.com/js/300/ 0
0

GET
H2 200 pubfig.min.js Show response
a.pub.network/bleepingcomputer-com/ 420 KB
115 KB 467ms
412ms Script
application/javascript 2606:4700:20::6819:bf72
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:bf72 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1035691a1c992c11c8b61e5c29b62d3a190131160b4bcb3f484c11bc33907d8c

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
content-encoding: br
cf-cache-status: REVALIDATED
status: 200
x-guploader-uploadid: AEnB2UrhOdrHfi338fRSQU-u32E9razoYpBivsrpgEeYUQ11TzxUJ9bYglokkmiZFPBdB6qU8OssFBHAM7GQpC2yUSoTOcrb7w
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
last-modified: Tue, 11 Jun 2019 22:45:27 GMT
server: cloudflare
etag: W/"49f07d4e8b430b939b6bd8609666b269"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=waHi9g==, md5=SfB9TotDC5Oba9hglmayaQ==
content-type: application/javascript
x-goog-generation: 1560293127268491
cache-control: public, max-age=1800
x-goog-stored-content-length: 430527
cf-ray: 4f125b075b44971e-FRA
expires: Thu, 04 Jul 2019 16:38:02 GMT

GET
H2 200 login_bg.png
www.bleepstatic.com/images/site/ 187 B
278 B 19ms
18ms Image
image/png 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/login_bg.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46f054a5c98b253c46ff84547ce118625668349700a0730724df4bb25bcf5f78

Request headers

Referer: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status: HIT
last-modified: Sat, 04 Mar 2017 20:46:52 GMT
server: cloudflare
age: 918000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4f125b070e86d901-AMS
access-control-allow-origin: *
content-length: 187
expires: Sat, 25 May 2019 01:06:01 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v19/ 11 KB
11 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:81b::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v19/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900
Origin: https://www.bleepingcomputer.com

Response headers

date: Sun, 02 Jun 2019 04:36:10 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Mar 2019 20:13:33 GMT
server: sffe
age: 2806312
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11016
x-xss-protection: 0
expires: Mon, 01 Jun 2020 04:36:10 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v19/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81b::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v19/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900
Origin: https://www.bleepingcomputer.com

Response headers

date: Sun, 02 Jun 2019 16:28:51 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Mar 2019 20:14:03 GMT
server: sffe
age: 2763551
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11020
x-xss-protection: 0
expires: Mon, 01 Jun 2020 16:28:51 GMT

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 nav_bg.png
www.bleepstatic.com/images/site/ 83 B
198 B 17ms
17ms Image
image/png 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/nav_bg.png
Requested by: Host: cdn.connatix.com
URL: https://cdn.connatix.com/min/connatix.renderer.infeed.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d6d408ceb31cfae3d3d87971b82e522a331aa2eb042a793223b7ec19e419c564

Request headers

Referer: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status: HIT
last-modified: Sat, 04 Mar 2017 07:57:02 GMT
server: cloudflare
age: 921770
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4f125b071eb8d901-AMS
access-control-allow-origin: *
content-length: 83
expires: Fri, 24 May 2019 23:57:34 GMT

GET
H2 200 connatix.renderer.infeed.min_dc.js Show response
cdns.connatix.com/p/1586/min/ Frame 28B1 712 KB
185 KB 13ms
5ms Script
application/x-javascript 2a04:4e42:1b::645
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.connatix.com/p/1586/min/connatix.renderer.infeed.min_dc.js
Requested by: Host: cdn.connatix.com
URL: https://cdn.connatix.com/min/connatix.renderer.infeed.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:1b::645 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: e61e93c05b6569d5ee4449d783ab0403b51e8e3b65e07e5d17dec2eccf3133a2

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
content-encoding: gzip
age: 22233
x-cache: HIT, HIT
status: 200
content-length: 188760
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-dca17725-DCA, cache-hhn4028-HHN
last-modified: Thu, 04 Jul 2019 09:56:12 GMT
x-timer: S1562256482.422869,VS0,VE0
etag: "ecd53711b3d8e69cb2bd06386570aa63"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=31557600
accept-ranges: bytes
x-cache-hits: 2, 2964

GET
H2 200 cmp.js Show response
quantcast.mgr.consensu.org/ 142 KB
40 KB 7ms
7ms Script
text/javascript 2600:9000:2047:fc00:9:46dc:4700:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/cmp.js
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2047:fc00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 96128cdcbbf482e82bc1fb11a020de837ba5c061decb00e31705375fc325dee3

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:05:16 GMT
content-encoding: gzip
last-modified: Tue, 02 Jul 2019 19:26:06 GMT
server: AmazonS3
age: 460
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
status: 200
x-amz-meta-qc-ineu: True
x-amz-cf-pop: FRA53
x-amz-cf-id: 6_WKQ373kSfqM6mxvAzm4_72VyffpZy8aWhT_PBckE9pWV4sYadhJg==
via: 1.1 ed0c487879f809919537bf00a2f2dc8f.cloudfront.net (CloudFront)

GET
H2 200 20x20-printer.png
www.bleepstatic.com/images/site/ 422 B
591 B 16ms
16ms Image
image/webp 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/20x20-printer.png
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b34676178982122b66b0a55d3ee411fa343b1d19a6c119c0c9b0ea2c892738a1

Request headers

Referer: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status: HIT
age: 160363
cf-polished: origFmt=png, origSize=824
status: 200
content-disposition: inline; filename="20x20-printer.webp"
cf-bgj: imgq:85
content-length: 422
last-modified: Sat, 03 Oct 2015 03:18:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4f125b072ee3d901-AMS
expires: Thu, 01 Aug 2019 19:35:19 GMT

GET
H2 200 calendar.png
www.bleepstatic.com/images/site/ 129 B
233 B 16ms
16ms Image
image/png 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/calendar.png
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 61cb7a1fefe87904c7b02aa16c88d4b42805526d63f9d20f2f797380713e4577

Request headers

Referer: https://www.bleepstatic.com/css/redesign/news.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status: HIT
last-modified: Sat, 04 Mar 2017 20:46:52 GMT
server: cloudflare
age: 322385
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4f125b072ee5d901-AMS
access-control-allow-origin: *
content-length: 129
expires: Fri, 31 May 2019 22:31:50 GMT

GET
H2 200 clock.png
www.bleepstatic.com/images/site/ 252 B
413 B 15ms
15ms Image
image/webp 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/clock.png
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82c7fdbc4d001907e1e5d56cd335af3f0d48e0ffa7f0ad2aa3486ebb1123cb21

Request headers

Referer: https://www.bleepstatic.com/css/redesign/news.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status: HIT
age: 150926
cf-polished: origFmt=png, origSize=1316
status: 200
content-disposition: inline; filename="clock.webp"
cf-bgj: imgq:85
content-length: 252
last-modified: Fri, 29 May 2015 07:08:14 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4f125b072ee6d901-AMS
expires: Thu, 01 Aug 2019 22:12:36 GMT

GET
H2 200 comment-light.png
www.bleepstatic.com/images/site/ 96 B
360 B 17ms
16ms Image
image/webp 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/comment-light.png
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: bfc8e65089dc5421d56ecc71a0328eafd4feb2a602503ae5c15bfa3189c02f7e

Request headers

Referer: https://www.bleepstatic.com/css/redesign/news.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status: HIT
age: 150373
cf-polished: origFmt=png, origSize=1034
status: 200
content-disposition: inline; filename="comment-light.webp"
cf-bgj: imgq:85
content-length: 96
last-modified: Fri, 29 May 2015 07:08:28 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4f125b073ee8d901-AMS
expires: Thu, 01 Aug 2019 22:21:49 GMT

GET
H2 200 32x32-printer.png
www.bleepstatic.com/images/site/ 256 B
472 B 16ms
16ms Image
image/webp 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/32x32-printer.png
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 33eb81af8a0101c1ad2a210f322fb362ce1598e6e37f0a7ecc62d6ff39add590

Request headers

Referer: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status: HIT
age: 160936
cf-polished: origFmt=png, origSize=618
status: 200
content-disposition: inline; filename="32x32-printer.webp"
cf-bgj: imgq:85
content-length: 256
last-modified: Fri, 02 Oct 2015 21:57:19 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4f125b073eefd901-AMS
expires: Thu, 01 Aug 2019 19:25:46 GMT

GET
H2 200 71f54ec34151fbdfe89e478d7b6e5ddf.jpg
www.bleepstatic.com/author/photos/ 5 KB
5 KB 16ms
16ms Image
image/jpeg 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/author/photos/71f54ec34151fbdfe89e478d7b6e5ddf.jpg
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2a6bfabe65ca353e4359be32e10d40b8b514590b536dd93499bc1067e4bf6329

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status: HIT
age: 1337494
cf-polished: origSize=6170, status=webp_bigger
status: 200
cf-bgj: imgq:85
content-length: 4965
last-modified: Wed, 02 Jan 2019 02:04:38 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4f125b073ef6d901-AMS
expires: Thu, 21 Mar 2019 04:08:12 GMT

GET
H2 200 h4-bg.png
www.bleepstatic.com/images/site/ 72 B
169 B 15ms
15ms Image
image/png 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/h4-bg.png
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4bb3aaeb6bd2ba6d6c88f1497a5b86b2dba5ed0a39dcdbe82ee94dd06990e146

Request headers

Referer: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status: HIT
last-modified: Sat, 04 Mar 2017 20:46:52 GMT
server: cloudflare
age: 921359
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4f125b073ef8d901-AMS
access-control-allow-origin: *
content-length: 72
expires: Sat, 25 May 2019 00:08:06 GMT

GET
H2 200 news_email_icon.png
www.bleepstatic.com/images/site/ 126 B
294 B 19ms
19ms Image
image/webp 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/news_email_icon.png
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c42933014424dabb2256a0732a9f792559d26ba09a84308c278f52834522f9a

Request headers

Referer: https://www.bleepstatic.com/css/redesign/home.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status: HIT
age: 160332
cf-polished: origFmt=png, origSize=1105
status: 200
content-disposition: inline; filename="news_email_icon.webp"
cf-bgj: imgq:85
content-length: 126
last-modified: Fri, 29 May 2015 07:10:12 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4f125b073efbd901-AMS
expires: Thu, 01 Aug 2019 19:35:50 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v19/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81b::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v19/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2

Requested by

Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900
Origin: https://www.bleepingcomputer.com

Response headers

date: Mon, 03 Jun 2019 02:07:31 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Mar 2019 20:14:42 GMT
server: sffe
age: 2728831
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11180
x-xss-protection: 0
expires: Tue, 02 Jun 2020 02:07:31 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v19/ 11 KB
11 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:81b::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v19/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900
Origin: https://www.bleepingcomputer.com

Response headers

date: Tue, 25 Jun 2019 12:04:33 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Mar 2019 20:12:38 GMT
server: sffe
age: 792209
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11056
x-xss-protection: 0
expires: Wed, 24 Jun 2020 12:04:33 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81b::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-91740-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a4883cce814b6793c5bd6dd3639d6048ecab39a93a90b560d39a9fd0aff6e263

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 20 Jun 2019 21:35:04 GMT
server: Golfe2
age: 6024
date: Thu, 04 Jul 2019 14:27:38 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 17707
expires: Thu, 04 Jul 2019 16:27:38 GMT

GET
H2 200 news_footer_icon.png
www.bleepstatic.com/images/site/ 186 B
309 B 18ms
18ms Image
image/png 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/news_footer_icon.png
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/fixto/fixto.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 371e60eaea3df0bf53403a81ca0d49fad4e0c08dca679cf6a85300da15bf3208

Request headers

Referer: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status: HIT
last-modified: Sat, 04 Mar 2017 20:46:52 GMT
server: cloudflare
age: 1016763
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4f125b075f5cd901-AMS
access-control-allow-origin: *
content-length: 186
expires: Thu, 23 May 2019 21:41:26 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
171 B 15ms
15ms Script
application/javascript 2a00:1450:4001:81a::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.bleepingcomputer.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
171 B 17ms
17ms Script
application/javascript 2a00:1450:4001:81a::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.bleepingcomputer.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length: 104
x-xss-protection: 0

GET
H2 200 show_ads_impl.js Show response
pagead2.googlesyndication.com/pagead/js/r20190626/r20190131/ 212 KB
79 KB 29ms
28ms Script
text/javascript 216.58.210.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20190626/r20190131/show_ads_impl.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

cafe /

Resource Hash

b48a23e0a21cd52b881ce9db2678b6fef30f6d113f7dac0702accd0b54535cab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length: 80313
x-xss-protection: 0
server: cafe
etag: 3793796546524103168
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 04 Jul 2019 16:08:02 GMT

GET
H2 200 show_ads_impl.js Show response
pagead2.googlesyndication.com/pagead/js/r20190626/r20190131/ Frame 1CC3 212 KB
79 KB 30ms
30ms Script
text/javascript 216.58.210.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20190626/r20190131/show_ads_impl.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

cafe /

Resource Hash

b48a23e0a21cd52b881ce9db2678b6fef30f6d113f7dac0702accd0b54535cab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length: 80313
x-xss-protection: 0
server: cafe
etag: 3793796546524103168
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 04 Jul 2019 16:08:02 GMT

GET
H2 200 ca-pub-0920899300397823.js Show response
pagead2.googlesyndication.com/pub-config/r20160913/ 108 B
270 B 7ms
7ms Script
text/javascript 216.58.210.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pub-config/r20160913/ca-pub-0920899300397823.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

sffe /

Resource Hash

617229202229089622770a111fef4f514877475b89056525185a70e0cbc5bc95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 09:42:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sun, 30 Jun 2019 19:19:18 GMT
server: sffe
age: 23150
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=43200
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length: 118
x-xss-protection: 0
expires: Thu, 04 Jul 2019 21:42:12 GMT

GET
H2 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20190626/r20190131/ Frame A4FE 0
0 8ms
8ms Document
text/html 2a00:1450:4001:80b::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20190626/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20190626/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
vary: Accept-Encoding
date: Wed, 26 Jun 2019 23:46:27 GMT
expires: Wed, 10 Jul 2019 23:46:27 GMT
content-type: text/html; charset=UTF-8
etag: 10335953366553691058
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 7044
x-xss-protection: 0
cache-control: public, max-age=1209600
age: 663695
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
60 B 15ms
15ms Image
image/gif 216.58.210.2
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=rmvasft&code=ldr&branch=cntr

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Jul 2019 16:08:02 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cmp-3pc-check.html
static.quantcast.mgr.consensu.org/v21/ Frame 9049 0
0 6ms
6ms Document
text/html 2600:9000:200c:3c00:9:46dc:4700:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://static.quantcast.mgr.consensu.org/v21/cmp-3pc-check.html
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:200c:3c00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

:method: GET
:authority: static.quantcast.mgr.consensu.org
:scheme: https
:path: /v21/cmp-3pc-check.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status: 200
content-type: text/html
content-length: 583
last-modified: Tue, 02 Jul 2019 19:26:03 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Thu, 04 Jul 2019 16:07:38 GMT
etag: "2382c3f01978a379e8fa8bc1a3bec605"
age: 366
x-cache: Hit from cloudfront
via: 1.1 f2cdeae9faa9c871a27c20811b04af58.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2
x-amz-cf-id: 5xpNT2P0cFJGVzvD2C97UPV3W88VsaspoJonddYlREyKS0sZ7Bmzvw==

GET
H2 200 g Show response
ck.connatix.com/ 46 B
235 B 31ms
6ms Script
text/plain 2a04:4e42:3::645
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://ck.connatix.com/g?callback=cnxJSONP_0c435d0bff0945e9b3121562256482537
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1586/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:3::645 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: Varnish /
Resource Hash: b72f6419c4486301a876a6cd4ad048c88c327e50b4b070eea8b785441a0ce2ee

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
via: 1.1 varnish
server: Varnish
age: 0
x-cache: HIT
status: 200
cache-control: no-cache, no-store, must-revalidate, max-age=0
x-cache-hits: 0
accept-ranges: bytes
x-timer: S1562256483.568009,VS0,VE0
content-length: 46
retry-after: 0
x-served-by: cache-fra19131-FRA

GET
H2 200 TA505.jpg
www.bleepstatic.com/content/hl-images/2019/07/04/ 65 KB
65 KB 16ms
15ms Image
image/webp 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/content/hl-images/2019/07/04/TA505.jpg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e07b2c10204d548f9f08029da2c672bbe9b92ad7ec0a4a664cd5d9410ff2d32f

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status: HIT
age: 5276
cf-polished: qual=85, origFmt=jpeg, origSize=136558
status: 200
content-disposition: inline; filename="TA505.webp"
cf-bgj: imgq:85
content-length: 66444
last-modified: Thu, 04 Jul 2019 13:19:27 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4f125b07f8dad901-AMS
expires: Sat, 03 Aug 2019 14:40:06 GMT

GET
H2 200 292x176_Microsoft_Your_Phone_App.jpg
www.bleepstatic.com/content/hl-images/2019/04/26/thumb/ 3 KB
3 KB 17ms
16ms Image
image/webp 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/content/hl-images/2019/04/26/thumb/292x176_Microsoft_Your_Phone_App.jpg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c10ffebccfabdd702d6b76848d941d711f0bd3b48b621f780f33ee9968754d1

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status: HIT
age: 43265
cf-polished: qual=85, origFmt=jpeg, origSize=4265
status: 200
content-disposition: inline; filename="292x176_Microsoft_Your_Phone_App.webp"
cf-bgj: imgq:85
content-length: 2854
last-modified: Fri, 26 Apr 2019 11:13:26 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4f125b07f8dcd901-AMS
expires: Sat, 03 Aug 2019 04:06:57 GMT

GET
H2 200 292x176_cloudflare-logo-dark.jpg
www.bleepstatic.com/content/hl-images/2018/10/03/thumb/ 4 KB
4 KB 17ms
17ms Image
image/webp 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/content/hl-images/2018/10/03/thumb/292x176_cloudflare-logo-dark.jpg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a93d3ad73d2765c2bd1ab5347bd34a79c0e010df089d0db7bd56d6ae12d823c8

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status: HIT
age: 38933
cf-polished: qual=85, origFmt=jpeg, origSize=5621
status: 200
content-disposition: inline; filename="292x176_cloudflare-logo-dark.webp"
cf-bgj: imgq:85
content-length: 3732
last-modified: Wed, 03 Oct 2018 15:17:57 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4f125b07f8ded901-AMS
expires: Sat, 03 Aug 2019 05:19:09 GMT

GET
H2 200 jquery.fancybox.css
www.bleepstatic.com/js/redesign/fancybox/ 4 KB
1 KB 16ms
16ms Stylesheet
text/css 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/redesign/fancybox/jquery.fancybox.css
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e86593083facba2710a2312f26bd7b436d7ef299f99cbc2ccc1b32693ec3144

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
content-encoding: br
cf-cache-status: HIT
age: 2412107
cf-polished: origSize=4895
status: 200
cf-bgj: minify
last-modified: Wed, 14 Oct 2015 20:25:51 GMT
server: cloudflare
etag: W/"9108074"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 4f125b0808dfd901-AMS
expires: Thu, 28 Mar 2019 18:04:30 GMT

GET
H2 200 font-awesome.css
www.bleepstatic.com/css/redesign/ 22 KB
5 KB 17ms
16ms Stylesheet
text/css 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/css/redesign/font-awesome.css
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8733e2183f16906b2fa2e58fdab82cf336f249ab71ac1b184470da2dd3c6e29f

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
content-encoding: br
cf-cache-status: HIT
age: 125711
cf-polished: origSize=26776
status: 200
cf-bgj: minify
last-modified: Tue, 03 May 2016 04:39:29 GMT
server: cloudflare
etag: W/"1700274315"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 4f125b0808e0d901-AMS
expires: Wed, 03 Jul 2019 05:12:31 GMT

