seguranca-informatica.pt Open in urlscan Pro
2606:4700:3037::681b:bc6c Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://seguranca-informatica.pt/brazilia=
Effective URL:
https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
Submission: On May 15 via api (May 15th 2020, 4:25:37 pm UTC) from US

Summary HTTP 253 Redirects Links 43 Behaviour Indicators

Summary

This website contacted 29 IPs in 5 countries across 28 domains to perform 253 HTTP transactions. The main IP is 2606:4700:3037::681b:bc6c, located in United States and belongs to CLOUDFLARENET, US. The main domain is seguranca-informatica.pt.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on January 31st 2020. Valid for: 8 months.

This is the only time seguranca-informatica.pt was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 100	2606:4700:303... 2606:4700:3037::681b:bc6c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:800::200a	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:819::2002	15169 (GOOGLE) (GOOGLE)
2	140.82.118.4 140.82.118.4	36459 (GITHUB) (GITHUB)
1 2	104.111.228.123 104.111.228.123	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700:20:... 2606:4700:20::681a:4d6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	23.210.248.44 23.210.248.44	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700::68... 2606:4700::6812:e234	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:819::200e	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
7	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
1	185.199.108.154 185.199.108.154	54113 (FASTLY) (FASTLY)
4	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:81a::200e	15169 (GOOGLE) (GOOGLE)
7	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
3	151.101.112.134 151.101.112.134	54113 (FASTLY) (FASTLY)
1	72.247.226.64 72.247.226.64	16625 (AKAMAI-AS) (AKAMAI-AS)
1	192.0.77.48 192.0.77.48	2635 (AUTOMATTIC) (AUTOMATTIC)
4	2606:4700::68... 2606:4700::6812:a913	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	151.101.64.134 151.101.64.134	54113 (FASTLY) (FASTLY)
76	2606:2800:134... 2606:2800:134:fa2:1627:1fe:edb:1665	15133 (EDGECAST) (EDGECAST)
1 2	104.244.42.200 104.244.42.200	13414 (TWITTER) (TWITTER)
2	2a03:2880:f01... 2a03:2880:f01c:800e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
2	199.232.53.140 199.232.53.140	54113 (FASTLY) (FASTLY)
2	151.101.36.84 151.101.36.84	54113 (FASTLY) (FASTLY)
1	151.101.112.64 151.101.112.64	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:81a::2001	15169 (GOOGLE) (GOOGLE)
253	29

100 2606:4700:3037::681b:bc6c (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

seguranca-informatica.pt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
feed.seguranca-informatica.pt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:819::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 140.82.118.4 (United States)

ASN36459 (GITHUB, US)
PTR: lb-140-82-118-4-ams.github.com

gist.github.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.228.123 (Netherlands) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-228-123.deploy.static.akamaitechnologies.com

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:4d6 (United States)

ASN13335 (CLOUDFLARENET, US)

licensebuttons.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 23.210.248.44 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-44.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api-public.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
q.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:e234 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:819::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.199.108.154 (Hoover, United States)

ASN54113 (FASTLY, US)

github.githubassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.112.134 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

seguranca-informatica.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.247.226.64 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a72-247-226-64.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.48 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: s.w.org

s.w.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6812:a913 (United States)

ASN13335 (CLOUDFLARENET, US)

c.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.64.134 (United States)

ASN54113 (FASTLY, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

76 2606:2800:134:fa2:1627:1fe:edb:1665 (United States)

ASN15133 (EDGECAST, US)

cdn.syndication.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
abs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pbs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ton.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.200 (United States) 1 redirects

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:800e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK, US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.232.53.140 (Manchester, United Kingdom)

ASN54113 (FASTLY, US)

www.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.36.84 (Amsterdam, Netherlands)

ASN54113 (FASTLY, US)

widgets.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.112.64 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

links.services.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
100	seguranca-informatica.pt 1 redirects seguranca-informatica.pt feed.seguranca-informatica.pt	7 MB
76	twimg.com cdn.syndication.twimg.com abs.twimg.com pbs.twimg.com ton.twimg.com	782 KB
9	twitter.com 1 redirects platform.twitter.com syndication.twitter.com	110 KB
8	addthis.com s7.addthis.com m.addthis.com api-public.addthis.com q.addthis.com	198 KB
7	doubleclick.net googleads.g.doubleclick.net
7	gstatic.com fonts.gstatic.com	70 KB
7	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	184 KB
6	disqus.com seguranca-informatica.disqus.com disqus.com links.services.disqus.com	32 KB
6	facebook.com www.facebook.com graph.facebook.com	1 KB
4	disquscdn.com c.disquscdn.com	226 KB
4	facebook.net connect.facebook.net	277 KB
2	pinterest.com widgets.pinterest.com	563 B
2	reddit.com www.reddit.com	2 KB
2	google-analytics.com www.google-analytics.com	18 KB
2	github.com gist.github.com	7 KB
1	addthisedge.com v1.addthisedge.com	1 KB
1	w.org s.w.org	567 B
1	moatads.com z.moatads.com	1 KB
1	youtube.com www.youtube.com
1	googletagservices.com www.googletagservices.com	27 KB
1	githubassets.com github.githubassets.com	5 KB
1	google.com adservice.google.com	168 B
1	google.de adservice.google.de	168 B
1	onesignal.com cdn.onesignal.com	3 KB
1	licensebuttons.net licensebuttons.net	2 KB
1	paypalobjects.com www.paypalobjects.com
1	paypal.com 1 redirects www.paypal.com	575 B
1	googleapis.com fonts.googleapis.com	1 KB
253	28

	Domain	Requested by
99	seguranca-informatica.pt	1 redirects seguranca-informatica.pt www.googletagservices.com
55	pbs.twimg.com	seguranca-informatica.pt platform.twitter.com
18	abs.twimg.com	seguranca-informatica.pt platform.twitter.com
7	platform.twitter.com	seguranca-informatica.pt platform.twitter.com
7	googleads.g.doubleclick.net	pagead2.googlesyndication.com
7	fonts.gstatic.com	seguranca-informatica.pt
5	pagead2.googlesyndication.com	seguranca-informatica.pt pagead2.googlesyndication.com
4	c.disquscdn.com	seguranca-informatica.disqus.com
4	www.facebook.com	seguranca-informatica.pt connect.facebook.net
4	connect.facebook.net	seguranca-informatica.pt connect.facebook.net
4	s7.addthis.com	seguranca-informatica.pt s7.addthis.com
3	seguranca-informatica.disqus.com	seguranca-informatica.pt seguranca-informatica.disqus.com
2	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com
2	widgets.pinterest.com	s7.addthis.com
2	www.reddit.com	s7.addthis.com
2	api-public.addthis.com	s7.addthis.com
2	graph.facebook.com	s7.addthis.com
2	ton.twimg.com	platform.twitter.com
2	syndication.twitter.com	1 redirects seguranca-informatica.pt
2	disqus.com	seguranca-informatica.disqus.com
2	www.google-analytics.com	seguranca-informatica.pt
2	gist.github.com	seguranca-informatica.pt
1	links.services.disqus.com	c.disquscdn.com
1	q.addthis.com	s7.addthis.com
1	cdn.syndication.twimg.com	platform.twitter.com
1	m.addthis.com	s7.addthis.com
1	v1.addthisedge.com	s7.addthis.com
1	s.w.org	seguranca-informatica.pt
1	z.moatads.com	s7.addthis.com
1	www.youtube.com	seguranca-informatica.pt
1	www.googletagservices.com	pagead2.googlesyndication.com
1	github.githubassets.com	gist.github.com
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	cdn.onesignal.com	seguranca-informatica.pt
1	licensebuttons.net	seguranca-informatica.pt
1	www.paypalobjects.com	seguranca-informatica.pt
1	www.paypal.com	1 redirects
1	feed.seguranca-informatica.pt	seguranca-informatica.pt
1	fonts.googleapis.com	seguranca-informatica.pt
253	40

This site contains links to these domains. Also see Links.