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
105 B 14ms
14ms Image
image/gif 2a00:1450:4001:81b::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j77&a=697304623&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ul=en-us&de=UTF-8&dt=New%20Backdoor%20and%20Malware%20Downloader%20Used%20in%20TA505%20Spam%20Campaigns&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=1385617556&gjid=1079698038&cid=222572338.1562256483&tid=UA-91740-1&_gid=862092559.1562256483&_r=1&gtm=2ou6k2&z=857878988

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Jul 2019 16:08:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cmpui-popup.js Show response
static.quantcast.mgr.consensu.org/v21/ 171 KB
52 KB 8ms
8ms Script
text/javascript 2600:9000:200c:3c00:9:46dc:4700:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://static.quantcast.mgr.consensu.org/v21/cmpui-popup.js
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:200c:3c00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 15b71fd1d87bc6d1e6ac7a19bd6e6da0fb324a76864fb566ba2bf528e94941cd

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 15:53:51 GMT
content-encoding: gzip
last-modified: Tue, 02 Jul 2019 19:26:02 GMT
server: AmazonS3
age: 1648
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
status: 200
x-amz-cf-pop: FRA2
x-amz-cf-id: YEGa4vAOOQcqAWnNyGcXe1RvalyJEvosvovKLMM2-1DojKQDs7DG7A==
via: 1.1 f2cdeae9faa9c871a27c20811b04af58.cloudfront.net (CloudFront)

GET
H2 200 pls Show response
core.connatix.com/ Frame 28B1 6 KB
3 KB 381ms
178ms Script
text/plain 18.207.76.63
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://core.connatix.com/pls?callback=jQuery321003990707453776676_1562256482534&token=83c6e833-8c07-474c-b10f-079d46320a80&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&c_v=1586_0_0_0_0&page_guid=48a814491ee745ef9ac71562256482571&spp=1&_=1562256482535
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1586/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.207.76.63 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-18-207-76-63.compute-1.amazonaws.com
Software: nginx/1.12.2 /
Resource Hash: e962fbdcbe0d66991b76f745535acba510e20197df301f5658bcb5774cbe44fb

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Thu, 04 Jul 2019 16:08:02 GMT
content-encoding: gzip
server: nginx/1.12.2
access-control-allow-origin: *

GET
H2 200 fontawesome-webfont.woff
www.bleepstatic.com/fonts/ 64 KB
64 KB 325ms
22ms Font
application/octet-stream 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/fonts/fontawesome-webfont.woff?v=4.2.0
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20190626/r20190131/show_ads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepstatic.com/css/redesign/font-awesome.css
Origin: https://www.bleepingcomputer.com

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status: HIT
last-modified: Thu, 23 Apr 2015 09:36:00 GMT
server: cloudflare
age: 6958
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
status: 200
accept-ranges: bytes
cf-ray: 4f125b0a2a2dd8bd-AMS
access-control-allow-origin: *
content-length: 65452

GET
H2 200 ads
googleads.g.doubleclick.net/pagead/ Frame EF0E 0
0 378ms
377ms Document
text/html 2a00:1450:4001:80b::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0920899300397823&output=html&h=500&slotname=4359266829&adk=3764243768&adf=155314479&w=834&cr_col=4&cr_row=2&fwrn=2&lmt=1562251157&rafmt=9&guci=1.2.0.0.2.2.0.0&format=834x500&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&flash=0&crui=image_stacked&fwr=0&wgl=1&adsid=NT&dt=1562256482487&bpp=11&bdt=247&fdt=97&idt=98&shv=r20190626&cbv=r20190131&saldr=aa&abxe=1&correlator=6460334598135&frm=20&pv=2&ga_vid=222572338.1562256483&ga_sid=1562256483&ga_hid=697304623&ga_fc=0&iag=0&icsg=549758443520&dssz=39&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=208&ady=5887&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=20040012%2C21060853&oid=3&rx=0&eae=0&fc=912&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=144&bc=31&osw_key=3733268371&ifi=1&uci=1.2axj1fxmmtpj&fsb=1&xpc=U0PhHsefNR&p=https%3A//www.bleepingcomputer.com&dtd=130

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20190626/r20190131/show_ads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-0920899300397823&output=html&h=500&slotname=4359266829&adk=3764243768&adf=155314479&w=834&cr_col=4&cr_row=2&fwrn=2&lmt=1562251157&rafmt=9&guci=1.2.0.0.2.2.0.0&format=834x500&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&flash=0&crui=image_stacked&fwr=0&wgl=1&adsid=NT&dt=1562256482487&bpp=11&bdt=247&fdt=97&idt=98&shv=r20190626&cbv=r20190131&saldr=aa&abxe=1&correlator=6460334598135&frm=20&pv=2&ga_vid=222572338.1562256483&ga_sid=1562256483&ga_hid=697304623&ga_fc=0&iag=0&icsg=549758443520&dssz=39&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=208&ady=5887&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=20040012%2C21060853&oid=3&rx=0&eae=0&fc=912&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=144&bc=31&osw_key=3733268371&ifi=1&uci=1.2axj1fxmmtpj&fsb=1&xpc=U0PhHsefNR&p=https%3A//www.bleepingcomputer.com&dtd=130
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 04 Jul 2019 16:08:02 GMT
server: cafe
content-length: 11572
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 04-Jul-2019 16:23:02 GMT; path=/; domain=.doubleclick.net
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
expires: Thu, 04 Jul 2019 16:08:02 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 75 KB
28 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:80b::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20190626/r20190131/show_ads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

3f479d74e8907a3aeaeae2931a63c6362b0134448a44b50e9913ce22440fa607

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1562152391643339"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length: 28126
x-xss-protection: 0
expires: Thu, 04 Jul 2019 16:08:02 GMT

GET
H2 200 ads
googleads.g.doubleclick.net/pagead/ Frame 0D71 0
0 20ms
19ms Document
text/html 2a00:1450:4001:80b::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0920899300397823&output=html&adk=1812271804&adf=3025194257&lmt=1562251157&plat=1%3A32776%2C2%3A16809992%2C8%3A32776%2C9%3A32776%2C16%3A8388608%2C30%3A34635776&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1562256482512&bpp=4&bdt=272&fdt=115&idt=115&shv=r20190626&cbv=r20190131&saldr=aa&abxe=1&prev_fmts=834x500&nras=1&correlator=6460334598135&frm=20&pv=1&ga_vid=222572338.1562256483&ga_sid=1562256483&ga_hid=697304623&ga_fc=0&iag=0&icsg=9345851465728&dssz=40&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=20040012%2C21060853&oid=3&rx=0&eae=2&fc=912&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&osw_key=2001182872&ifi=1&uci=1.6pq7fn9uozy2&fsb=1&dtd=119

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20190626/r20190131/show_ads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-0920899300397823&output=html&adk=1812271804&adf=3025194257&lmt=1562251157&plat=1%3A32776%2C2%3A16809992%2C8%3A32776%2C9%3A32776%2C16%3A8388608%2C30%3A34635776&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1562256482512&bpp=4&bdt=272&fdt=115&idt=115&shv=r20190626&cbv=r20190131&saldr=aa&abxe=1&prev_fmts=834x500&nras=1&correlator=6460334598135&frm=20&pv=1&ga_vid=222572338.1562256483&ga_sid=1562256483&ga_hid=697304623&ga_fc=0&iag=0&icsg=9345851465728&dssz=40&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=20040012%2C21060853&oid=3&rx=0&eae=2&fc=912&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&osw_key=2001182872&ifi=1&uci=1.6pq7fn9uozy2&fsb=1&dtd=119
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 04 Jul 2019 16:08:02 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 04-Jul-2019 16:23:02 GMT; path=/; domain=.doubleclick.net
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
expires: Thu, 04 Jul 2019 16:08:02 GMT
cache-control: private

GET
H2 200 gvl-proxy Show response
privacy-api-gateway.quantcast.com/ 80 KB
80 KB 697ms
697ms XHR
application/json 52.222.157.56
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://privacy-api-gateway.quantcast.com/gvl-proxy?version=
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.222.157.56 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-222-157-56.fra53.r.cloudfront.net
Software: /
Resource Hash: 0403883673c91b0c6dc85b135e6f222f76d1150a76b701a694389fe7151c97d3

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin: https://www.bleepingcomputer.com

Response headers

date: Thu, 04 Jul 2019 16:08:03 GMT
via: 1.1 0c23bed0dc9f1c700b571cf55c540239.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53
x-amzn-requestid: e6b1b996-9e75-11e9-b4f2-dd030cd01dd5
status: 200
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
x-amzn-trace-id: Root=1-5d1e2463-e4f6c76e8f826f2834b71ba0;Sampled=0
x-amz-apigw-id: cTqfeGLxPHcF7yg=
content-length: 81917
x-amz-cf-id: -yjqh19Qdcz0Pvv7gPLOkfrIuhBgAavhh0_hpfx9OTTe6YvTQqr08A==

GET
H2 200 / Show response
audit.quantcast.mgr.consensu.org/ 80 B
485 B 8ms
8ms XHR
text/html 52.222.157.150
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://audit.quantcast.mgr.consensu.org/?log=;1562256482642;BleepingComputer.com;;;;;;p,off,false,,1,en;CMP_Display:initializationdisplay,;Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F74.0.3729.169%20Safari%2F537.36
Requested by: Host: static.quantcast.mgr.consensu.org
URL: https://static.quantcast.mgr.consensu.org/v21/cmpui-popup.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.222.157.150 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-222-157-150.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin: https://www.bleepingcomputer.com

Response headers

date: Thu, 04 Jul 2019 08:07:54 GMT
via: 1.1 23082ff4de65f70078e091bc7cd0cf24.cloudfront.net (CloudFront)
vary: Origin
age: 30928
x-cache: Hit from cloudfront
status: 200
content-length: 80
last-modified: Mon, 11 Jun 2018 22:07:34 GMT
server: AmazonS3
etag: "0614149d8033903db5de46d6c184bbfd"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/html
access-control-allow-origin: *
x-amz-cf-pop: FRA53
accept-ranges: bytes
x-amz-cf-id: EKy_uzo3CIJS7c_CGPWfC8sQHk-PLFch87d8_GQuPmuG-mQoDSy2YQ==

GET
H/1.1 200
OK cookie Show response
d.pub.network/ 36 B
527 B 1493ms
112ms XHR
text/plain 35.188.71.214
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/cookie
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: 63540aac55b3e3ecc7561344b838c133d62ea472eb05b0b95e94ff51a22b4ffc

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin: https://www.bleepingcomputer.com

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Thu, 04 Jul 2019 16:08:04 GMT
Access-Control-Allow-Credentials: true
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H/1.1 200
OK gallery.js Show response
freestar-io.videoplayerhub.com/ 65 KB
16 KB 1057ms
8ms Script
application/javascript 54.192.94.221
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://freestar-io.videoplayerhub.com/gallery.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.192.94.221 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-54-192-94-221.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f9a20eea35d6b06258e603fb2d5d3258f81a91269676d134d122784035b201e6

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: ls2azlSsMmoE.w_cz9eSngF2qYZztiO_
Content-Encoding: gzip
Last-Modified: Wed, 03 Jul 2019 18:34:49 GMT
Server: AmazonS3
Age: 28
Date: Thu, 04 Jul 2019 16:07:51 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 ddd91cf4cd1b9310c0aee8953bc042e2.cloudfront.net (CloudFront)
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA2
Connection: keep-alive
X-Amz-Cf-Id: WtXy9lTo6DIQvL59xTddnL8BrQL-yE0OsVbUCAlUahqbRfeXOn-l2A==

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 34 KB
11 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:80b::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

59bd02350871b22df229e164c348ca96bd780f3af752920d54c12af1e90753d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "210 / 768 of 1000 / last-modified: 1562182658"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length: 11303
x-xss-protection: 0
expires: Thu, 04 Jul 2019 16:08:03 GMT

GET
H2 200 prebid-analytics-1.33.5.js Show response
a.pub.network/core/ 323 KB
97 KB 150ms
150ms Script
text/html 2606:4700:20::6819:bf72
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:bf72 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4a6ac1e8519aa132772c1f732514d4a2cbcd2143a90710b7656bc23024b4c85c

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:03 GMT
content-encoding: br
cf-cache-status: MISS
status: 200
x-guploader-uploadid: AEnB2Up6-mBH6iLtXhktJ0sonRgxCvDuIXvKn8zQMtFdeVLan8EOjjMIr1mqhHoXrFXMFpB3mL7QeVe-7yn3yoniLUQ8cqVCkw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
last-modified: Wed, 13 Mar 2019 15:07:05 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=xB2m2g==, md5=LUwj9S7PGmAQITSf93OXew==
content-type: text/html
x-goog-generation: 1552489625640716
cache-control: public, max-age=31536000
x-goog-stored-content-length: 330336
cf-ray: 4f125b0ab8ba971e-FRA
expires: Fri, 03 Jul 2020 16:08:03 GMT

GET
H/1.1 200
OK location Show response
d.pub.network/ 60 B
379 B 3505ms
111ms XHR
application/json 35.188.71.214
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/location
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: d763d322ed475baf9cc5d20ba7afc366affb34d3d059e4dd1c1825d5598c05cb

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Thu, 04 Jul 2019 16:08:06 GMT
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding: chunked
Content-Type: application/json

GET
DATA 200
OK truncated
/ 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 715 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK g Show response
rtb.connatix.com/ 95 B
290 B 10622ms
274ms Script
text/plain 3.214.45.211
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.connatix.com/g?c_pw=834&c_ph=469&c_tk=C018218D-4AD0-4E01-8158-045425E65946&c_bu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&c_ivt=0&connatix_sess=_R0QpgLOMiWrVBKI3rOZCq6NwtOQeRupqIGXm90wxMOP__4g_iM326pQ9AASfTGrnssPPktHS_v4nXyb9GTu9wAO8Mo6yeTCs8HilTnORHIYGD9JRxdmfk2nQpgBAkI8qA1ENyJWm_VdeUUdGWOZv90pjUPpGJdLeUf2J4v1YRD1zvTMPdRaf6KhzQ13ZIOM&notServed=false&xplr=false&c_s=false&c_pl=46wra552KZOJ2yS3xuNxdgupZ7kVkubw7Z7sjbfT46kTvfSv3ZAl9KORWyYuJT-USiIsCvhFBc3iEfePEMIiccjh9Zb8VRD2HZ_Ik0HaS8rGuyGv4tyl-RFCOSqBWdM405er6zKJ1gSCgTGm1i0LwT6huCDjcLI5-VM4am5F5Qm7-3rHeLcbPtmZa_-Krq1ieyP3SR9TPTo8AIUq6fqbGy_TKhWpVvAUi7T9KljN5LgBaol6zxSjQoy2jc5ZzQbV542gaXmKzvQSnNefby7fig&gdpr=1&med_id=639404&request_guid=d42b42751b31ce5390a71562256483056&req_no=0&v=1&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spa&c_v=1586_0_0_0_0&spp=1&callback=cnxJSONP_6ad89d71e273a5ada4ad1562256483056
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1586/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.214.45.211 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-214-45-211.compute-1.amazonaws.com
Software: nginx/1.12.2 /
Resource Hash: e1b6e0c08fd7396b3e41066605eb8525aa766d9723f9d7befafff9230dce1138

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 04 Jul 2019 16:08:13 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
Connection: keep-alive
Content-Length: 111

GET
H2 200 192.jpg
i.connatix.com/s3/connatix-uploads/af391ba1-47b0-4ff1-87cb-08a6df11845f/ 55 KB
55 KB 15ms
9ms Image
image/jpeg 2a04:4e42:3::645
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.connatix.com/s3/connatix-uploads/af391ba1-47b0-4ff1-87cb-08a6df11845f/192.jpg?mode=stretch&connatiximg=true&scale=both&height=469&width=834
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:3::645 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: 81825367feca0c5a8a82d656d4005c35f6810b2ba79b5f762dc6d8d52a5aee65

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 72506
x-cache: HIT, HIT
content-type: image/jpeg
status: 200
cache-control: max-age=31557600
x-cache-hits: 2, 1
accept-ranges: bytes
x-timer: S1562256483.068893,VS0,VE3
access-control-allow-origin: *
content-length: 56277
x-served-by: cache-sjc3147-SJC, cache-fra19131-FRA

GET
H2 200 1.jpg
i.connatix.com/s3/connatix-uploads/585e8737-0d24-4773-b869-3456a37442a0/ 71 KB
71 KB 27ms
21ms Image
image/jpeg 2a04:4e42:3::645
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.connatix.com/s3/connatix-uploads/585e8737-0d24-4773-b869-3456a37442a0/1.jpg?mode=crop&width=1001&height=563
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:3::645 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: 997f05063c2d0432532617092401abf909c6bfec2f334a0866ea69f62dc7dee4

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 72506
x-cache: HIT, HIT
content-type: image/jpeg
status: 200
cache-control: max-age=31557600
x-cache-hits: 1, 1
accept-ranges: bytes
x-timer: S1562256483.069021,VS0,VE3
access-control-allow-origin: *
content-length: 72456
x-served-by: cache-sjc3150-SJC, cache-fra19131-FRA

GET
H2 200 1.jpg
i.connatix.com/s3/connatix-uploads/cbe77c62-0484-49a6-b566-bb09ec04e44e/ 19 KB
20 KB 15ms
9ms Image
image/jpeg 2a04:4e42:3::645
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.connatix.com/s3/connatix-uploads/cbe77c62-0484-49a6-b566-bb09ec04e44e/1.jpg?mode=crop&width=1001&height=563
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:3::645 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: 8e954013ce3d11bb4a2d90be6031b5b5791042d9c2342b5217919400f97d1d67

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 72506
x-cache: HIT, HIT
content-type: image/jpeg
status: 200
cache-control: max-age=31557600
x-cache-hits: 2, 5
accept-ranges: bytes
x-timer: S1562256483.068974,VS0,VE3
access-control-allow-origin: *
content-length: 19888
x-served-by: cache-sjc3123-SJC, cache-fra19131-FRA

GET
H2 200 1.jpg
i.connatix.com/s3/connatix-uploads/1528a1e0-b56d-48f1-b1da-ab48bbc132dc/ 77 KB
77 KB 44ms
38ms Image
image/jpeg 2a04:4e42:3::645
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.connatix.com/s3/connatix-uploads/1528a1e0-b56d-48f1-b1da-ab48bbc132dc/1.jpg?mode=crop&width=1001&height=563
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:3::645 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: dfbcd1d3294ae6081667312698549af43eb228cfc9420f8a0cace7fde85024c7

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 72506
x-cache: HIT, HIT
content-type: image/jpeg
status: 200
cache-control: max-age=31557600
x-cache-hits: 1, 1
accept-ranges: bytes
x-timer: S1562256483.069003,VS0,VE4
access-control-allow-origin: *
content-length: 78856
x-served-by: cache-sjc3133-SJC, cache-fra19131-FRA

GET
H2 200 1.jpg
i.connatix.com/s3/connatix-uploads/91f46b7c-f890-4f30-a148-c48616c0a485/ 101 KB
101 KB 44ms
38ms Image
image/jpeg 2a04:4e42:3::645
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.connatix.com/s3/connatix-uploads/91f46b7c-f890-4f30-a148-c48616c0a485/1.jpg?mode=crop&width=1001&height=563
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:3::645 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: 9dddc21cf89952794214b58f9ec5cc841ec6525bc7f8facf5515e851898d7930