Domain
www.youtube.com
feed.seguranca-informatica.pt
twitter.com
www.embarcadero.com
malware.pt
gist.github.com
github.com
www.blockchain.com
www.shodan.io
www.virustotal.com
www.hybrid-analysis.com
www.joesandbox.com
analyze.intezer.com
tugatech.com.pt
www.linkedin.com
www.facebook.com
t.me
facebook.com
plus.google.com
youtube.com
www.pinterest.pt
www.trignosfera.pt
creativecommons.org
linkedin.com
www.reddit.com
www.addthis.com
v1.addthis.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2020-01-31` - `2020-10-09`	8 months	crt.sh
upload.video.google.com GTS CA 1O1	`2020-04-28` - `2020-07-21`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-04-15` - `2020-07-08`	3 months	crt.sh
*.github.com DigiCert SHA2 High Assurance Server CA	`2019-07-08` - `2020-07-16`	a year	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2020-01-09` - `2022-01-12`	2 years	crt.sh
odc-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2019-10-10` - `2020-09-04`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-04-15` - `2020-07-08`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-04-15` - `2020-07-14`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-04-15` - `2020-07-08`	3 months	crt.sh
*.google.de GTS CA 1O1	`2020-04-15` - `2020-07-08`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-04-15` - `2020-07-08`	3 months	crt.sh
*.githubassets.com DigiCert SHA2 High Assurance Server CA	`2018-10-29` - `2020-11-02`	2 years	crt.sh
*.twimg.com DigiCert SHA2 High Assurance Server CA	`2019-11-12` - `2020-11-18`	a year	crt.sh
*.disqus.com DigiCert SHA2 Secure Server CA	`2020-04-20` - `2022-05-09`	2 years	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2021-03-17`	a year	crt.sh
*.w.org Sectigo RSA Domain Validation Secure Server CA	`2019-12-19` - `2021-12-18`	2 years	crt.sh
syndication.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
*.reddit.com DigiCert SHA2 Secure Server CA	`2020-04-06` - `2020-10-03`	6 months	crt.sh
*.pinterest.com DigiCert SHA2 High Assurance Server CA	`2019-06-05` - `2020-07-22`	a year	crt.sh
f.ssl.fastly.net GlobalSign Organization Validation CA - SHA256 - G2	`2018-08-30` - `2020-12-02`	2 years	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-04-28` - `2020-07-21`	3 months	crt.sh

This page contains 17 frames:

Primary Page: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
Frame ID: ADDF0C64842A9FD08D075C56BA27D45B
Requests: 166 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20200511/r20190131/zrt_lookup.html
Frame ID: C2BE499BBC98BDD7D8A1AE6C65E4B858
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5067310443593238&output=html&h=185&slotname=8346471494&adk=580740002&adf=2311144427&w=740&fwrn=4&lmt=1589559918&rafmt=11&psa=0&guci=1.2.0.0.2.2.0.0&format=740x185&url=https%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F&flash=0&wgl=1&adsid=NT&dt=1589559918630&bpp=20&bdt=366&idt=171&shv=r20200511&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=1630424912878&frm=20&pv=2&ga_vid=1103881291.1589559919&ga_sid=1589559919&ga_hid=855129066&ga_fc=0&iag=0&icsg=550024249256&dssz=30&mdo=0&mso=0&rplot=4&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=223&ady=1142&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21066085%2C21066124%2C182982100%2C182982300&oid=3&pvsid=593196012584025&pem=87&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8336&bc=31&ifi=1&uci=a!1&fsb=1&xpc=gJ3HfNvSs5&p=https%3A//seguranca-informatica.pt&dtd=188
Frame ID: 99EFCDED9F54B55AA5C164FFC553167C
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/eqyuAj9hvy4
Frame ID: D33D7BC4A89F01CD1E1FCB5A3BB84B24
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5067310443593238&output=html&adk=1812271804&adf=3025194257&lmt=1589559919&plat=1%3A32776%2C2%3A32776%2C8%3A32776%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1589559919162&bpp=1&bdt=898&idt=1&shv=r20200511&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=740x185&nras=1&correlator=1630424912878&frm=20&pv=1&ga_vid=1103881291.1589559919&ga_sid=1589559919&ga_hid=855129066&ga_fc=0&iag=0&icsg=143675245936447&dssz=76&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21066085%2C21066124%2C182982100%2C182982300&oid=3&pvsid=593196012584025&pem=87&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8208&bc=31&ifi=5&uci=a!5&fsb=1&dtd=16
Frame ID: 03FB3E4FA4CCFAE7267477A535CAD268
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.12/plugins/page.php?adapt_container_width=true&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D46%23cb%3Df44a0173b63e08%26domain%3Dseguranca-informatica.pt%26origin%3Dhttps%253A%252F%252Fseguranca-informatica.pt%252Ff34a70f2a100378%26relation%3Dparent.parent&container_width=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fsegurancainformatica&locale=en_US&sdk=joey&show_facepile=true&small_header=false
Frame ID: 25A80E54E525432D32E350D731971E0F
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: E3854CE517BB7F10E90329208ABF38CE
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: AE56A2E89768A05338FC1FD7314E20BC
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5067310443593238&output=html&h=280&adk=1909131177&adf=3723832354&w=340&fwrn=4&fwrnh=100&lmt=1589559919&rafmt=1&to=qs&pwprc=7674192041&psa=1&guci=1.2.0.0.2.2.0.0&format=340x280&url=https%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F%23.Xr7Cb9OxX0M&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1589559919625&bpp=1&bdt=1361&idt=1&shv=r20200511&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=740x185%2C0x0%2C740x280%2C740x280%2C720x280&nras=4&correlator=1630424912878&frm=20&pv=1&ga_vid=1103881291.1589559919&ga_sid=1589559919&ga_hid=855129066&ga_fc=0&iag=0&icsg=143675245936447&dssz=79&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1023&ady=1665&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21066085%2C21066124%2C182982100%2C182982300&oid=3&psts=AGkb-H_UezkdLTl2bB85Md-Y7xTjZYQnn-hbY24h5yurOImBO4mKFASWXW15boTc4R9p%2CAGkb-H_UezkdLTl2bB85Md-Y7xTjZYQnn-hbY24h5yurOImBO4mKFASWXW15boTc4R9p&pvsid=593196012584025&pem=87&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8336&bc=31&ifi=9&uci=a!9&btvi=4&fsb=1&xpc=iigC4eMgFk&p=https%3A//seguranca-informatica.pt&dtd=59
Frame ID: 9CC0FD9EA1ABF6658F47157FD80FE1BB
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2a008290075125adde2d7b849b06a0bb.html?origin=https%3A%2F%2Fseguranca-informatica.pt
Frame ID: 4C4BB18940F6154EC65AC110BCED7354
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5067310443593238&output=html&h=280&adk=1863295039&adf=2818823524&w=740&fwrn=4&fwrnh=100&lmt=1589559919&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7674192041&psa=1&guci=1.2.0.0.2.2.0.0&ad_type=text_image&format=740x280&url=https%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F%23.Xr7Cb9OxX0M&flash=0&fwr=0&pra=3&rh=185&rw=740&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&dt=1589559919625&bpp=2&bdt=1361&idt=-M&shv=r20200511&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=740x185%2C0x0&nras=2&correlator=1630424912878&frm=20&pv=1&ga_vid=1103881291.1589559919&ga_sid=1589559919&ga_hid=855129066&ga_fc=0&iag=0&icsg=143675245936447&dssz=78&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=223&ady=2983&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21066085%2C21066124%2C182982100%2C182982300&oid=3&psts=AGkb-H_UezkdLTl2bB85Md-Y7xTjZYQnn-hbY24h5yurOImBO4mKFASWXW15boTc4R9p%2CAGkb-H_UezkdLTl2bB85Md-Y7xTjZYQnn-hbY24h5yurOImBO4mKFASWXW15boTc4R9p&pvsid=593196012584025&pem=87&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8336&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=CHGmCAcpmo&p=https%3A//seguranca-informatica.pt&dtd=43
Frame ID: E0B90F2BE4BCCAF9FE25366F158DA941
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5067310443593238&output=html&h=280&adk=1863295039&adf=4183343689&w=740&fwrn=4&fwrnh=100&lmt=1589559919&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7674192041&psa=1&guci=1.2.0.0.2.2.0.0&ad_type=text_image&format=740x280&url=https%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F%23.Xr7Cb9OxX0M&flash=0&fwr=0&pra=3&rh=185&rw=740&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&dt=1589559919625&bpp=2&bdt=1360&idt=-M&shv=r20200511&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=740x185%2C0x0%2C740x280&nras=3&correlator=1630424912878&frm=20&pv=1&ga_vid=1103881291.1589559919&ga_sid=1589559919&ga_hid=855129066&ga_fc=0&iag=0&icsg=143675245936447&dssz=79&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=223&ady=4715&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21066085%2C21066124%2C182982100%2C182982300&oid=3&psts=AGkb-H_UezkdLTl2bB85Md-Y7xTjZYQnn-hbY24h5yurOImBO4mKFASWXW15boTc4R9p%2CAGkb-H_UezkdLTl2bB85Md-Y7xTjZYQnn-hbY24h5yurOImBO4mKFASWXW15boTc4R9p&pvsid=593196012584025&pem=87&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8336&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=hBjqLaFlcI&p=https%3A//seguranca-informatica.pt&dtd=49
Frame ID: AAC91A18A58AE239778A231F1154A867
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5067310443593238&output=html&h=280&adk=3832473613&adf=1840210285&w=720&fwrn=4&fwrnh=100&lmt=1589559919&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7674192041&psa=1&guci=1.2.0.0.2.2.0.0&ad_type=text_image&format=720x280&url=https%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F%23.Xr7Cb9OxX0M&flash=0&fwr=0&pra=3&rh=180&rw=720&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&dt=1589559919625&bpp=1&bdt=1361&idt=-M&shv=r20200511&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=740x185%2C0x0%2C740x280%2C740x280&nras=4&correlator=1630424912878&frm=20&pv=1&ga_vid=1103881291.1589559919&ga_sid=1589559919&ga_hid=855129066&ga_fc=0&iag=0&icsg=143675245936447&dssz=79&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=243&ady=6098&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21066085%2C21066124%2C182982100%2C182982300&oid=3&psts=AGkb-H_UezkdLTl2bB85Md-Y7xTjZYQnn-hbY24h5yurOImBO4mKFASWXW15boTc4R9p%2CAGkb-H_UezkdLTl2bB85Md-Y7xTjZYQnn-hbY24h5yurOImBO4mKFASWXW15boTc4R9p&pvsid=593196012584025&pem=87&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8336&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=Ni9rtYE5II&p=https%3A//seguranca-informatica.pt&dtd=54
Frame ID: D62A6ED7340E62633A9733012C60B766
Requests: 1 HTTP requests in this frame