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 72506
x-cache: HIT, HIT
content-type: image/jpeg
status: 200
cache-control: max-age=31557600
x-cache-hits: 1, 1
accept-ranges: bytes
x-timer: S1562256483.069020,VS0,VE8
access-control-allow-origin: *
content-length: 103456
x-served-by: cache-sjc3131-SJC, cache-fra19131-FRA

GET
H2 200 1.jpg
i.connatix.com/s3/connatix-uploads/2f38ede3-6035-4690-8160-3eed2ff5abfe/ 86 KB
86 KB 35ms
29ms Image
image/jpeg 2a04:4e42:3::645
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.connatix.com/s3/connatix-uploads/2f38ede3-6035-4690-8160-3eed2ff5abfe/1.jpg?mode=crop&width=1001&height=563
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:3::645 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: 617c4b646dbae0aed90fabe2e8a98b09b57cd32ba518dfcb276dbd12fa86d9dc

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 72506
x-cache: HIT, HIT
content-type: image/jpeg
status: 200
cache-control: max-age=31557600
x-cache-hits: 2, 1
accept-ranges: bytes
x-timer: S1562256483.069047,VS0,VE4
access-control-allow-origin: *
content-length: 88426
x-served-by: cache-sjc3141-SJC, cache-fra19131-FRA

GET
H2 200 bleeping-computerlogo-lg.png
www.bleepstatic.com/logos/ 7 KB
7 KB 16ms
16ms Image
image/webp 104.24.1.61
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/logos/bleeping-computerlogo-lg.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a56e644a617b2d1e4e7d808dfc334a7ea8622979f22999dc9eccd21c61958b3

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:03 GMT
cf-cache-status: HIT
age: 160332
cf-polished: origFmt=png, origSize=15281
status: 200
content-disposition: inline; filename="bleeping-computerlogo-lg.webp"
cf-bgj: imgq:85
content-length: 7156
last-modified: Wed, 07 Jan 2015 22:52:15 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 4f125b0b2f97d901-AMS
expires: Thu, 01 Aug 2019 19:35:51 GMT

GET
H2 200 0_th_1.jpg
i.connatix.com/s3/connatix-videos/af391ba1-47b0-4ff1-87cb-08a6df11845f/ Frame 28B1 23 KB
21 KB 26ms
26ms Image
image/jpeg 2a04:4e42:3::645
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.connatix.com/s3/connatix-videos/af391ba1-47b0-4ff1-87cb-08a6df11845f/0_th_1.jpg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:3::645 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: c3034d0370c5faa09e7a8d7b0c48925afa0371cf17e4827dde23059f56019dae

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:03 GMT
content-encoding: gzip
age: 9739712
x-cache: HIT, HIT
content-type: image/jpeg
status: 200
cache-control: max-age=31557600
x-cache-hits: 4, 316
accept-ranges: bytes
x-timer: S1562256483.090281,VS0,VE0
access-control-allow-origin: *
content-length: 21768
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-sjc3151-SJC, cache-fra19131-FRA

GET av
connatix-d.openx.net/v/1.0/ Frame 28B1 0
0

GET
H/1.1 200
OK g Show response
rtb.connatix.com/ 91 B
284 B 10724ms
114ms Script
text/plain 3.214.45.211
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.connatix.com/g?c_pw=834&c_ph=470&c_tk=C018218D-4AD0-4E01-8158-045425E65946&c_bu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&c_ivt=0&connatix_sess=_R0QpgLOMiWrVBKI3rOZCq6NwtOQeRupqIGXm90wxMOP__4g_iM326pQ9AASfTGrnssPPktHS_v4nXyb9GTu9wAO8Mo6yeTCs8HilTnORHIYGD9JRxdmfk2nQpgBAkI8qA1ENyJWm_VdeUUdGWOZv90pjUPpGJdLeUf2J4v1YRD1zvTMPdRaf6KhzQ13ZIOM&notServed=false&xplr=false&c_s=false&c_pl=46wra552KZOJ2yS3xuNxdgupZ7kVkubw7Z7sjbfT46kTvfSv3ZAl9KORWyYuJT-USiIsCvhFBc3iEfePEMIiccjh9Zb8VRD2HZ_Ik0HaS8rGuyGv4tyl-RFCOSqBWdM405er6zKJ1gSCgTGm1i0LwT6huCDjcLI5-VM4am5F5Qm7-3rHeLcbPtmZa_-Krq1ieyP3SR9TPTo8AIUq6fqbGy_TKhWpVvAUi7T9KljN5LgBaol6zxSjQoy2jc5ZzQbV542gaXmKzvQSnNefby7fig&gdpr=1&med_id=639404&request_guid=e7e6f2a27804eeb6bced1562256483070&req_no=1&v=2&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spa&c_v=1586_0_0_0_0&spp=1&callback=cnxJSONP_3dbedcce80a2cbf5a8601562256483070
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1586/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.214.45.211 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-214-45-211.compute-1.amazonaws.com
Software: nginx/1.12.2 /
Resource Hash: aa31bb772fdd92bb221e655d1e2a35355f81dd46596ec916c93b2363d6cec339

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 04 Jul 2019 16:08:13 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
Connection: keep-alive
Content-Length: 105

GET
H2 200 pubads_impl_2019062401.js Show response
securepubads.g.doubleclick.net/gpt/ 150 KB
55 KB 42ms
41ms Script
text/javascript 172.217.21.194
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019062401.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s12-in-f2.1e100.net

Software

sffe /

Resource Hash

e0f09beb5ea460cffea7b53b219f1e88baf6a0c9c2d125294652998209addc15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 24 Jun 2019 13:05:11 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 56392
x-xss-protection: 0
expires: Thu, 04 Jul 2019 16:08:03 GMT

GET
H/1.1 200
OK r
trk.connatix.com/ Frame 28B1 0
153 B 4337ms
95ms Image
text/plain 23.22.162.56
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trk.connatix.com/r?connatix_sess=_R0QpgLOMiWrVBKI3rOZCq6NwtOQeRupqIGXm90wxMOP__4g_iM326pQ9AASfTGrnssPPktHS_v4nXyb9GTu9wAO8Mo6yeTCs8HilTnORHIYGD9JRxdmfk2nQpgBAkI8qA1ENyJWm_VdeUUdGWOZv90pjUPpGJdLeUf2J4v1YRD1zvTMPdRaf6KhzQ13ZIOM&videoID=639404&c_pl=46wra552KZOJ2yS3xuNxdgupZ7kVkubw7Z7sjbfT46kTvfSv3ZAl9KORWyYuJT-USiIsCvhFBc3iEfePEMIiccjh9Zb8VRD2HZ_Ik0HaS8rGuyGv4tyl-RFCOSqBWdM405er6zKJ1gSCgTGm1i0LwT6huCDjcLI5-VM4am5F5Qm7-3rHeLcbPtmZa_-Krq1ieyP3SR9TPTo8AIUq6fqbGy_TKhWpVvAUi7T9KljN5LgBaol6zxSjQoy2jc5ZzQbV542gaXmKzvQSnNefby7fig&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spa&c_v=1586_0_0_0_0&spp=1
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.22.162.56 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-23-22-162-56.compute-1.amazonaws.com
Software: nginx/1.12.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 04 Jul 2019 16:08:07 GMT
Server: nginx/1.12.2
Connection: keep-alive
Content-Length: 0

GET sync.html
s.adtelligent.com/ Frame 8D3C 0
0

GET
H/1.1 200
OK v2 Show response
d.pub.network/floors/ 1 KB
2 KB 1421ms
114ms XHR
application/json 35.188.71.214
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/floors/v2?key=535desktop
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: 484df960f879a28860a2cb182c0e717fda77babf0d4378343ba63723cc948649

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Thu, 04 Jul 2019 16:08:04 GMT
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding: chunked
Content-Type: application/json

GET
H/1.1 200
OK clr
trk.connatix.com/ Frame 28B1 0
153 B 4382ms
95ms Image
text/plain 23.22.162.56
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trk.connatix.com/clr?c_vid=639404&id_cl=35ab2cb94b538b8693921562256483031&c_pl=46wra552KZOJ2yS3xuNxdgupZ7kVkubw7Z7sjbfT46kTvfSv3ZAl9KORWyYuJT-USiIsCvhFBc3iEfePEMIiccjh9Zb8VRD2HZ_Ik0HaS8rGuyGv4tyl-RFCOSqBWdM405er6zKJ1gSCgTGm1i0LwT6huCDjcLI5-VM4am5F5Qm7-3rHeLcbPtmZa_-Krq1ieyP3SR9TPTo8AIUq6fqbGy_TKhWpVvAUi7T9KljN5LgBaol6zxSjQoy2jc5ZzQbV542gaXmKzvQSnNefby7fig&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spa&c_v=1586_0_0_0_0&spp=1
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.22.162.56 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-23-22-162-56.compute-1.amazonaws.com
Software: nginx/1.12.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 04 Jul 2019 16:08:07 GMT
Server: nginx/1.12.2
Connection: keep-alive
Content-Length: 0

GET
H2 404 CookieAccess Show response
api.quantcast.mgr.consensu.org/ 30 B
592 B 138ms
137ms XHR
application/json 52.222.157.91
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api.quantcast.mgr.consensu.org/CookieAccess
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.222.157.91 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-222-157-91.fra53.r.cloudfront.net
Software: /
Resource Hash: 5a4061ff8312e2ad494bd984b7df966438232be64a3b284ab69f66c6705009a6

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin: https://www.bleepingcomputer.com

Response headers

date: Thu, 04 Jul 2019 16:08:03 GMT
content-encoding: gzip
x-amz-cf-pop: FRA53
x-amzn-requestid: e706b741-9e75-11e9-8d30-29f37c3e5186
x-cache: Error from cloudfront
status: 404
x-amz-apigw-id: cTqfjG-SoAMFm0Q=
content-length: 50
access-control-allow-origin: https://www.bleepingcomputer.com
x-amzn-trace-id: Root=1-5d1e2463-3eba02a04112fb80c84887ec;Sampled=0
vary: Origin
access-control-allow-methods: GET, POST
content-type: application/json
via: 1.1 ec27b2a550cb7db6ef54f74603010b29.cloudfront.net (CloudFront)
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
x-amz-cf-id: 8ZU8uzibmHQtQ8BMnkplIweuc0lYfe9eG68kqMQo6eIoVlcjLbhiow==

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 87562d3773ffab3d0716a70faa73c38b322fde3b8f265c3d646a3cea976ef67e

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 / Show response
audit.quantcast.mgr.consensu.org/ 80 B
485 B 8ms
8ms XHR
text/html 52.222.157.150
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://audit.quantcast.mgr.consensu.org/?log=;1562256483940;BleepingComputer.com;;;;;;p,off,false,,1,en;Shown,;Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F74.0.3729.169%20Safari%2F537.36
Requested by: Host: static.quantcast.mgr.consensu.org
URL: https://static.quantcast.mgr.consensu.org/v21/cmpui-popup.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.222.157.150 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-222-157-150.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin: https://www.bleepingcomputer.com

Response headers

date: Sun, 05 May 2019 01:42:24 GMT
via: 1.1 23082ff4de65f70078e091bc7cd0cf24.cloudfront.net (CloudFront)
vary: Origin
age: 18359
x-cache: Hit from cloudfront
status: 200
content-length: 80
last-modified: Mon, 11 Jun 2018 22:07:34 GMT
server: AmazonS3
etag: "0614149d8033903db5de46d6c184bbfd"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/html
access-control-allow-origin: *
x-amz-cf-pop: FRA53
accept-ranges: bytes
x-amz-cf-id: BOX17XFgFn5jJafeqL_9crG9HrBG0Ztd-fHWkKTD3NaRTLDdjFBw_A==

GET
H2 200 beacon.js Show response
ad-delivery.net/ 1 KB
983 B 535ms
12ms Script
application/x-javascript 52.222.157.166
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://ad-delivery.net/beacon.js
Requested by: Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.222.157.166 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-222-157-166.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7e94fbebf526effec4239c82e5435a412d81ffc4bc9bddf13f9aa1170f6d803e

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
last-modified: Tue, 31 Jan 2017 15:06:54 GMT
server: AmazonS3
age: 3305
date: Thu, 04 Jul 2019 15:13:00 GMT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
x-amz-cf-pop: FRA53
x-amz-cf-id: ePgwcL18eQx5pGh9z-s99n1x0IR5n0vrgmJHaB_YTDUQd30tUkvsuw==
via: 1.1 0c23bed0dc9f1c700b571cf55c540239.cloudfront.net (CloudFront)

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 165 KB
21 KB 502ms
502ms XHR
text/javascript 172.217.21.194
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=328194120199512&correlator=2543648827122582&output=json_html&callback=googletag.impl.pubads.callbackProxy1&impl=fifs&adsid=NT&json_a=1&eid=21062797%2C21063636%2C21063817%2C21063991%2C21064055%2C21064076&vrg=2019062401&guci=1.2.0.0.2.2.0.0&plat=1%3A32776%2C2%3A16809992%2C8%3A134250504&sc=1&sfv=1-0-35&ecs=20190704&iu_parts=15184186%2Cbleepingcomputer_728x90_970x90_970x250_320x50_ATF%2Cbleepingcomputer_728x90_970x90_970x250_320x50_BTF%2Cbleepingcomputer_300x250_300x600_160x600_Right_1%2Cbleepingcomputer_300x250_300x600_160x600_Right_2%2Cbleepingcomputer_728x90_320x50_InContent_1%2Cbleepingcomputer_1x1%2Cbleepingcomputer_300x250_300x600_160x600_Right_3&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7&prev_iu_szs=728x90%7C970x90%7C970x250%2C728x90%7C970x90%7C970x250%2C300x250%7C300x600%2C300x250%7C300x600%2C728x90%2C1x1%2C300x250%7C300x600&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1562251157&dt=1562256484428&dlt=1562256482241&idt=889&frm=20&biw=1600&bih=1200&oid=3&adxs=436%2C436%2C1082%2C1082%2C268%2C800%2C1082&adys=146%2C7211%2C322%2C1131%2C5788%2C7717%2C1656&adks=960084856%2C976516616%2C771041174%2C2389526111%2C4047242158%2C2635258439%2C523518761&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7&ifi=2&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&dssz=47&icsg=600333359783936&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1170x120%7C1200x90%7C306x250%7C306x250%7C834x90%7C1600x7718%7C306x250&msz=1170x90%7C1170x90%7C306x250%7C306x250%7C834x90%7C1600x1%7C306x250&blev=1&bisch=1&ga_vid=222572338.1562256483&ga_sid=1562256483&ga_hid=697304623&fws=4%2C4%2C4%2C4%2C4%2C4%2C4&ohw=1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019062401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s12-in-f2.1e100.net

Software

cafe /

Resource Hash

13fb0f2063e0add7533ab42e3da469b39750272c7e7d5f0c9036e962477e9e40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin: https://www.bleepingcomputer.com

Response headers

date: Thu, 04 Jul 2019 16:08:04 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,94808,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 21826
x-xss-protection: 0
google-lineitem-id: -1,-2,-1,-1,-2,4893662829,-1
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -1,-2,-1,-1,-2,138254592126,-1
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_rendering_2019062401.js Show response
securepubads.g.doubleclick.net/gpt/ 66 KB
25 KB 42ms
42ms Script
text/javascript 172.217.21.194
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019062401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s12-in-f2.1e100.net

Software

sffe /

Resource Hash

24bc4ac03a5f89c3d38f9e173dc4a03fef2adb635d628f0341198b8d00548c5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 24 Jun 2019 13:05:11 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 25543
x-xss-protection: 0
expires: Thu, 04 Jul 2019 16:08:04 GMT

GET container.html
tpc.googlesyndication.com/safeframe/1-0-35/html/ 0
0

GET
H/1.1 200
OK quant.js Show response
secure.quantserve.com/ 12 KB
6 KB 121ms
28ms Script
application/x-javascript 91.228.74.238
Quantcast Corpora...

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.228.74.238 , United Kingdom, ASN27281 (QUANTCAST - Quantcast Corporation, US),
Reverse DNS
Software: QS /
Resource Hash: 404a9b0ffbcc813e8ddbb8d8510a24a69c09079282f8083ee94f4adc5d627176

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 04 Jul 2019 16:08:04 GMT
Content-Encoding: gzip
Last-Modified: Thu, 04-Jul-2019 16:08:04 GMT
Server: QS
ETag: M0-e2b9884a
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=604800
Connection: keep-alive
Content-Length: 5456
Expires: Thu, 11 Jul 2019 16:08:04 GMT

GET bxl.js
hbx.media.net/ 0
0

GET
H/1.1 200
OK beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 8ms
7ms Script
application/x-javascript 2.19.43.224
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.43.224 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-43-224.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: d0fd74148f4cbe78bd0e6328dc5ce5955f0a0ecdb1eb2919da4a7e596ac65912

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 04 Jul 2019 16:08:04 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=86400
Connection: keep-alive
Content-Length: 901
Expires: Fri, 05 Jul 2019 16:08:04 GMT

GET
H/1.1 200
OK load.js Show response
s.ntv.io/serve/ 270 KB
79 KB 7400ms
48ms Script
application/x-javascript 23.210.250.13
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s.ntv.io/serve/load.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.250.13 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-210-250-13.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 7c10ea3dddd1f12b4086c60b9512bf7f6a71b4a5164dc484df9d70ad77d3f613

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 04 Jul 2019 16:08:11 GMT
Content-Encoding: gzip
x-amz-request-id: 172D8C1513C3E8E3
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
x-amz-id-2: C0e7Iu7+VCYvd5niRPipWGJVkWTNf8Gpfu0mkyLPlXfaAxyiAvTkOs5xDLadckiovpAzBq/LMd4=
Last-Modified: Wed, 03 Jul 2019 02:59:45 GMT
Server: AmazonS3
ETag: "e17b083ceffa2f21f559afc4746efcd6"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK null Show response
d.pub.network/rfm/cookie/ 3 B
321 B 184ms
113ms XHR
application/json 35.188.71.214
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/rfm/cookie/null
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: 8eb95bcbc154530931e15fc418c8b1fe991095671409552099ea1aa596999ede

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Thu, 04 Jul 2019 16:08:04 GMT
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding: chunked
Content-Type: application/json

GET
H/1.1 200
OK classification Show response
d.pub.network/ 3 B
321 B 298ms
114ms XHR
application/json 35.188.71.214
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/classification?siteId=535&pageUrl=https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: 8eb95bcbc154530931e15fc418c8b1fe991095671409552099ea1aa596999ede

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Thu, 04 Jul 2019 16:08:04 GMT
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding: chunked
Content-Type: application/json

GET
H/1.1

204
No Content

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_ucfr=1&ns__t=1562256484507&ns_c=UTF-8&cv=3.1&c8=New%20Backdoor%20and%20Malware%20Downloader%20Used%20in%20TA505%20Spam%20Campaigns&c7=https%3A...
https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1562256484507&ns_c=UTF-8&cv=3.1&c8=New%20Backdoor%20and%20Malware%20Downloader%20Used%20in%20TA505%20Spam%20Campaigns&c7=https%3...

0
248 B

56ms
56ms

Image
text/plain

2.19.43.224
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1562256484507&ns_c=UTF-8&cv=3.1&c8=New%20Backdoor%20and%20Malware%20Downloader%20Used%20in%20TA505%20Spam%20Campaigns&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&c9=
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.43.224 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-43-224.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 04 Jul 2019 16:08:04 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1562256484507&ns_c=UTF-8&cv=3.1&c8=New%20Backdoor%20and%20Malware%20Downloader%20Used%20in%20TA505%20Spam%20Campaigns&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&c9=
Pragma: no-cache
Date: Thu, 04 Jul 2019 16:08:04 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rules-p-UeXruRVtZz7w6.js Show response
rules.quantcount.com/ 2 KB
1 KB 23ms
7ms Script
application/x-javascript 2600:9000:2047:7c00:6:44e3:f8c0:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-UeXruRVtZz7w6.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2047:7c00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a7b5f5f96f81dea4efc53e1d4dae8b37c28bec27a45b42ccf604ee759e20caec

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 15:53:27 GMT
content-encoding: gzip
last-modified: Thu, 07 Dec 2017 17:06:25 GMT
server: AmazonS3
age: 886
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
x-amz-cf-pop: FRA53
x-amz-cf-id: nY5PuM_xKVj8u6cxizzVb6tN8NP2Y-kdygrBBYBs8Sxai11wqf7Z_A==
via: 1.1 a56a2e7149e67774870adaf614e87aa1.cloudfront.net (CloudFront)

GET
H/1.1 200
OK jquery.color-2.1.2.min.js Show response
cluster-na.cdnjquery.com/color/ 136 B
379 B 638ms
97ms Script
text/javascript 3.92.90.105
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://cluster-na.cdnjquery.com/color/jquery.color-2.1.2.min.js?integrity=sha256_H28SdxWrZ387Ldn0qogCzFiUDDxfPiNIyJX7BECQkDE&checksum=%7B%22cbc%22%3A0%2C%22st%22%3A2%2C%22au%22%3A%5B%5D%2C%22hau%22%3A%5B%5D%2C%22ref%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F%22%2C%22aa%22%3A3%2C%22pgid%22%3A%22ee912663-7d7c-f1c1-8c63-767fdd8ed69a%22%2C%22v%22%3A1%2C%22format%22%3A%22jsonp%22%7D&o=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F

Requested by

Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.92.90.105 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-3-92-90-105.compute-1.amazonaws.com

Software

nginx/1.12.1 /

Resource Hash

aecba7ee3870c0d979df93f73bd566149bef7cc74cd1f3894751cef44a217340

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 04 Jul 2019 16:08:05 GMT
Content-Encoding: gzip
Server: nginx/1.12.1
ETag: W/"88-t+IXrzn28oO9Zii6R9GUjy0i75M"
X-Frame-Options: DENY
Content-Type: text/javascript; charset=utf-8
Charset: utf8
Connection: keep-alive
Content-Length: 106

GET
H2 200 px.gif
ad-delivery.net/ 43 B
383 B 34ms
13ms Image
image/gif 52.222.157.166
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.31652776252388737
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.222.157.166 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-222-157-166.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 0c23bed0dc9f1c700b571cf55c540239.cloudfront.net (CloudFront)
last-modified: Thu, 27 Jul 2017 18:59:05 GMT
server: AmazonS3
age: 44181
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
x-cache: Hit from cloudfront
content-type: image/gif
status: 200
date: Thu, 04 Jul 2019 04:51:57 GMT
x-amz-cf-pop: FRA53
accept-ranges: bytes
content-length: 43
x-amz-cf-id: OE1NdVTkolziLwBMEge5KsmqIq5OjMjJwrOse1eclfxkTUb0VQ475g==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 53 KB
17 KB 24ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

657f79c4d5a6ea502202651151811d195b49cf9cf22fd7f8edaeefe2f8cc8fc4

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
content-length: 16120
x-xss-protection: 0
pragma: public
x-fb-debug: S74ZR7+Bun5K6rwq3c8QyxMSxU1eO5vVxN059yb2+G9egWEmlwCnzdqvCj8EkFQH7w783EiDTWgBF++sfVSrpg==
x-fb-trip-id: 997090344
date: Thu, 04 Jul 2019 16:08:04 GMT
x-frame-options: DENY
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 134240187179576 Show response
connect.facebook.net/signals/config/ 228 KB
61 KB 10ms
10ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/134240187179576?v=2.8.51&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

8d9c3e3cfba892b2954a9c28ec67162355632750aa8b45d55323b04bc29ae61b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
content-length: 61414
x-xss-protection: 0
pragma: public
x-fb-debug: tfdtGaW4FqDMXm1FohT9htnSae8ZOYae2yGLkX9AopNKSYbgho0jzVnIP73tInUFKj/KkhyGrQXsqqLPNwk8PQ==
x-fb-trip-id: 997090344
date: Thu, 04 Jul 2019 16:08:04 GMT
x-frame-options: DENY
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 inferredEvents.js Show response
connect.facebook.net/signals/plugins/ 1 KB
897 B 6ms
5ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/plugins/inferredEvents.js?v=2.8.51

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

cd1c301a8e7960a1786e2a959226b0b78b56dbea284bd114265f1662d6ca280e

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
content-length: 772
x-xss-protection: 0
pragma: public
x-fb-debug: Nasu1IoBmM+TAmGyrfJyAHwvcx9RIH8931DS29i6FM56xuS7bRSz4jacqfdfAWH/2iWo+Mwi1/HpA+hl1Tt6Pg==
x-fb-trip-id: 997090344
date: Thu, 04 Jul 2019 16:08:04 GMT
x-frame-options: DENY
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
325 B 20ms
8ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=134240187179576&ev=PageView&dl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&rl=&if=false&ts=1562256484913&sw=1600&sh=1200&v=2.8.51&r=stable&ec=0&o=30&fbp=fb.1.1562256484912.816602121&it=1562256484852&coo=false&rqm=GET

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:04 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Thu, 04 Jul 2019 16:08:04 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
201 B 20ms
8ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=134240187179576&ev=ViewContent&dl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&rl=&if=false&ts=1562256484915&cd[freestar]=b640f9dd-b801-4882-bf19-ea168755b7b9&cd[client]=392&cd[site]=535&cd[page]=08e731c8279655e953399c839d4b9e5d&sw=1600&sh=1200&v=2.8.51&r=stable&ec=1&o=30&fbp=fb.1.1562256484912.816602121&it=1562256484852&coo=false&rqm=GET

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:04 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Thu, 04 Jul 2019 16:08:04 GMT

GET
H2 200 amp4ads-host-v0.js Show response
cdn.ampproject.org/rtv/011906111828200/ 21 KB
7 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:819::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906111828200/amp4ads-host-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019062401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

642c8587ff06ea6a9e3721711e6614013a1bc8de1b3bd4858b0d1354c94ff90c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 776299
status: 200
date: Tue, 25 Jun 2019 16:29:46 GMT
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 7448
x-xss-protection: 0
server: sffe
etag: "1cc596a9ee26a2dc"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Wed, 24 Jun 2020 16:29:46 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/011906111828200/ Frame C487 280 KB
75 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:819::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

8676b3b80defc341e5127a20ae48918c79b8359fe0e420617fd71c696dc4f12d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 1277563
status: 200
date: Wed, 19 Jun 2019 21:15:22 GMT
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 76683
x-xss-protection: 0
server: sffe
etag: "aa77f575ea191da7"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Thu, 18 Jun 2020 21:15:22 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/011906111828200/v0/ Frame C487 13 KB
5 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:819::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906111828200/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

2aadba5dea3cad3a2f2e2a79d88f06a4f3edb86f006f4b19c74d9e1024210bb6

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 684338
status: 200
date: Wed, 26 Jun 2019 18:02:27 GMT
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 4947
x-xss-protection: 0
server: sffe
etag: "ce2100eb3b0bf746"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Thu, 25 Jun 2020 18:02:27 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/011906111828200/v0/ Frame C487 142 KB
39 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:819::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906111828200/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

62cf9551be94b96eec2590b6a832fdf0de816e7d9dcb2a2b4b9b72600417ecfb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 1770908
status: 200
date: Fri, 14 Jun 2019 04:12:57 GMT
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 39575
x-xss-protection: 0
server: sffe
etag: "7fabe51ad24fb167"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Sat, 13 Jun 2020 04:12:57 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/011906111828200/v0/ Frame C487 4 KB
2 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:819::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906111828200/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

1ac1a6cf332c82c845d01d21e9a5f5b948d5ffc940879424718fe1a31111c4a8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 785681
status: 200
date: Tue, 25 Jun 2019 13:53:24 GMT
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 1469
x-xss-protection: 0
server: sffe
etag: "26f329c266c7e32f"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Wed, 24 Jun 2020 13:53:24 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/011906111828200/v0/ Frame C487 42 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:819::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906111828200/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

6cdf7da1776d10b40ed376754ae484da1c1aee3ce7c586c86131e8f3db1376c7

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 684337
status: 200
date: Wed, 26 Jun 2019 18:02:28 GMT
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 13486
x-xss-protection: 0
server: sffe
etag: "78de12916ef67b51"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Thu, 25 Jun 2020 18:02:28 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame C487 7 KB
724 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:815::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,500&lang=en

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

2450e4fd2687e1fe032d4931d6b21a25ef94c80b5bf6baa2ca6e903c861e72da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 04 Jul 2019 16:08:05 GMT
server: ESF
access-control-allow-origin: *
date: Thu, 04 Jul 2019 16:08:05 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Thu, 04 Jul 2019 16:08:05 GMT

GET
DATA 200
OK truncated
/ Frame C487 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2bba8b27dfb6064a073f6fba80af3652569b766a8b5a0b44477ec6eea076ecbf

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/011906111828200/ Frame CFCF 280 KB
75 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:819::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

8676b3b80defc341e5127a20ae48918c79b8359fe0e420617fd71c696dc4f12d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 684338
status: 200
date: Wed, 26 Jun 2019 18:02:27 GMT
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 76683
x-xss-protection: 0
server: sffe
etag: "aa77f575ea191da7"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Thu, 25 Jun 2020 18:02:27 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/011906111828200/v0/ Frame CFCF 13 KB
5 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:819::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906111828200/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

2aadba5dea3cad3a2f2e2a79d88f06a4f3edb86f006f4b19c74d9e1024210bb6

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 1463596
status: 200
date: Mon, 17 Jun 2019 17:34:49 GMT
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 4947
x-xss-protection: 0
server: sffe
etag: "ce2100eb3b0bf746"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Tue, 16 Jun 2020 17:34:49 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/011906111828200/v0/ Frame CFCF 142 KB
39 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:819::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906111828200/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

62cf9551be94b96eec2590b6a832fdf0de816e7d9dcb2a2b4b9b72600417ecfb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 1770908
status: 200
date: Fri, 14 Jun 2019 04:12:57 GMT
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 39575
x-xss-protection: 0
server: sffe
etag: "7fabe51ad24fb167"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Sat, 13 Jun 2020 04:12:57 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/011906111828200/v0/ Frame CFCF 4 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:819::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906111828200/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

1ac1a6cf332c82c845d01d21e9a5f5b948d5ffc940879424718fe1a31111c4a8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 785681
status: 200
date: Tue, 25 Jun 2019 13:53:24 GMT
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 1469
x-xss-protection: 0
server: sffe
etag: "26f329c266c7e32f"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Wed, 24 Jun 2020 13:53:24 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/011906111828200/v0/ Frame CFCF 42 KB
13 KB 5ms
5ms Script
text/javascript 2a00:1450:4001:819::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906111828200/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

6cdf7da1776d10b40ed376754ae484da1c1aee3ce7c586c86131e8f3db1376c7

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 684337
status: 200
date: Wed, 26 Jun 2019 18:02:28 GMT
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 13486
x-xss-protection: 0
server: sffe
etag: "78de12916ef67b51"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Thu, 25 Jun 2020 18:02:28 GMT

GET
DATA 200
OK truncated
/ Frame CFCF 207 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3beb704139b26d9913cb60e2687d7f18696ad15064bd7b0164c63268b1aa927b

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-35/html/ Frame 070C 0
0 6ms
6ms Document
text/html 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-35/html/container.html

Requested by

Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-35/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
timing-allow-origin: *
content-length: 3491
date: Fri, 21 Jun 2019 19:56:06 GMT
expires: Sat, 20 Jun 2020 19:56:06 GMT
last-modified: Fri, 21 Jun 2019 14:35:26 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1109519
alt-svc: quic=":443"; ma=2592000; v="46,43,39"

GET
H2 200 view Show response
securepubads.g.doubleclick.net/pcs/ Frame 9A23 0
166 B 21ms
21ms Fetch
image/gif 172.217.21.194
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsumCzC1-_yyii96jyTTvyPBx1qe1h56skZy95FlB1lLUWYyAGJjHhh-YRZc_T7bU7WJu7CSbP2SgRGV3clDYdLouGAjXXKd2JQKoXT03SxaikEG8-hgBnFzNMLKThkxdJJUIUqX3DEgwuwC5b-Z9uYyPnotdgO5IPsblKw7YgH5mYmBqNaDdKdaBgPnLVGdQPEep1PtMZVAztGHvdu4mKaAmy6NBO_Z0WeaJ1RBiW4kKRQKNEp7k-BsFdMmifD3MazvdvGLZK6vxuYyxmel3Nr9oCFA&sig=Cg0ArKJSzHnyqgNAWb0BEAE&urlfix=1&adurl=

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Jul 2019 16:08:05 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 0
x-xss-protection: 0
expires: Thu, 04 Jul 2019 16:08:05 GMT

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9A23 74 KB
28 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:80b::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

02e67dafdee2710fc791b44c8319ae2471ebd3291d9ae167eddcacc47349fc1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 16:08:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1562152391643339"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length: 28158
x-xss-protection: 0
expires: Thu, 04 Jul 2019 16:08:05 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/011906111828200/ Frame B083 280 KB
75 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:819::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

8676b3b80defc341e5127a20ae48918c79b8359fe0e420617fd71c696dc4f12d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 1277563
status: 200
date: Wed, 19 Jun 2019 21:15:22 GMT
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 76683
x-xss-protection: 0
server: sffe
etag: "aa77f575ea191da7"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Thu, 18 Jun 2020 21:15:22 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/011906111828200/v0/ Frame B083 13 KB
5 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:819::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906111828200/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

2aadba5dea3cad3a2f2e2a79d88f06a4f3edb86f006f4b19c74d9e1024210bb6

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 684338
status: 200
date: Wed, 26 Jun 2019 18:02:27 GMT
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 4947
x-xss-protection: 0
server: sffe
etag: "ce2100eb3b0bf746"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Thu, 25 Jun 2020 18:02:27 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/011906111828200/v0/ Frame B083 142 KB
39 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:819::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906111828200/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

62cf9551be94b96eec2590b6a832fdf0de816e7d9dcb2a2b4b9b72600417ecfb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 1770908
status: 200
date: Fri, 14 Jun 2019 04:12:57 GMT
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 39575
x-xss-protection: 0
server: sffe
etag: "7fabe51ad24fb167"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Sat, 13 Jun 2020 04:12:57 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/011906111828200/v0/ Frame B083 4 KB
1 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:819::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906111828200/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

1ac1a6cf332c82c845d01d21e9a5f5b948d5ffc940879424718fe1a31111c4a8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 785681
status: 200
date: Tue, 25 Jun 2019 13:53:24 GMT
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 1469
x-xss-protection: 0
server: sffe
etag: "26f329c266c7e32f"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Wed, 24 Jun 2020 13:53:24 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/011906111828200/v0/ Frame B083 42 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:819::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906111828200/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

6cdf7da1776d10b40ed376754ae484da1c1aee3ce7c586c86131e8f3db1376c7

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 1881846
status: 200
date: Wed, 12 Jun 2019 21:23:59 GMT
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 13486
x-xss-protection: 0
server: sffe
etag: "78de12916ef67b51"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Thu, 11 Jun 2020 21:23:59 GMT

GET
DATA 200
OK truncated
/ Frame B083 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 79e294aba6a7aa07f610a38ef47a181e257396557ad5b6e23c50c0b84a5f70bc

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame C487 0
0 23ms
22ms Image
text/html 172.217.21.194
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CU-kcZCQeXeTxIsaWgAflwb-YBcvSgs9Wz4W4sfwJv-EeEAEgx4P8AWCV4pCCoAegAdL4y-IDyAEB4AIAqAMByAMKqgSyAk_QeKB6rnJ9RG6byr-cRNXsjKNPqCdcbbkgATsWhvJj8ceBHUl7wWeFPTq0g0eBnqS_tBPHMG8oHuYkKihUIifitRbF8ODWvSib_XkpjPKA2q3Dwg_mGOW_gZqBpZST4Tyw5Z5J_OtYBBNBuPbdTFKMmuFk-F-laguQZg-vSOoXce7LaQky7uGZpE4T2MLgLvCbspk6AEd26WLU65vtQ_BfXrVJLwN6GxiHUhDKnHhwfIMCOf4ZaM7SK3AMHYXNCzoRcrC63GQgE__d_qhCVdfAVNUEcguIYEPKWUp7uhJ3uTGh5CmqO-F9TIy2dAwHJmfC4A36rvp_nIssly6X2ud_ugNzNSKI3HKADv5v38ofn8BIF0Af1R6k7dkHfjRQFaRh5wTOvdFk5lAxGJV-ez60JuAEAYAHgYjWQ6gHjs4bqAfVyRuoB8HTG6gHhdQbqAeB1BuoB4LUG6gHhtQbqAeE1BuoB-DTG6gHugaoB9nLG6gHz8wbqAemvhvYBwHyBwQQwL4M0ggJCIDhgBAQARgNgAoB2BMD&sigh=txPu6QKRT48&tpd=AGWhJmvhbVEeZgNvLcIebgblQ73xl56kEsvbZsCluE-MDdMTXw
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra16s12-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2

200

B22124189.247937948;dc_pre=CK_76PfSm-MCFQHHdwod9dQNdg;dc_trk_aid=444500704;dc_trk_cid=117027577;ord=3347692637;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/ Frame C487
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.247937948;dc_trk_aid=444500704;dc_trk_cid=117027577;ord=3347692637;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.247937948;dc_pre=CK_76PfSm-MCFQHHdwod9dQNdg;dc_trk_aid=444500704;dc_trk_cid=117027577;ord=3347692637;dc_lat=;dc_rdid=;tag_for_ch...

42 B
120 B

30ms
29ms

Image
image/gif

216.58.207.70
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.247937948;dc_pre=CK_76PfSm-MCFQHHdwod9dQNdg;dc_trk_aid=444500704;dc_trk_cid=117027577;ord=3347692637;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.207.70 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s25-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Jul 2019 16:08:07 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 04 Jul 2019 16:08:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.247937948;dc_pre=CK_76PfSm-MCFQHHdwod9dQNdg;dc_trk_aid=444500704;dc_trk_cid=117027577;ord=3347692637;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 302
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame C487 0
0 14ms
13ms Image
text/html 2a00:1450:4001:819::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRyMIcwDISE7yAJWnRNj1wU-eex-zeZtpYlztRSdwASB8m9uV5D3RMg04ABt0qlZfA93C_5R7IDAhU2LowP9F6RSjlk8g
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame C487 2 KB
3 KB 7ms
6ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 02:55:44 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 47541
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 2502
x-xss-protection: 0
expires: Fri, 05 Jul 2019 02:55:44 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame C487 295 B
367 B 6ms
5ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 07:25:30 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 31355
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 295
x-xss-protection: 0
expires: Fri, 05 Jul 2019 07:25:30 GMT

GET
H2 200 7518965568447469230
tpc.googlesyndication.com/simgad/ Frame CFCF 29 KB
29 KB 7ms
6ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7518965568447469230?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qlnBqNe-mF4yPzTisQEfs9mYAgG2w

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

7719ab93490cd380fd487becadb93b76f9acbd0ecfcce4a9eb04551bfdf913c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 25 Jun 2019 12:20:15 GMT
x-content-type-options: nosniff
last-modified: Fri, 17 Nov 2017 18:02:16 GMT
server: sffe
age: 791270
content-type: image/png
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 29858
x-xss-protection: 0
expires: Wed, 24 Jun 2020 12:20:15 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame CFCF 2 KB
3 KB 6ms
6ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 02:55:44 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 47541
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 2502
x-xss-protection: 0
expires: Fri, 05 Jul 2019 02:55:44 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame CFCF 295 B
367 B 6ms
5ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 07:25:30 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 31355
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 295
x-xss-protection: 0
expires: Fri, 05 Jul 2019 07:25:30 GMT

GET
H2

200

B21456284.229002654;dc_pre=CN_76PfSm-MCFQkEiwodjPQHtQ;dc_trk_aid=426910088;dc_trk_cid=103966985;ord=251726114;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/ Frame CFCF
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/B21456284.229002654;dc_trk_aid=426910088;dc_trk_cid=103966985;ord=251726114;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
https://ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/B21456284.229002654;dc_pre=CN_76PfSm-MCFQkEiwodjPQHtQ;dc_trk_aid=426910088;dc_trk_cid=103966985;ord=251726114;dc_lat=;dc_rdid=;tag_...

42 B
109 B

31ms
29ms

Image
image/gif

216.58.207.70
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/B21456284.229002654;dc_pre=CN_76PfSm-MCFQkEiwodjPQHtQ;dc_trk_aid=426910088;dc_trk_cid=103966985;ord=251726114;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.207.70 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s25-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Jul 2019 16:08:07 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 04 Jul 2019 16:08:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/B21456284.229002654;dc_pre=CN_76PfSm-MCFQkEiwodjPQHtQ;dc_trk_aid=426910088;dc_trk_cid=103966985;ord=251726114;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 302
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame CFCF 0
0 20ms
20ms Image
text/html 172.217.21.194
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CqeRtZCQeXbj3IsaWgAflwb-YBajSmo9XzsHO-9oHt6ae9MwBEAEg2tfFOWCV4pCCoAegAe_1jtsDyAEC4AIAqAMByAMIqgS5Ak_QlxAyeYCMnk8KEpk8W2zGcJQt5O1y_CKI3fj3gW_c7aJba9vvdEM6IT3osyYvrKtOoohkq84otBT-wl18gxoJb7BFyVADdZreO815TprJscdKoTCpIKn4P_usY6bZb66utNNgCjYg83zT8-xfkBA-zZ3LgP_y4Zf_Fdu70E0LBWRtVS5tc4zbt7jaj3S1_sV_kspS1DPIBqOkm7aZ0D297ePx3LQ6p9n7cgdjcHu34c_VluBfhZAcy_MKojm-4z6eiJN34ph3xboI7WL443l3VSO8kAfpPq9ofrcQoJhvORh9dSt_MfOJGCKK09NYK6FqzJbiUBP117H6vMWoV2ak02pOiHhB5YSa9oc8ziSq2xFXzXHBDmZqsrCr0kn2BO9VyoWYzhoPo7R_R2iwo3YH5QhQnMjb_p_ABLyY9sGCAeAEAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYCgAeetpspqAeOzhuoB9XJG6gHwdMbqAeF1BuoB4HUG6gHgtQbqAeG1BuoB4TUG6gH4NMbqAe6BqgH2csbqAfPzBuoB6a-G9gHAfIHBBCI6QbSCAkIgOGAEBABGA3yCBthZHgtc3Vic3luLTE3NDIyNDk2MDMyODkwODOACgPYEww&sigh=fZn-go7G7yI&tpd=AGWhJmvtejFLsiUB0m3wSHdsteDSJCCM0GkIBGMw3RjBvkG6rg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra16s12-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 7081768244455630080
tpc.googlesyndication.com/simgad/ Frame B083 30 KB
30 KB 7ms
7ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7081768244455630080?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qk74AzmnTb4ZNqOV96FcpS49fTbkA

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

f875dc31a85fb81f7d8c2253bf0ca0317218cd1ad34c93be974dcc355b987e43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 02 Jun 2019 07:14:59 GMT
x-content-type-options: nosniff
last-modified: Mon, 13 Nov 2017 10:38:58 GMT
server: sffe
age: 2796786
content-type: image/png
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 30771
x-xss-protection: 0
expires: Mon, 01 Jun 2020 07:14:59 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B083 2 KB
3 KB 7ms
6ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 02:55:44 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 47541
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 2502
x-xss-protection: 0
expires: Fri, 05 Jul 2019 02:55:44 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B083 295 B
372 B 6ms
6ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 07:25:30 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 31355
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 295
x-xss-protection: 0
expires: Fri, 05 Jul 2019 07:25:30 GMT

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame B083 0
0 22ms
22ms Image
text/html 172.217.21.194
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C4xziZCQeXZmAI8aWgAflwb-YBZiTmbFNwKeMyfoF3u3_rwQQASDHg_wBYJXikIKgB6ABuae0_wPIAQLgAgCoAwHIAwiqBLYCT9DfQo17ILFk6qqszjHyXDpU9jWQV6ObjuIQ4rWfwuDGXFP44Glm2EA3coacNZPxuKEznDqi7pPQDQKF3i3kCuHkH5caDKuUgH0Vl_mT2TwPTF1RSvvOI3rSMCOIMll8VFk8gKTu17ZrMpfMKmZr-6zrE01IZ-i1_Pur6uGhHIasyK5v3MY8rGpuraRG5wyIIfcduvxcSiIiXE1XQ9wTWdBsbQ1DZQA7N0guoNhAj5tMpzqe2-P1HrsUYod3AFdMFEIqhwqQRcc1dvdcghCEkTrNzlT_GoZLcSeAXfC4Z9lGn7Nak9HiczNSGj3Mv_RJxaHkJss4sS-0ALQQUCem8fm8qhIeesZplLMFtm6Nta9DCLdr_zkVvFSQ7ngLJM-Mx31vn0iQ_oAA7YMTD7p0l7QlWnLw6MAEsOzdgQHgBAGSBQQIBBgBkgUECAUYBKAGAoAHr9hLqAeOzhuoB9XJG6gHwdMbqAeF1BuoB4HUG6gHgtQbqAeG1BuoB4TUG6gH4NMbqAe6BqgH2csbqAfPzBuoB6a-G9gHAfIHBBDvpwvSCAkIgOGAEBABGA2ACgHYEwI&sigh=xsLyv29we5A&tpd=AGWhJmtL0ZGxjHA2f8eghXrDUWwrKg6vTYSq9JXKtqcOfe4jIA
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra16s12-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v19/ Frame C487 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81b::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v19/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:300,400,500&lang=en
Origin: https://www.bleepingcomputer.com

Response headers

date: Tue, 25 Jun 2019 12:04:33 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Mar 2019 20:12:38 GMT
server: sffe
age: 792212
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11056
x-xss-protection: 0
expires: Wed, 24 Jun 2020 12:04:33 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v19/ Frame C487 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81b::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v19/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:300,400,500&lang=en
Origin: https://www.bleepingcomputer.com

Response headers

date: Sun, 02 Jun 2019 04:36:10 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Mar 2019 20:13:33 GMT
server: sffe
age: 2806315
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11016
x-xss-protection: 0
expires: Mon, 01 Jun 2020 04:36:10 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame C487
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

39ms
39ms

Image
text/html

2a00:1450:4001:80b::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date: Thu, 04 Jul 2019 16:08:05 GMT
x-content-type-options: nosniff
server: safe
location: https://googleads.g.doubleclick.net/pagead/drt/si
content-type: text/html; charset=UTF-8
status: 302
cache-control: private
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 246
x-xss-protection: 0

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame CFCF
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

38ms
38ms

Image
text/html

2a00:1450:4001:80b::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date: Thu, 04 Jul 2019 16:08:05 GMT
x-content-type-options: nosniff
server: safe
location: https://googleads.g.doubleclick.net/pagead/drt/si
content-type: text/html; charset=UTF-8
status: 302
cache-control: private
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 246
x-xss-protection: 0

GET av
connatix-d.openx.net/v/1.0/ Frame 28B1 0
0

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame B083
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

40ms
40ms

Image
text/html

2a00:1450:4001:80b::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date: Thu, 04 Jul 2019 16:08:05 GMT
x-content-type-options: nosniff
server: safe
location: https://googleads.g.doubleclick.net/pagead/drt/si
content-type: text/html; charset=UTF-8
status: 302
cache-control: private
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 246
x-xss-protection: 0

POST
H2 200 /
www.facebook.com/tr/ Frame 942D 0
0 8ms
6ms Document
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: POST
:authority: www.facebook.com
:scheme: https
:path: /tr/
content-length: 5166
pragma: no-cache
cache-control: no-cache
origin: https://www.bleepingcomputer.com
upgrade-insecure-requests: 1
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding: gzip, deflate, br
cookie: fr=0ybTnnA19NjpiWXiO..BdHiRk...1.0.BdHiRk.
Origin: https://www.bleepingcomputer.com
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status: 200
content-type: text/plain
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 0
server: proxygen-bolt
date: Thu, 04 Jul 2019 16:08:05 GMT

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
527 B 956ms
111ms XHR
text/plain 35.226.36.58
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 2591b3993b905671973bfaa4a92ba2502ba49ff7da880f996ab7c707d4c4281d

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Thu, 04 Jul 2019 16:08:06 GMT
Access-Control-Allow-Credentials: true
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 55 KB
11 KB 342ms
341ms XHR
text/javascript 172.217.21.194
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019062401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s12-in-f2.1e100.net

Software

cafe /

Resource Hash

807d8248fa4c9265b16839ed20abbb265188430ede192fb080299b0230c008fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin: https://www.bleepingcomputer.com

Response headers

date: Thu, 04 Jul 2019 16:08:06 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 11018
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 r Show response
amp-error-reporting.appspot.com/ Frame C487 2 B
64 B 114ms
113ms XHR
text/plain 2a00:1450:4001:81d::2014
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://amp-error-reporting.appspot.com/r
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81d::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: / Express
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 04 Jul 2019 16:08:05 GMT
via: 1.1 google
x-powered-by: Express
status: 200
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 2

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
527 B 566ms
111ms XHR
text/plain 35.226.36.58
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 4b00af59cbfbfb464ee6a1cb37e4c5c91e73e749ad910011bd89638f2334e194

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Thu, 04 Jul 2019 16:08:06 GMT
Access-Control-Allow-Credentials: true
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H/1.1 200
OK tracking.png
trk.connatix.com/ Frame 28B1 0
153 B 1580ms
96ms Image
text/plain 23.22.162.56
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trk.connatix.com/tracking.png?c_rprbid=[{id:11186,c_wt:2023}]&cb=91b96495e39d636a599c1562256486056&c_pl=46wra552KZOJ2yS3xuNxdgupZ7kVkubw7Z7sjbfT46kTvfSv3ZAl9KORWyYuJT-USiIsCvhFBc3iEfePEMIiccjh9Zb8VRD2HZ_Ik0HaS8rGuyGv4tyl-RFCOSqBWdM405er6zKJ1gSCgTGm1i0LwT6huCDjcLI5-VM4am5F5Qm7-3rHeLcbPtmZa_-Krq1ieyP3SR9TPTo8AIUq6fqbGy_TKhWpVvAUi7T9KljN5LgBaol6zxSjQoy2jc5ZzQbV542gaXmKzvQSnNefby7fig&c_v=1586_0_0_0_0&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spa&xplt=true&spp=1
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.22.162.56 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-23-22-162-56.compute-1.amazonaws.com
Software: nginx/1.12.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 04 Jul 2019 16:08:07 GMT
Server: nginx/1.12.2
Connection: keep-alive
Content-Length: 0

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/011906111828200/ Frame 7F07 280 KB
75 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:819::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

8676b3b80defc341e5127a20ae48918c79b8359fe0e420617fd71c696dc4f12d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 684339
status: 200
date: Wed, 26 Jun 2019 18:02:27 GMT
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 76683
x-xss-protection: 0
server: sffe
etag: "aa77f575ea191da7"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Thu, 25 Jun 2020 18:02:27 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/011906111828200/v0/ Frame 7F07 13 KB
5 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:819::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906111828200/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

2aadba5dea3cad3a2f2e2a79d88f06a4f3edb86f006f4b19c74d9e1024210bb6

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 684340
status: 200
date: Wed, 26 Jun 2019 18:02:27 GMT
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 4947
x-xss-protection: 0
server: sffe
etag: "ce2100eb3b0bf746"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Thu, 25 Jun 2020 18:02:27 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/011906111828200/v0/ Frame 7F07 142 KB
39 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:819::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906111828200/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

62cf9551be94b96eec2590b6a832fdf0de816e7d9dcb2a2b4b9b72600417ecfb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 1770910
status: 200
date: Fri, 14 Jun 2019 04:12:57 GMT
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 39575
x-xss-protection: 0
server: sffe
etag: "7fabe51ad24fb167"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Sat, 13 Jun 2020 04:12:57 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/011906111828200/v0/ Frame 7F07 4 KB
2 KB 11ms
6ms Script
text/javascript 2a00:1450:4001:819::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906111828200/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

1ac1a6cf332c82c845d01d21e9a5f5b948d5ffc940879424718fe1a31111c4a8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 785683
status: 200
date: Tue, 25 Jun 2019 13:53:24 GMT
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 1469
x-xss-protection: 0
server: sffe
etag: "26f329c266c7e32f"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Wed, 24 Jun 2020 13:53:24 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/011906111828200/v0/ Frame 7F07 42 KB
13 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:819::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011906111828200/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

6cdf7da1776d10b40ed376754ae484da1c1aee3ce7c586c86131e8f3db1376c7

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
vary: Accept-Encoding
age: 684339
status: 200
date: Wed, 26 Jun 2019 18:02:28 GMT
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 13486
x-xss-protection: 0
server: sffe
etag: "78de12916ef67b51"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-content-type-options: nosniff
expires: Thu, 25 Jun 2020 18:02:28 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 7F07 4 KB
676 B 18ms
16ms Stylesheet
text/css 2a00:1450:4001:815::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

aed1d3e0e8565661020d1758525a829918ad55926910373ed5ad39c3e9b25ca3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 04 Jul 2019 16:08:06 GMT
server: ESF
access-control-allow-origin: *
date: Thu, 04 Jul 2019 16:08:06 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Thu, 04 Jul 2019 16:08:06 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 7F07 4 KB
630 B 24ms
23ms Stylesheet
text/css 2a00:1450:4001:815::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&text=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

aed1d3e0e8565661020d1758525a829918ad55926910373ed5ad39c3e9b25ca3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 04 Jul 2019 16:08:06 GMT
server: ESF
access-control-allow-origin: *
date: Thu, 04 Jul 2019 16:08:06 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Thu, 04 Jul 2019 16:08:06 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7F07 2 KB
3 KB 7ms
6ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 02:55:44 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 47542
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 2502
x-xss-protection: 0
expires: Fri, 05 Jul 2019 02:55:44 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7F07 295 B
372 B 7ms
6ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 04 Jul 2019 07:25:30 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 31356
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 295
x-xss-protection: 0
expires: Fri, 05 Jul 2019 07:25:30 GMT

GET
DATA 200
OK truncated
/ Frame 7F07 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 159a88cc4aeecc7348e417b827b8c95e04d3073bb4b708bd65948892b5c05ab0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/9341509476158550631/ Frame 7F07 7 KB
7 KB 10ms
9ms Image
image/jpeg 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9341509476158550631/downsize_200k_v1?sqp=4sqPyQSUAUKRAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-MhgIrAEQWhgBIAEtAAAAPzCsAThaRQAAgD8&rs=AOga4ql54LGTdKBdsgxZHnGW4Xwz67I0aw

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

8448ebbb3124836d80b57b3420c0cbb237fd817b8004fb19895e4f0704987c15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 07 Jun 2019 04:15:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 05 Jun 2019 21:10:53 GMT
server: sffe
age: 2375534
content-type: image/jpeg
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 7075
x-xss-protection: 0
expires: Sat, 06 Jun 2020 04:15:52 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/8578129967820296872/ Frame 7F07 5 KB
5 KB 8ms
7ms Image
image/png 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8578129967820296872/downsize_200k_v1?sqp=4sqPyQR5QncIABIUDc3MzD4VAAAAQB0AAAAAJQAAAAAYACIKDQAAgD8VAACAPypPCFoQAR0AALRCIAEoATAGOANAgMLXL0gAUABYAGBacAJ4AIABAIgBAJABAJ0BAACAP6ABAKgBALABgK3iBLgB____________AcUBLbKdPg&rs=AOga4qm5y3CelUOkKslL2rqGB5CLFSvb1A

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

d2046a09db7667733b48b3ffc77f65b5b7cf9def2359078117770c9ced03ee15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 03 Jun 2019 07:33:08 GMT
x-content-type-options: nosniff
last-modified: Tue, 08 Jan 2019 00:33:08 GMT
server: sffe
age: 2709298
content-type: image/png
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 5350
x-xss-protection: 0
expires: Tue, 02 Jun 2020 07:33:08 GMT

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 7F07 0
0 20ms
20ms Image
text/html 172.217.21.194
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CfmeOZSQeXZ_IL4ri7gPgwbuwCv3alJ1X15SPiLgJv-EeEAEg2tfFOWCV4pCCoAegAdL4y-IDyAEG4AIAqAMByAMKqgS0Ak_QU46CGNoPDanUpWd8iezqNglrdGFGgO88MWQ8Vh0O_iv4DLYQkJcuQsMRj-PPUhNdlaBHBQedO8_rNJNVaWjX3FbzED3WGvENYDc9RGJ8ss2yFrkQaRMWhjhLt35R-tRtPZjPMEzpDpag4Lge9Lxu-saa9M9lyof_7iHMiggEyIYJXGoAJcGyqVBGiofDWu7wAV1MjQ6NTChnt6Zkpq1AmFIrd6IJlnZqWYeNCsVNZSsuMjspsJq9c7AFoGDyLGX11hRcmQUCifMdHpKcvRjii6clUBWoHQPfnXIGOaVuZ8A_20MvN5u4d8Wpp7xmQhQfkC2HZx8rVJWyPoYihGXVGXale398g-T3nlkVah140T50WStZwe5nAYhOtnjnxNhndazRIA1eMdoybActL0AJ85Pv4AQBoAY3gAeBiNZDqAeOzhuoB9XJG6gHwdMbqAeF1BuoB4HUG6gHgtQbqAeG1BuoB4TUG6gH4NMbqAe6BqgH2csbqAfPzBuoB6a-G9gHAfIHBBDmng3SCAkIgOGAEBABGA3yCBthZHgtc3Vic3luLTE3NDIyNDk2MDMyODkwODOACgPYEwM&sigh=goUaL95pQ5s&template_id=492&tpd=AGWhJmuxg0NLJ0tjQX6lrofr-p3H7bU-dqvq86PRwE8N7zfIRQ
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra16s12-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2

200

B22124189.248289117;dc_pre=CNLI7ffSm-MCFY7RdwodYxcH6A;dc_trk_aid=444500836;dc_trk_cid=117024702;ord=3368313340;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/ Frame 7F07
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.248289117;dc_trk_aid=444500836;dc_trk_cid=117024702;ord=3368313340;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.248289117;dc_pre=CNLI7ffSm-MCFY7RdwodYxcH6A;dc_trk_aid=444500836;dc_trk_cid=117024702;ord=3368313340;dc_lat=;dc_rdid=;tag_for_ch...

42 B
109 B

30ms
29ms

Image
image/gif

216.58.207.70
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.248289117;dc_pre=CNLI7ffSm-MCFY7RdwodYxcH6A;dc_trk_aid=444500836;dc_trk_cid=117024702;ord=3368313340;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.207.70 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s25-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Jul 2019 16:08:07 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 04 Jul 2019 16:08:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.248289117;dc_pre=CNLI7ffSm-MCFY7RdwodYxcH6A;dc_trk_aid=444500836;dc_trk_cid=117024702;ord=3368313340;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 302
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 7F07 0
0 17ms
16ms Image
text/html 2a00:1450:4001:819::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRABihNbBp5uF_Bpc8YWMNL74caQZohN0UGs6yytuwY0Brzgx7OueNRjMQYixYLghAjTfTc5I727cYY861r_Lig6M1Z8g
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H2 200 r Show response
amp-error-reporting.appspot.com/ Frame CFCF 2 B
64 B 114ms
114ms XHR
text/plain 2a00:1450:4001:81d::2014
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://amp-error-reporting.appspot.com/r
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81d::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: / Express
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 04 Jul 2019 16:08:06 GMT
via: 1.1 google
x-powered-by: Express
status: 200
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 2

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v19/ Frame 7F07 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81b::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v19/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en
Origin: https://www.bleepingcomputer.com

Response headers

date: Sun, 02 Jun 2019 04:36:10 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Mar 2019 20:13:33 GMT
server: sffe
age: 2806316
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11016
x-xss-protection: 0
expires: Mon, 01 Jun 2020 04:36:10 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v19/ Frame 7F07 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81b::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v19/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en
Origin: https://www.bleepingcomputer.com

Response headers

date: Tue, 25 Jun 2019 12:04:33 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Mar 2019 20:12:38 GMT
server: sffe
age: 792213
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11056
x-xss-protection: 0
expires: Wed, 24 Jun 2020 12:04:33 GMT

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame C487 0
0 26ms
26ms Image
text/html 172.217.21.194
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C-ENaZCQeXeTxIsaWgAflwb-YBcvSgs9Wz4W4sfwJv-EeEAEgx4P8AWCV4pCCoAegAdL4y-IDyAEB4AIAqAMBqgSyAk_QeKB6rnJ9RG6byr-cRNXsjKNPqCdcbbkgATsWhvJj8ceBHUl7wWeFPTq0g0eBnqS_tBPHMG8oHuYkKihUIifitRbF8ODWvSib_XkpjPKA2q3Dwg_mGOW_gZqBpZST4Tyw5Z5J_OtYBBNBuPbdTFKMmuFk-F-laguQZg-vSOoXce7LaQky7uGZpE4T2MLgLvCbspk6AEd26WLU65vtQ_BfXrVJLwN6GxiHUhDKnHhwfIMCOf4ZaM7SK3AMHYXNCzoRcrC63GQgE__d_qhCVdfAVNUEcguIYEPKWUp7uhJ3uTGh5CmqO-F9TIy2dAwHJmfC4A36rvp_nIssly6X2ud_ugNzNSKI3HKADv5v38ofn8BIF0Af1R6k7dkHfjRQFaRh5wTOvdFk5lAxGJV-ez60JuAEAYAHgYjWQ6gHjs4bqAfVyRuoB8HTG6gHhdQbqAeB1BuoB4LUG6gHhtQbqAeE1BuoB-DTG6gHugaoB9nLG6gHz8wbqAemvhvYBwHyBwQQwL4M0ggJCIDhgBAQARgNgAoB2BMD&sigh=oKu8Z61PyIE&vt=1
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra16s12-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame C487 42 B
110 B 30ms
29ms Image
image/gif 216.58.210.2
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstCl9Oa3QvcZngrLCr0GJZo45VI0NfhsN1mmi2uoLn_Yvc314_tFZZ87N7ZAPFZeILfLKzwEeHZA0YZRCxW9F0FbrNp7JI4wJu0rW_C7hb_fpifNaatuZazKUuLelwL3ao7lAgR8ga3F6iQ&sai=AMfl-YRZM9HzOJAjKvLIdznIoQGAc7kskY_C5P9u46wmq0himABg8Zc8dSFXq9VcsVim_Leg7Ae5U_eD1sDjdksnfTllRymmC82blyYq1jpdhzNKpZXPuq1gQqPPmKE&sig=Cg0ArKJSzGwMHxr34YPhEAE&cid=CAASF-RoO3lXpZr7gtf-NDOmFvkwy3EKOCUf&id=ampim&o=315,146&d=970,90&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=141&tls=1141&g=100&h=100&pt=&tt=1141&rpt=&rst=1562256485025&r=v&adk=960084856&avms=ampa

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Jul 2019 16:08:07 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame CFCF 42 B
110 B 27ms
26ms Image
image/gif 216.58.210.2
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvXxGS1n6KhjHDCUlBB2bljfVjjHaYgCXVM3pT7sKksXlJ8VyUZhLqhAa2_RofjZHs0EuyEGjn9eQPhPUhaP4cz4hTd5aiPMnwMxorf0Zl_-sOGRIPas5tfm3-K-g1EtY0BZElRM3eBIN1GJg&sai=AMfl-YSbI9asUuIA7HB6ri6qu3mj1Y5jEfJyIeQblya8hJst_cG9ONrNCM-aIxn10vqXHWIGb8xnaOxfGg23IfSksyvjFONiYGrPfaqK7kbwbfdgwWS8JaZlbhsAq-4&sig=Cg0ArKJSzBIo4DZmNwIFEAE&cid=CAASF-Rosqb4e2lfq5lbBLEXRpiQLhzOIPfS&id=ampim&o=1082,322&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1023&mtos=0,0,1023,1023,1023&tos=0,0,1023,0,0&tfs=122&tls=1145&g=100&h=100&pt=&tt=1145&rpt=&rst=1562256485040&r=v&adk=771041174&avms=ampa

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Jul 2019 16:08:07 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 r Show response
amp-error-reporting.appspot.com/ Frame B083 2 B
64 B 118ms
117ms XHR
text/plain 2a00:1450:4001:81d::2014
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://amp-error-reporting.appspot.com/r
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81d::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: / Express
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 04 Jul 2019 16:08:06 GMT
via: 1.1 google
x-powered-by: Express
status: 200
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 2

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
344 B 188ms
110ms XHR
text/plain 35.226.36.58
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 2591b3993b905671973bfaa4a92ba2502ba49ff7da880f996ab7c707d4c4281d

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Thu, 04 Jul 2019 16:08:06 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

POST
H2 200 r Show response
amp-error-reporting.appspot.com/ Frame 7F07 2 B
64 B 114ms
114ms XHR
text/plain 2a00:1450:4001:81d::2014
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://amp-error-reporting.appspot.com/r
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81d::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: / Express
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 04 Jul 2019 16:08:07 GMT
via: 1.1 google
x-powered-by: Express
status: 200
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 2

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
344 B 112ms
111ms XHR
text/plain 35.226.36.58
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 4b00af59cbfbfb464ee6a1cb37e4c5c91e73e749ad910011bd89638f2334e194

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Thu, 04 Jul 2019 16:08:08 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 7F07 0
0 21ms
20ms Image
text/html 172.217.21.194
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CGf2XZSQeXZ_IL4ri7gPgwbuwCv3alJ1X15SPiLgJv-EeEAEg2tfFOWCV4pCCoAegAdL4y-IDyAEG4AIAqAMBqgS0Ak_QU46CGNoPDanUpWd8iezqNglrdGFGgO88MWQ8Vh0O_iv4DLYQkJcuQsMRj-PPUhNdlaBHBQedO8_rNJNVaWjX3FbzED3WGvENYDc9RGJ8ss2yFrkQaRMWhjhLt35R-tRtPZjPMEzpDpag4Lge9Lxu-saa9M9lyof_7iHMiggEyIYJXGoAJcGyqVBGiofDWu7wAV1MjQ6NTChnt6Zkpq1AmFIrd6IJlnZqWYeNCsVNZSsuMjspsJq9c7AFoGDyLGX11hRcmQUCifMdHpKcvRjii6clUBWoHQPfnXIGOaVuZ8A_20MvN5u4d8Wpp7xmQhQfkC2HZx8rVJWyPoYihGXVGXale398g-T3nlkVah140T50WStZwe5nAYhOtnjnxNhndazRIA1eMdoybActL0AJ85Pv4AQBoAY3gAeBiNZDqAeOzhuoB9XJG6gHwdMbqAeF1BuoB4HUG6gHgtQbqAeG1BuoB4TUG6gH4NMbqAe6BqgH2csbqAfPzBuoB6a-G9gHAfIHBBDmng3SCAkIgOGAEBABGA3yCBthZHgtc3Vic3luLTE3NDIyNDk2MDMyODkwODOACgPYEwM&sigh=YSYoo2PXSrc&vt=1&template_id=492
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra16s12-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 7F07 42 B
110 B 24ms
23ms Image
image/gif 216.58.210.2
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv1jbRdBn-FGNeiNNoUXT-Fy4B3nf0_qg5g82SZ9R-XJciPAFskLbighOAk342IR10P9LkfSiskzoit78-XB3FdO_qiXIYrBMTjPOXHyMucLSbo4N1PnoFmnj9Iwsp33u9pCU-DylKUcb6S&sai=AMfl-YR-PDgYnB4eTxBcmm_zYREpyAgtEyrcEPFvFdblDDoCRAAVLqkZMMnMtxaNmyBWPvwYUSeVPR8i7u3GCKTTkXYfVZx39GpAj58mFgXCHNUIEK86IjD1CHg_yT4&sig=Cg0ArKJSzN7uVUZ8QhvPEAE&cid=CAASF-Ro1-deSfyK_25SqjRGegtLpaL80Wi7&id=ampim&o=436,1110&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,1001,1001,1001&tos=0,0,1001,0,0&tfs=1316&tls=2317&g=100&h=100&pt=1395&tt=2317&rpt=1395&rst=1562256486085&r=v&adk=3056404191&avms=ampa

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Jul 2019 16:08:08 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST v2
i.connectad.io/api/ 0
0

POST auction
tlx.3lift.com/header/ 0
0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 395 B
1 KB 65ms
28ms XHR
application/json 185.33.223.100
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.100 , Netherlands, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

373.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

b4de71dcae841e19d2edc5914bc3a452e66c0c9ca803e662b3ca5d18d49d9c54

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 04 Jul 2019 16:08:13 GMT
X-Proxy-Origin: 82.102.16.137; 82.102.16.137; 373.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.232:80
AN-X-Request-Uuid: 580b6134-b1b9-4a29-8d85-4e4ddaea557c
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 395
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET imp
g2.gumgum.com/hbid/ 0
0

GET arj
freestar-d.openx.net/w/1.0/ 0
0

GET fastlane.json
fastlane.rubiconproject.com/a/api/ 0
0

POST prebid_display
display.bfmio.com/ 0
0

POST HeaderBiddingService
ssp.pub.network/ssp-server/ 0
0

POST
H2 200 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ 588 B
779 B 73ms
22ms XHR
application/json 2a02:fa8:8806:13::1460
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a02:fa8:8806:13::1460 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: c88a51a3781fe16f1c3f42af4b05698667c0c843dd20822951192d224d6a691c

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 04 Jul 2019 16:08:11 GMT
server: nginx
status: 200
content-type: application/json
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache
access-control-allow-credentials: true
content-length: 588
expires: 0

POST hb
ssc.33across.com/api/v1/ 0
0

GET v1
btlr.sharethrough.com/header-bid/ 0
0

POST /
hb.emxdgt.com/ 0
0

OPTIONS v1
dmx.districtm.io/b/ 0
0

GET
H2 200 t Show response
jadserve.postrelease.com/ 97 B
505 B 482ms
161ms Script
text/javascript 54.215.180.144
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://jadserve.postrelease.com/t?ntv_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ntv_mvi
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.215.180.144 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-215-180-144.us-west-1.compute.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: 5de79bd33c164a62fe3389aeef0af2f54b82e7f8ba5fd7d0721f8080823babcb

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Jul 2019 16:08:12 GMT
content-encoding: gzip
server: nginx/1.12.1
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: text/javascript;charset=UTF-8
content-length: 108
expires: Mon, 1 Jan 1990 12:00:00 GMT

OPTIONS v1
dmx.districtm.io/b/ 0
0

GET imp
g2.gumgum.com/hbid/ 0
0

GET arj
freestar-d.openx.net/w/1.0/ 0
0

POST prebid_display
display.bfmio.com/ 0
0

GET fastlane.json
fastlane.rubiconproject.com/a/api/ 0
0

POST HeaderBiddingService
ssp.pub.network/ssp-server/ 0
0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
719 B 18ms
17ms XHR
application/json 185.33.223.100
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.100 , Netherlands, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

373.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

2544182fb9a0a2f65dac966c91bcbcb8239798c4c5d8278f0fd6d9f4056d301e

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 04 Jul 2019 16:08:14 GMT
X-Proxy-Origin: 82.102.16.137; 82.102.16.137; 373.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.80:80
AN-X-Request-Uuid: 8e5ab6c5-dc89-4a86-8e5f-494be6ce6af0
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST hb
ssc.33across.com/api/v1/ 0
0

POST
H2 200 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ 192 B
382 B 22ms
22ms XHR
application/json 2a02:fa8:8806:13::1460
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a02:fa8:8806:13::1460 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: 511834888e15b8279f18ccba6e879b554bff8c6c3fbd1067850c661d2707fa44

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 04 Jul 2019 16:08:12 GMT
server: nginx
status: 200
content-type: application/json
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache
access-control-allow-credentials: true
content-length: 192
expires: 0

POST
H2 200 v2 Show response
i.connectad.io/api/ 97 B
643 B 59ms
59ms XHR
application/json 2606:4700:10::6814:8528
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://i.connectad.io/api/v2
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:8528 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 92963f695e7f7c94492bef74d7a5bc3bafb6c5e615cb6fca0907aa7ee4c11ae8

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 04 Jul 2019 16:08:12 GMT
content-encoding: gzip
content-type: application/json
server: cloudflare
status: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, private
access-control-allow-credentials: true
cf-ray: 4f125b462c29c2ef-FRA
alt-svc: clear
via: 1.1 google

GET
H/1.1 200
OK g Show response
rtb.connatix.com/ 95 B
290 B 849ms
161ms Script
text/plain 3.214.45.211
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.connatix.com/g?c_pw=834&c_ph=470&c_tk=C018218D-4AD0-4E01-8158-045425E65946&c_bu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&c_ivt=0&connatix_sess=_R0QpgLOMiWrVBKI3rOZCq6NwtOQeRupqIGXm90wxMOP__4g_iM326pQ9AASfTGrnssPPktHS_v4nXyb9GTu9wAO8Mo6yeTCs8HilTnORHIYGD9JRxdmfk2nQpgBAkI8qA1ENyJWm_VdeUUdGWOZv90pjUPpGJdLeUf2J4v1YRD1zvTMPdRaf6KhzQ13ZIOM&notServed=false&xplr=false&c_s=false&c_pl=46wra552KZOJ2yS3xuNxdgupZ7kVkubw7Z7sjbfT46kTvfSv3ZAl9KORWyYuJT-USiIsCvhFBc3iEfePEMIiccjh9Zb8VRD2HZ_Ik0HaS8rGuyGv4tyl-RFCOSqBWdM405er6zKJ1gSCgTGm1i0LwT6huCDjcLI5-VM4am5F5Qm7-3rHeLcbPtmZa_-Krq1ieyP3SR9TPTo8AIUq6fqbGy_TKhWpVvAUi7T9KljN5LgBaol6zxSjQoy2jc5ZzQbV542gaXmKzvQSnNefby7fig&gdpr=1&med_id=639404&request_guid=47f9189722770284feb11562256493108&req_no=2&v=1&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spa&c_v=1586_0_0_0_0&spp=1&callback=cnxJSONP_d9ed4e297b92c14720851562256493108
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1586/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.214.45.211 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-214-45-211.compute-1.amazonaws.com
Software: nginx/1.12.2 /
Resource Hash: 4df1684a0f8233367358322cb3c927b93137df2eee5aba598667cd0975b2291d

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 04 Jul 2019 16:08:13 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
Connection: keep-alive
Content-Length: 111

GET
H/1.1 200 Cookie set sync_iframe
sync.bfmio.com/ Frame 991A 0
0 653ms
100ms Document
text/html 34.229.36.213
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.bfmio.com/sync_iframe?ifg=1&id=92fd6b68-fe21-44c5-bce8-6f519808339c&gdpr=0&gc=&gce=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.229.36.213 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-229-36-213.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Host: sync.bfmio.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

Access-Control-Allow-Origin: *
Content-Type: text/html
Date: Thu, 04 Jul 2019 16:08:20 GMT
Set-Cookie: __io_cid=f43b5e0f04443101301259ffbe8a59ae08bbf6b3; Domain=.bfmio.com; Expires=Fri, 03-Jul-2020 16:08:20 GMT; Path=/
Content-Length: 217
Connection: keep-alive

GET
H2 200 connectmyusers.php
cdn.connectad.io/ Frame EC03 0
0 16ms
15ms Document
text/html 2606:4700:10::6814:8528
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.connectad.io/connectmyusers.php
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:8528 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: cdn.connectad.io
:scheme: https
:path: /connectmyusers.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status: 200
date: Thu, 04 Jul 2019 16:08:18 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d915014d7d78a15d48605b436a1a66c7c1562256498; expires=Fri, 03-Jul-20 16:08:18 GMT; path=/; domain=.connectad.io; HttpOnly
cf-cache-status: HIT
age: 6340
expires: Fri, 05 Jul 2019 00:08:18 GMT
cache-control: public, max-age=28800
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 4f125b6b68f0c2ef-FRA
content-encoding: gzip

GET
H2 200 v2
de.tynt.com/deb/ Frame 34B6 0
0 3483ms
225ms Document
text/html 208.100.17.183
Steadfast

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/v2?m=xch&rt=html&id=cMP4reZxWr6jPmaKlId8sQ
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.100.17.183 Chicago, United States, ASN32748 (STEADFAST - Steadfast, US),
Reverse DNS: ip183.208-100-17.static.steadfastdns.net
Software: /
Resource Hash

Request headers

:method: GET
:authority: de.tynt.com
:scheme: https
:path: /deb/v2?m=xch&rt=html&id=cMP4reZxWr6jPmaKlId8sQ
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status: 200
cache-control: max-age=86400
expires: Fri, 05 Jul 2019 16:08:21 GMT
content-type: text/html
content-length: 75
date: Thu, 04 Jul 2019 16:08:20 GMT
p3p: CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA

GET
H2

200

pd
u.openx.net/w/1.0/ Frame 17F4
Redirect Chain

https://u.openx.net/w/1.0/pd
https://u.openx.net/w/1.0/pd?cc=1

0
0

24ms
24ms

Document
text/html

173.241.240.143
OPENX TECHNOLOGIES

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd?cc=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.241.240.143 Amsterdam, Netherlands, ASN36089 (OPENX-AS1 - OPENX TECHNOLOGIES, INC., US),
Reverse DNS: ox-173-241-240-143.xa.dc.openx.org
Software: OXGW/16.146.0 /
Resource Hash

Request headers

:method: GET
:authority: u.openx.net
:scheme: https
:path: /w/1.0/pd?cc=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding: gzip, deflate, br
cookie: i=8d8f1698-fac4-43c3-b12a-2a98bbb91fde|1562256499
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status: 200
vary: Accept
set-cookie: i=8d8f1698-fac4-43c3-b12a-2a98bbb91fde|1562256499; Version=1; Expires=Fri, 03-Jul-2020 16:08:19 GMT; Max-Age=31536000; Domain=.openx.net; Path=/ pd=v2|1562256499|mOgikimWiygu; Version=1; Expires=Fri, 19-Jul-2019 16:08:19 GMT; Max-Age=1296000; Domain=.openx.net; Path=/
server: OXGW/16.146.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Thu, 04 Jul 2019 16:08:19 GMT
content-type: text/html
content-encoding: gzip

Redirect headers

status: 302
set-cookie: i=d26690c2-b4e8-4174-b5e8-dc5748e29cbf|1562256499; Version=1; Expires=Fri, 03-Jul-2020 16:08:19 GMT; Max-Age=31536000; Domain=.openx.net; Path=/
server: OXGW/16.146.0
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://u.openx.net/w/1.0/pd?cc=1
date: Thu, 04 Jul 2019 16:08:19 GMT
content-length: 0

GET
H2 200 v2
de.tynt.com/deb/ Frame C266 0
0 3473ms
219ms Document
text/html 208.100.17.183
Steadfast

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/v2?m=xch&rt=html&id=bBb-SI6fGr6iocaKkv7mNO
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.100.17.183 Chicago, United States, ASN32748 (STEADFAST - Steadfast, US),
Reverse DNS: ip183.208-100-17.static.steadfastdns.net
Software: /
Resource Hash

Request headers

:method: GET
:authority: de.tynt.com
:scheme: https
:path: /deb/v2?m=xch&rt=html&id=bBb-SI6fGr6iocaKkv7mNO
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status: 200
cache-control: max-age=86400
expires: Fri, 05 Jul 2019 16:08:21 GMT
content-type: text/html
content-length: 75
date: Thu, 04 Jul 2019 16:08:21 GMT
p3p: CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA

GET sync
ib.3lift.com/ Frame C327 0
0

GET
H2 200 index.html
cdn.districtm.io/ids/ Frame 9FC2 0
0 197ms
110ms Document
text/html 2606:4700::6812:1aef
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.districtm.io/ids/index.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1aef , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status: 200
date: Thu, 04 Jul 2019 16:08:18 GMT
content-type: text/html
set-cookie: __cfduid=d3ccd54f984f531853670f636b3c07a531562256498; expires=Fri, 03-Jul-20 16:08:18 GMT; path=/; domain=.districtm.io; HttpOnly
last-modified: Thu, 10 Jan 2019 16:50:48 GMT
cache-control: s-maxage=1209600, max-age=14400
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 4f125b6bf9d9d72d-FRA
content-encoding: br

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 5C1F 0
0 1078ms
24ms Document
text/html 2.18.232.130
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.130 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-130.deploy.static.akamaitechnologies.com
Software: nginx/1.9.13 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: W/"573e714d-3e3"
Server: nginx/1.9.13
Content-Type: text/html
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 506
Cache-Control: max-age=31536000
Expires: Fri, 03 Jul 2020 16:08:19 GMT
Date: Thu, 04 Jul 2019 16:08:19 GMT
Connection: keep-alive

GET
H2

200

pd
u.openx.net/w/1.0/ Frame B897
Redirect Chain

https://u.openx.net/w/1.0/pd
https://u.openx.net/w/1.0/pd?cc=1

0
0

24ms
24ms

Document
text/html

173.241.240.143
OPENX TECHNOLOGIES

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd?cc=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.241.240.143 Amsterdam, Netherlands, ASN36089 (OPENX-AS1 - OPENX TECHNOLOGIES, INC., US),
Reverse DNS: ox-173-241-240-143.xa.dc.openx.org
Software: OXGW/16.146.0 /
Resource Hash

Request headers

:method: GET
:authority: u.openx.net
:scheme: https
:path: /w/1.0/pd?cc=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding: gzip, deflate, br
cookie: i=8d8f1698-fac4-43c3-b12a-2a98bbb91fde|1562256499
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status: 200
vary: Accept
set-cookie: i=8d8f1698-fac4-43c3-b12a-2a98bbb91fde|1562256499; Version=1; Expires=Fri, 03-Jul-2020 16:08:19 GMT; Max-Age=31536000; Domain=.openx.net; Path=/ pd=v2|1562256499|mOgikimWiygu; Version=1; Expires=Fri, 19-Jul-2019 16:08:19 GMT; Max-Age=1296000; Domain=.openx.net; Path=/
server: OXGW/16.146.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Thu, 04 Jul 2019 16:08:19 GMT
content-type: text/html
content-encoding: gzip

Redirect headers

status: 302
set-cookie: i=8d8f1698-fac4-43c3-b12a-2a98bbb91fde|1562256499; Version=1; Expires=Fri, 03-Jul-2020 16:08:19 GMT; Max-Age=31536000; Domain=.openx.net; Path=/
server: OXGW/16.146.0
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://u.openx.net/w/1.0/pd?cc=1
date: Thu, 04 Jul 2019 16:08:19 GMT
content-length: 0

GET
H2 200 connectmyusers.php
cdn.connectad.io/ Frame F462 0
0 14ms
13ms Document
text/html 2606:4700:10::6814:8528
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.connectad.io/connectmyusers.php
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:8528 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: cdn.connectad.io
:scheme: https
:path: /connectmyusers.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding: gzip, deflate, br
cookie: __cfduid=d915014d7d78a15d48605b436a1a66c7c1562256498
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status: 200
date: Thu, 04 Jul 2019 16:08:18 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: HIT
age: 6340
expires: Fri, 05 Jul 2019 00:08:18 GMT
cache-control: public, max-age=28800
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 4f125b6b8955c2ef-FRA
content-encoding: gzip

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 9D8E 0
0 1095ms
24ms Document
text/html 2.18.232.130
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.130 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-130.deploy.static.akamaitechnologies.com
Software: nginx/1.9.13 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: W/"573e714d-3e3"
Server: nginx/1.9.13
Content-Type: text/html
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 506
Cache-Control: max-age=31536000
Expires: Fri, 03 Jul 2020 16:08:19 GMT
Date: Thu, 04 Jul 2019 16:08:19 GMT
Connection: keep-alive

GET
H2 200 v2
de.tynt.com/deb/ Frame B6FC 0
0 3459ms
223ms Document
text/html 208.100.17.183
Steadfast

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/v2?m=xch&rt=html&id=bzPstcZxSr6lrlaKkv7mNO
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.100.17.183 Chicago, United States, ASN32748 (STEADFAST - Steadfast, US),
Reverse DNS: ip183.208-100-17.static.steadfastdns.net
Software: /
Resource Hash

Request headers

:method: GET
:authority: de.tynt.com
:scheme: https
:path: /deb/v2?m=xch&rt=html&id=bzPstcZxSr6lrlaKkv7mNO
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status: 200
cache-control: max-age=86400
expires: Fri, 05 Jul 2019 16:08:21 GMT
content-type: text/html
content-length: 75
date: Thu, 04 Jul 2019 16:08:21 GMT
p3p: CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA

GET
H2 200 v2
de.tynt.com/deb/ Frame 151C 0
0 3456ms
222ms Document
text/html 208.100.17.183
Steadfast

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/v2?m=xch&rt=html&id=dxLHU2ZxSr6lrlaKkv7mNO
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.100.17.183 Chicago, United States, ASN32748 (STEADFAST - Steadfast, US),
Reverse DNS: ip183.208-100-17.static.steadfastdns.net
Software: /
Resource Hash

Request headers

:method: GET
:authority: de.tynt.com
:scheme: https
:path: /deb/v2?m=xch&rt=html&id=dxLHU2ZxSr6lrlaKkv7mNO
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status: 200
cache-control: max-age=86400
expires: Fri, 05 Jul 2019 16:08:21 GMT
content-type: text/html
content-length: 75
date: Thu, 04 Jul 2019 16:08:21 GMT
p3p: CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA

GET check.html
biddr.brealtime.com/ Frame 6C6A 0
0

GET
H/1.1 200 Cookie set sync_iframe
sync.bfmio.com/ Frame DE2D 0
0 725ms
100ms Document
text/html 34.229.36.213
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.bfmio.com/sync_iframe?ifg=1&id=92fd6b68-fe21-44c5-bce8-6f519808339c&gdpr=0&gc=&gce=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.229.36.213 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-229-36-213.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Host: sync.bfmio.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

Access-Control-Allow-Origin: *
Content-Type: text/html
Date: Thu, 04 Jul 2019 16:08:18 GMT
Set-Cookie: __io_cid=82b794ff7e4b28d86dbc79818e4d354037f7df78; Domain=.bfmio.com; Expires=Fri, 03-Jul-2020 16:08:19 GMT; Path=/
Content-Length: 217
Connection: keep-alive

GET usync.html
eus.rubiconproject.com/ Frame 1CD8 0
0

GET
H2 200 index.html
cdn.districtm.io/ids/ Frame DFCA 0
0 169ms
103ms Document
text/html 2606:4700::6812:1aef
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.districtm.io/ids/index.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1aef , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status: 200
date: Thu, 04 Jul 2019 16:08:18 GMT
content-type: text/html
set-cookie: __cfduid=d3ccd54f984f531853670f636b3c07a531562256498; expires=Fri, 03-Jul-20 16:08:18 GMT; path=/; domain=.districtm.io; HttpOnly
last-modified: Thu, 10 Jan 2019 16:50:48 GMT
cache-control: s-maxage=1209600, max-age=14400
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 4f125b6bf9ddd72d-FRA
content-encoding: br

GET
H2 200 v2
de.tynt.com/deb/ Frame B6D3 0
0 3383ms
220ms Document
text/html 208.100.17.183
Steadfast

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/v2?m=xch&rt=html&id=ddRMkSZxSr6lrlaKkv7mNO
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.100.17.183 Chicago, United States, ASN32748 (STEADFAST - Steadfast, US),
Reverse DNS: ip183.208-100-17.static.steadfastdns.net
Software: /
Resource Hash

Request headers

:method: GET
:authority: de.tynt.com
:scheme: https
:path: /deb/v2?m=xch&rt=html&id=ddRMkSZxSr6lrlaKkv7mNO
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status: 200
cache-control: max-age=86400
expires: Fri, 05 Jul 2019 16:08:21 GMT
content-type: text/html
content-length: 75
date: Thu, 04 Jul 2019 16:08:21 GMT
p3p: CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA

GET /
edba.brealtime.com/ 0
0

GET
H/1.1 200
OK g Show response
rtb.connatix.com/ 95 B
290 B 142ms
142ms Script
text/plain 3.214.45.211
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.connatix.com/g?c_pw=834&c_ph=470&c_tk=C018218D-4AD0-4E01-8158-045425E65946&c_bu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&c_ivt=0&connatix_sess=_R0QpgLOMiWrVBKI3rOZCq6NwtOQeRupqIGXm90wxMOP__4g_iM326pQ9AASfTGrnssPPktHS_v4nXyb9GTu9wAO8Mo6yeTCs8HilTnORHIYGD9JRxdmfk2nQpgBAkI8qA1ENyJWm_VdeUUdGWOZv90pjUPpGJdLeUf2J4v1YRD1zvTMPdRaf6KhzQ13ZIOM&notServed=false&xplr=false&c_s=false&c_pl=46wra552KZOJ2yS3xuNxdgupZ7kVkubw7Z7sjbfT46kTvfSv3ZAl9KORWyYuJT-USiIsCvhFBc3iEfePEMIiccjh9Zb8VRD2HZ_Ik0HaS8rGuyGv4tyl-RFCOSqBWdM405er6zKJ1gSCgTGm1i0LwT6huCDjcLI5-VM4am5F5Qm7-3rHeLcbPtmZa_-Krq1ieyP3SR9TPTo8AIUq6fqbGy_TKhWpVvAUi7T9KljN5LgBaol6zxSjQoy2jc5ZzQbV542gaXmKzvQSnNefby7fig&gdpr=1&med_id=639404&request_guid=e787bb50c9c7319b6ef21562256508134&req_no=3&v=1&c_f=[{id:12556,r:2,i:0,sr:2}]&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spa&c_v=1586_0_0_0_0&spp=1&callback=cnxJSONP_b27fbdda5064d1f294271562256508134
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1586/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.214.45.211 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-214-45-211.compute-1.amazonaws.com
Software: nginx/1.12.2 /
Resource Hash: 9f079a68989cd860bb83c41320b06440038389edafca03b592685f9952c5eafe

Request headers

Referer: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 04 Jul 2019 16:08:28 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
Connection: keep-alive
Content-Length: 111

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js

Domain: connatix-d.openx.net
URL: https://connatix-d.openx.net/v/1.0/av?auid=540193965&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&cb=7723f9ccd32e9a80e66b1562256483057&vwd=834&vht=469&gdpr=1&gdpr_consent=0

Domain: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=410295

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/safeframe/1-0-35/html/container.html

Domain: hbx.media.net
URL: https://hbx.media.net/bxl.js?cid=8CUFH1GPH&dn=www.bleepingcomputer.com&version=&https=1

Domain: connatix-d.openx.net
URL: https://connatix-d.openx.net/v/1.0/av?auid=540193965&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&cb=956d28a9d9ec338d30e01562256485125&vwd=834&vht=470&gdpr=1&gdpr_consent=0

Domain: i.connectad.io
URL: https://i.connectad.io/api/v2

Domain: tlx.3lift.com
URL: https://tlx.3lift.com/header/auction?lib=prebid&v=1.32.0&referrer=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&tmax=1200

Domain: g2.gumgum.com
URL: https://g2.gumgum.com/hbid/imp?si=14287&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&

Domain: g2.gumgum.com
URL: https://g2.gumgum.com/hbid/imp?si=14288&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&

Domain: g2.gumgum.com
URL: https://g2.gumgum.com/hbid/imp?si=14287&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&

Domain: g2.gumgum.com
URL: https://g2.gumgum.com/hbid/imp?si=14288&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&

Domain: g2.gumgum.com
URL: https://g2.gumgum.com/hbid/imp?t=zztu1szx&pi=2&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&

Domain: g2.gumgum.com
URL: https://g2.gumgum.com/hbid/imp?si=14290&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&

Domain: g2.gumgum.com
URL: https://g2.gumgum.com/hbid/imp?t=zztu1szx&pi=2&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&

Domain: g2.gumgum.com
URL: https://g2.gumgum.com/hbid/imp?si=14290&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&

Domain: g2.gumgum.com
URL: https://g2.gumgum.com/hbid/imp?si=14287&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&

Domain: g2.gumgum.com
URL: https://g2.gumgum.com/hbid/imp?t=zztu1szx&pi=2&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&

Domain: g2.gumgum.com
URL: https://g2.gumgum.com/hbid/imp?si=14290&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&

Domain: g2.gumgum.com
URL: https://g2.gumgum.com/hbid/imp?si=14287&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&

Domain: g2.gumgum.com
URL: https://g2.gumgum.com/hbid/imp?si=14288&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&

Domain: freestar-d.openx.net
URL: https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&jr=&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-120&tws=1600x1200&be=1&bc=hb_pb_2.1.5&dddid=3df9735c-dcc6-472a-b650-5c91d7ad5b3d%2C66921a04-acfd-460b-aac3-d6b3d6ec4838%2C0ed3c932-842f-4d2e-ba3a-d1f5a7391d27%2Cc8f14ed8-4a3b-4602-83c1-33d35adf8c98%2Cf4e376e5-f322-45dc-879c-4915910d4382%2C9c511830-701c-48b9-80e4-666cbfa0585a%2Ca98dbb1f-d64a-4859-9fc3-9ddee88fff8d&nocache=1562256491249&x_gdpr_f=1&pubcid=4e859f71-996f-4b28-ba6d-fdf2e3c60a01&aus=728x90%2C970x90%2C970x250%7C728x90%2C970x90%2C970x250%7C300x250%2C300x600%7C300x250%2C300x600%7C728x90%7C300x250%2C300x600%7C728x90%2C970x90&divIds=bleepingcomputer_728x90_970x90_970x250_320x50_ATF%2Cbleepingcomputer_728x90_970x90_970x250_320x50_BTF%2Cbleepingcomputer_300x250_300x600_160x600_Right_1%2Cbleepingcomputer_300x250_300x600_160x600_Right_2%2Cbleepingcomputer_728x90_320x50_InContent_1%2Cbleepingcomputer_300x250_300x600_160x600_Right_3%2Cbleepingcomputer_970x90_728x90_320x50_sticky&auid=539181725%2C539181725%2C539181725%2C539181725%2C539181725%2C539181725%2C539181725&

Domain: fastlane.rubiconproject.com
URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&p_pos=unknown&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&tk_flint=pbjs_lite_v1.32.0&x_source.tid=3df9735c-dcc6-472a-b650-5c91d7ad5b3d&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.7089086093597643

Domain: fastlane.rubiconproject.com
URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&p_pos=unknown&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&tk_flint=pbjs_lite_v1.32.0&x_source.tid=66921a04-acfd-460b-aac3-d6b3d6ec4838&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.8814618795199536

Domain: fastlane.rubiconproject.com
URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&p_pos=unknown&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&tk_flint=pbjs_lite_v1.32.0&x_source.tid=0ed3c932-842f-4d2e-ba3a-d1f5a7391d27&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.981551252121218

Domain: fastlane.rubiconproject.com
URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&p_pos=unknown&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&tk_flint=pbjs_lite_v1.32.0&x_source.tid=c8f14ed8-4a3b-4602-83c1-33d35adf8c98&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.4252986265380416

Domain: fastlane.rubiconproject.com
URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&p_pos=unknown&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&tk_flint=pbjs_lite_v1.32.0&x_source.tid=f4e376e5-f322-45dc-879c-4915910d4382&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.7497101017723093

Domain: fastlane.rubiconproject.com
URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&p_pos=unknown&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&tk_flint=pbjs_lite_v1.32.0&x_source.tid=9c511830-701c-48b9-80e4-666cbfa0585a&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.6468110636785693

Domain: fastlane.rubiconproject.com
URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55&p_pos=unknown&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&tk_flint=pbjs_lite_v1.32.0&x_source.tid=a98dbb1f-d64a-4859-9fc3-9ddee88fff8d&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.7162414403355579

Domain: display.bfmio.com
URL: https://display.bfmio.com/prebid_display

Domain: ssp.pub.network
URL: https://ssp.pub.network/ssp-server/HeaderBiddingService

Domain: ssc.33across.com
URL: https://ssc.33across.com/api/v1/hb

Domain: ssc.33across.com
URL: https://ssc.33across.com/api/v1/hb

Domain: ssc.33across.com
URL: https://ssc.33across.com/api/v1/hb

Domain: ssc.33across.com
URL: https://ssc.33across.com/api/v1/hb

Domain: ssc.33across.com
URL: https://ssc.33across.com/api/v1/hb

Domain: ssc.33across.com
URL: https://ssc.33across.com/api/v1/hb

Domain: ssc.33across.com
URL: https://ssc.33across.com/api/v1/hb

Domain: ssc.33across.com
URL: https://ssc.33across.com/api/v1/hb

Domain: ssc.33across.com
URL: https://ssc.33across.com/api/v1/hb

Domain: ssc.33across.com
URL: https://ssc.33across.com/api/v1/hb

Domain: ssc.33across.com
URL: https://ssc.33across.com/api/v1/hb

Domain: ssc.33across.com
URL: https://ssc.33across.com/api/v1/hb

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=107a0c793856cc08&placement_key=GrVComq83JzCSLK1pi9waoyR&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=108d93c0d1f94de1&placement_key=wDH8n844o8J5LF7qDwHQ7sj5&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=1090982f8e0f2b56&placement_key=L7rKdgz52e7UZ4fMkwkYmaxf&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=1101bf95f968f846&placement_key=GrVComq83JzCSLK1pi9waoyR&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=1112598ce6fc6c04&placement_key=wDH8n844o8J5LF7qDwHQ7sj5&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=112aec185214017c&placement_key=L7rKdgz52e7UZ4fMkwkYmaxf&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=1136a32e7c2d7d21&placement_key=DSthphoQqH66AkQXPDoXn74b&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=1149e935eb4c0bc6&placement_key=Y2PwNBba8FyKXESSc72DFF25&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=1152a9d1fbc79b97&placement_key=Kwm6ycRx3Uk3CYRoM3xEqtjr&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=1162b807b3f1cc07&placement_key=DSthphoQqH66AkQXPDoXn74b&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=1171409d62a29645&placement_key=Y2PwNBba8FyKXESSc72DFF25&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=118a103af3d143bd&placement_key=Kwm6ycRx3Uk3CYRoM3xEqtjr&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=1193412170230697&placement_key=GrVComq83JzCSLK1pi9waoyR&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=1204bbc37bd5b8a&placement_key=Ggh1aXSgpQAvBpkxoyAsBJPd&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=12137bb76902ad3d&placement_key=DSthphoQqH66AkQXPDoXn74b&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=1229606b5d40395e&placement_key=Y2PwNBba8FyKXESSc72DFF25&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/header-bid/v1?bidId=12341aa89c02e34f&placement_key=Kwm6ycRx3Uk3CYRoM3xEqtjr&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&

Domain: hb.emxdgt.com
URL: https://hb.emxdgt.com/?t=1200&ts=1562256491262

Domain: dmx.districtm.io
URL: https://dmx.districtm.io/b/v1

Domain: dmx.districtm.io
URL: https://dmx.districtm.io/b/v1

Domain: g2.gumgum.com
URL: https://g2.gumgum.com/hbid/imp?si=14287&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&

Domain: g2.gumgum.com
URL: https://g2.gumgum.com/hbid/imp?si=14288&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&

Domain: freestar-d.openx.net
URL: https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&jr=&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-120&tws=1600x1200&be=1&bc=hb_pb_2.1.5&dddid=b0498794-efaa-44a8-ad0a-562ca4b3092f&nocache=1562256492498&x_gdpr_f=1&pubcid=da345436-e520-41d2-b27f-0663126e3680&aus=728x90%2C970x90&divIds=bleepingcomputer_970x90_728x90_320x50_sticky&auid=539181725&

Domain: display.bfmio.com
URL: https://display.bfmio.com/prebid_display

Domain: fastlane.rubiconproject.com
URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55&p_pos=unknown&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&tk_flint=pbjs_lite_v1.32.0&x_source.tid=b0498794-efaa-44a8-ad0a-562ca4b3092f&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.40012300807599877

Domain: ssp.pub.network
URL: https://ssp.pub.network/ssp-server/HeaderBiddingService

Domain: ssc.33across.com
URL: https://ssc.33across.com/api/v1/hb

Domain: ssc.33across.com
URL: https://ssc.33across.com/api/v1/hb

Domain: ib.3lift.com
URL: https://ib.3lift.com/sync?

Domain: biddr.brealtime.com
URL: https://biddr.brealtime.com/check.html

Domain: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html

Domain: edba.brealtime.com
URL: https://edba.brealtime.com/

Verdicts & Comments Add Verdict or Comment

151 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

13 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://quantcast.mgr.consensu.org/cmp.js(Line 1) Message: Dependency check failed for Publisher Purpose Legitimate Interest IDs: Publisher Purpose Legitimate Interest IDs must be an array containing only purpose IDs contained in the Publisher Purpose IDs array, the following purpose IDs will be ignored: 1, 4, 5
console-api	warning	URL: https://static.quantcast.mgr.consensu.org/v21/cmpui-popup.js(Line 1) Message: Unable to get NonIab Vendor list.
console-api	log	URL: https://freestar-io.videoplayerhub.com/gallery.js(Line 5) Message: Video gallery initializing
console-api	info	URL: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js(Line 579) Message: Powered by AMP ⚡ HTML – Version 1906111828200
console-api	error	URL: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js(Line 161) Message: localStorage not supported.
console-api	info	URL: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js(Line 579) Message: Powered by AMP ⚡ HTML – Version 1906111828200
console-api	error	URL: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js(Line 161) Message: localStorage not supported.
console-api	info	URL: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js(Line 579) Message: Powered by AMP ⚡ HTML – Version 1906111828200
console-api	error	URL: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js(Line 161) Message: localStorage not supported.
console-api	info	URL: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js(Line 579) Message: Powered by AMP ⚡ HTML – Version 1906111828200
console-api	error	URL: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js(Line 161) Message: localStorage not supported.
console-api	warning	URL: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js(Line 17) Message: Response unparseable or failed to send image request
console-api	warning	URL: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js(Line 17) Message: Response unparseable or failed to send image request

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.pub.network
acdn.adnxs.com
ad-delivery.net
ad.doubleclick.net
adservice.google.com
adservice.google.de
amp-error-reporting.appspot.com
api.quantcast.mgr.consensu.org
audit.quantcast.mgr.consensu.org
biddr.brealtime.com
btlr.sharethrough.com
c.pub.network
cdn.ampproject.org
cdn.connatix.com
cdn.connectad.io
cdn.districtm.io
cdns.connatix.com
ck.connatix.com
cluster-na.cdnjquery.com
connatix-d.openx.net
connect.facebook.net
core.connatix.com
cse.google.com
d.pub.network
de.tynt.com
display.bfmio.com
dmx.districtm.io
edba.brealtime.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
freestar-d.openx.net
freestar-io.videoplayerhub.com
g2.gumgum.com
googleads.g.doubleclick.net
hb.emxdgt.com
hbx.media.net
i.connatix.com
i.connectad.io
ib.3lift.com
ib.adnxs.com
jadserve.postrelease.com
pagead2.googlesyndication.com
privacy-api-gateway.quantcast.com
quantcast.mgr.consensu.org
rtb.connatix.com
rules.quantcount.com
s.adtelligent.com
s.ntv.io
s9.addthis.com
sb.scorecardresearch.com
secure.quantserve.com
securepubads.g.doubleclick.net
ssc.33across.com
ssp.pub.network
static.quantcast.mgr.consensu.org
sync.bfmio.com
tlx.3lift.com
tpc.googlesyndication.com
trk.connatix.com
u.openx.net
web.hb.ad.cpe.dotomi.com
www.bleepingcomputer.com
www.bleepstatic.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
biddr.brealtime.com
btlr.sharethrough.com
connatix-d.openx.net
display.bfmio.com
dmx.districtm.io
edba.brealtime.com
eus.rubiconproject.com
fastlane.rubiconproject.com
freestar-d.openx.net
g2.gumgum.com
hb.emxdgt.com
hbx.media.net
i.connectad.io
ib.3lift.com
s.adtelligent.com
s9.addthis.com
ssc.33across.com
ssp.pub.network
tlx.3lift.com
tpc.googlesyndication.com
104.20.59.209
104.24.1.61
172.217.21.194
173.241.240.143
18.207.76.63
185.33.223.100
2.18.232.130
2.19.43.224
208.100.17.183
216.58.207.70
216.58.210.2
23.210.250.13
23.22.162.56
2600:9000:200c:3c00:9:46dc:4700:93a1
2600:9000:2047:7c00:6:44e3:f8c0:93a1
2600:9000:2047:fc00:9:46dc:4700:93a1
2606:4700:10::6814:8528
2606:4700:20::6819:bf72
2606:4700::6812:1aef
2a00:1450:4001:809::200e
2a00:1450:4001:80b::2002
2a00:1450:4001:815::200a
2a00:1450:4001:819::2001
2a00:1450:4001:819::2004
2a00:1450:4001:81a::2002
2a00:1450:4001:81b::2003
2a00:1450:4001:81b::200e
2a00:1450:4001:81d::2014
2a00:1450:4001:820::2001
2a00:1450:4001:824::2008
2a02:fa8:8806:13::1460
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:1b::645
2a04:4e42:3::645
3.214.45.211
3.92.90.105
34.229.36.213
35.188.71.214
35.226.36.58
52.222.157.150
52.222.157.166
52.222.157.56
52.222.157.91
54.192.94.221
54.215.180.144
91.228.74.238
02e67dafdee2710fc791b44c8319ae2471ebd3291d9ae167eddcacc47349fc1f
0403883673c91b0c6dc85b135e6f222f76d1150a76b701a694389fe7151c97d3
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
0f427d0f88a0698c955ff63bf13af4ca80c9b32f218b5e210847450da901a74f
1035691a1c992c11c8b61e5c29b62d3a190131160b4bcb3f484c11bc33907d8c
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
13fb0f2063e0add7533ab42e3da469b39750272c7e7d5f0c9036e962477e9e40
159a88cc4aeecc7348e417b827b8c95e04d3073bb4b708bd65948892b5c05ab0
15b71fd1d87bc6d1e6ac7a19bd6e6da0fb324a76864fb566ba2bf528e94941cd
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1
19db4a2cde712e2ceaac317e732b4ec40b62818a938a8bf8391ad68470845019
1ac1a6cf332c82c845d01d21e9a5f5b948d5ffc940879424718fe1a31111c4a8
22e977346d45bab9f531ce1132d7ecfbe8e46868eaea790a0d4dcd1d0649d74b
2450e4fd2687e1fe032d4931d6b21a25ef94c80b5bf6baa2ca6e903c861e72da
24bc4ac03a5f89c3d38f9e173dc4a03fef2adb635d628f0341198b8d00548c5a
2544182fb9a0a2f65dac966c91bcbcb8239798c4c5d8278f0fd6d9f4056d301e
2591b3993b905671973bfaa4a92ba2502ba49ff7da880f996ab7c707d4c4281d
2a6bfabe65ca353e4359be32e10d40b8b514590b536dd93499bc1067e4bf6329
2aadba5dea3cad3a2f2e2a79d88f06a4f3edb86f006f4b19c74d9e1024210bb6
2bba8b27dfb6064a073f6fba80af3652569b766a8b5a0b44477ec6eea076ecbf
2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb
31cd7d9398307ca2e6cfaa111bbe7b69d69cbaaed2ff74034412ebc5008671fd
33eb81af8a0101c1ad2a210f322fb362ce1598e6e37f0a7ecc62d6ff39add590
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
371e60eaea3df0bf53403a81ca0d49fad4e0c08dca679cf6a85300da15bf3208
3b6a84a416edfb98ed7608dad8cd26ffd7123e54bce2bb13a4a3394e0b948382
3beb704139b26d9913cb60e2687d7f18696ad15064bd7b0164c63268b1aa927b
3cb52f528fbf03a9bb562ef0c01fd748b405de3f512835b4963075749061b6f7
3f479d74e8907a3aeaeae2931a63c6362b0134448a44b50e9913ce22440fa607
404a9b0ffbcc813e8ddbb8d8510a24a69c09079282f8083ee94f4adc5d627176
46f054a5c98b253c46ff84547ce118625668349700a0730724df4bb25bcf5f78
484df960f879a28860a2cb182c0e717fda77babf0d4378343ba63723cc948649
4a6ac1e8519aa132772c1f732514d4a2cbcd2143a90710b7656bc23024b4c85c
4b00af59cbfbfb464ee6a1cb37e4c5c91e73e749ad910011bd89638f2334e194
4bb3aaeb6bd2ba6d6c88f1497a5b86b2dba5ed0a39dcdbe82ee94dd06990e146
4df1684a0f8233367358322cb3c927b93137df2eee5aba598667cd0975b2291d
4eeb4df3522892ea2ec61de6a58e870e8262019f8e3c759c099450cefb589313
511834888e15b8279f18ccba6e879b554bff8c6c3fbd1067850c661d2707fa44
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
59bd02350871b22df229e164c348ca96bd780f3af752920d54c12af1e90753d7
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5a4061ff8312e2ad494bd984b7df966438232be64a3b284ab69f66c6705009a6
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5de79bd33c164a62fe3389aeef0af2f54b82e7f8ba5fd7d0721f8080823babcb
5dfcc2746e6dbf11b0ac1dc8823688f2cdff5b6d4afbe00e256384bfdff399c3
617229202229089622770a111fef4f514877475b89056525185a70e0cbc5bc95
617c4b646dbae0aed90fabe2e8a98b09b57cd32ba518dfcb276dbd12fa86d9dc
61cb7a1fefe87904c7b02aa16c88d4b42805526d63f9d20f2f797380713e4577
62cf9551be94b96eec2590b6a832fdf0de816e7d9dcb2a2b4b9b72600417ecfb
63540aac55b3e3ecc7561344b838c133d62ea472eb05b0b95e94ff51a22b4ffc
642c8587ff06ea6a9e3721711e6614013a1bc8de1b3bd4858b0d1354c94ff90c
657f79c4d5a6ea502202651151811d195b49cf9cf22fd7f8edaeefe2f8cc8fc4
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
6cdf7da1776d10b40ed376754ae484da1c1aee3ce7c586c86131e8f3db1376c7
6e86593083facba2710a2312f26bd7b436d7ef299f99cbc2ccc1b32693ec3144
7719ab93490cd380fd487becadb93b76f9acbd0ecfcce4a9eb04551bfdf913c8
79e294aba6a7aa07f610a38ef47a181e257396557ad5b6e23c50c0b84a5f70bc
7c10ea3dddd1f12b4086c60b9512bf7f6a71b4a5164dc484df9d70ad77d3f613
7c10ffebccfabdd702d6b76848d941d711f0bd3b48b621f780f33ee9968754d1
7c42933014424dabb2256a0732a9f792559d26ba09a84308c278f52834522f9a
7d6d26827b887aa09b2a5eb7c001e35b93773e53c36ddbfc127ad824e0a6ba39
7e7c74d95df84ef3a6be5c4fcde54fae313a04a9bd611059e6a97a23ff09f26f
7e94fbebf526effec4239c82e5435a412d81ffc4bc9bddf13f9aa1170f6d803e
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
807d8248fa4c9265b16839ed20abbb265188430ede192fb080299b0230c008fe
81825367feca0c5a8a82d656d4005c35f6810b2ba79b5f762dc6d8d52a5aee65
827252be04765631f8ff21fee8ffe1028e27dfa52f62c08ef3182609a0a0e991
82c7fdbc4d001907e1e5d56cd335af3f0d48e0ffa7f0ad2aa3486ebb1123cb21
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8448ebbb3124836d80b57b3420c0cbb237fd817b8004fb19895e4f0704987c15
8676b3b80defc341e5127a20ae48918c79b8359fe0e420617fd71c696dc4f12d
8733e2183f16906b2fa2e58fdab82cf336f249ab71ac1b184470da2dd3c6e29f
87562d3773ffab3d0716a70faa73c38b322fde3b8f265c3d646a3cea976ef67e
8a56e644a617b2d1e4e7d808dfc334a7ea8622979f22999dc9eccd21c61958b3
8d9c3e3cfba892b2954a9c28ec67162355632750aa8b45d55323b04bc29ae61b
8e954013ce3d11bb4a2d90be6031b5b5791042d9c2342b5217919400f97d1d67
8eb95bcbc154530931e15fc418c8b1fe991095671409552099ea1aa596999ede
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
92963f695e7f7c94492bef74d7a5bc3bafb6c5e615cb6fca0907aa7ee4c11ae8
96128cdcbbf482e82bc1fb11a020de837ba5c061decb00e31705375fc325dee3
997f05063c2d0432532617092401abf909c6bfec2f334a0866ea69f62dc7dee4
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
9dddc21cf89952794214b58f9ec5cc841ec6525bc7f8facf5515e851898d7930
9f079a68989cd860bb83c41320b06440038389edafca03b592685f9952c5eafe
a4883cce814b6793c5bd6dd3639d6048ecab39a93a90b560d39a9fd0aff6e263
a6d4ea4e2f95dcd77bc3acb8408f8ed9c2d9453aeafef8af9387b04e6c9a8ff9
a7b5f5f96f81dea4efc53e1d4dae8b37c28bec27a45b42ccf604ee759e20caec
a93d3ad73d2765c2bd1ab5347bd34a79c0e010df089d0db7bd56d6ae12d823c8
aa31bb772fdd92bb221e655d1e2a35355f81dd46596ec916c93b2363d6cec339
aecba7ee3870c0d979df93f73bd566149bef7cc74cd1f3894751cef44a217340
aed1d3e0e8565661020d1758525a829918ad55926910373ed5ad39c3e9b25ca3
af67e0e08b5bb03ee78a9ff33abfac609e968a9856b2ffeeae3d636221b6387a
b34676178982122b66b0a55d3ee411fa343b1d19a6c119c0c9b0ea2c892738a1
b3498f138f5418bd58413e79e4c0969e618d6f2fee2d9d98c0f4e70a6cbd04ad
b48a23e0a21cd52b881ce9db2678b6fef30f6d113f7dac0702accd0b54535cab
b4de71dcae841e19d2edc5914bc3a452e66c0c9ca803e662b3ca5d18d49d9c54
b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290
b72f6419c4486301a876a6cd4ad048c88c327e50b4b070eea8b785441a0ce2ee
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bfc8e65089dc5421d56ecc71a0328eafd4feb2a602503ae5c15bfa3189c02f7e
c3034d0370c5faa09e7a8d7b0c48925afa0371cf17e4827dde23059f56019dae
c88a51a3781fe16f1c3f42af4b05698667c0c843dd20822951192d224d6a691c
c9e727b37a735a7983ea8bdad06a38b246261c239bb80b86cc0ff3663c910adb
cd1c301a8e7960a1786e2a959226b0b78b56dbea284bd114265f1662d6ca280e
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0fd74148f4cbe78bd0e6328dc5ce5955f0a0ecdb1eb2919da4a7e596ac65912
d2046a09db7667733b48b3ffc77f65b5b7cf9def2359078117770c9ced03ee15
d6d408ceb31cfae3d3d87971b82e522a331aa2eb042a793223b7ec19e419c564
d763d322ed475baf9cc5d20ba7afc366affb34d3d059e4dd1c1825d5598c05cb
db602e6da4aa64c6a1526838e73da1ed4e3ddac389322946bc961b849674cfec
dfbcd1d3294ae6081667312698549af43eb228cfc9420f8a0cace7fde85024c7
e07b2c10204d548f9f08029da2c672bbe9b92ad7ec0a4a664cd5d9410ff2d32f
e0f09beb5ea460cffea7b53b219f1e88baf6a0c9c2d125294652998209addc15
e1b6e0c08fd7396b3e41066605eb8525aa766d9723f9d7befafff9230dce1138
e1ed25f4abd181e54349b19a94bd563692385ef339df2540abbee5638ccb3765
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5e0f326458e8b8ed839d42a0cf6892df80bf26d7dc7e4f8276a65c41582ab85
e61e93c05b6569d5ee4449d783ab0403b51e8e3b65e07e5d17dec2eccf3133a2
e962fbdcbe0d66991b76f745535acba510e20197df301f5658bcb5774cbe44fb
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f875dc31a85fb81f7d8c2253bf0ca0317218cd1ad34c93be974dcc355b987e43
f9278e008fc4edcd157a9a7b3f5dfbd75c167f405d11296e19c313dc5d052cc2
f9a20eea35d6b06258e603fb2d5d3258f81a91269676d134d122784035b201e6

www.bleepingcomputer.com Open in urlscan Pro 104.20.59.209 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

269 Requests

72 %HTTPS

47 %IPv6

44 Domains

70 Subdomains

48 IPs

7 Countries

2598 kBTransfer

6956 kBSize

0 Cookies

31 Outgoing links

Redirected requests

269 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 10 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.bleepingcomputer.com Open in urlscan Pro
104.20.59.209 Public Scan

Screenshot
Live screenshot

Full Image

269
Requests

72 %
HTTPS

47 %
IPv6

44
Domains

70
Subdomains

48
IPs

7
Countries

2598 kB
Transfer

6956 kB
Size

0
Cookies

269 HTTP transactions
10 data transactions