Frame: https://abs.twimg.com/emoji/v2/72x72/1f9d0.png
Frame ID: 70B54725DCE48795C9642CC8AF8EC3C8
Requests: 80 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=seguranca-informatica&t_i=7502%20https%3A%2F%2Fseguranca-informatica.pt%2F%3Fp%3D7502&t_u=https%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F&t_e=Brazilian%20trojan%20banker%20is%20targeting%20Portuguese%20users%20using%20browser%20overlay&t_d=Brazilian%20trojan%20banker%20is%20targeting%20Portuguese%20users%20using%20browser%20overlay&t_t=Brazilian%20trojan%20banker%20is%20targeting%20Portuguese%20users%20using%20browser%20overlay&s_o=default
Frame ID: 211A2307F48B218E940DE1059F274AAE
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Frame ID: C6BDFF330D652DA4E73F52B6DD4729D4
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/jot.html
Frame ID: 4B80BB9A05A385D9955DFCA61A1E70A5
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://seguranca-informatica.pt/brazilia= HTTP 301
https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

script /react.*\.js/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/platform\.twitter\.com\/widgets\.js/i

Page Statistics

253
Requests

100 %
HTTPS

57 %
IPv6

28
Domains

40
Subdomains

29
IPs

5
Countries

8686 kB
Transfer

11036 kB
Size

4
Cookies

43 Outgoing links

These are links going to different origins than the main page.

URL: https://www.youtube.com/channel/UCGs6Ju6rSM9BHP5UGtVvdXw?sub_confirmation=1
Title: Youtube

Search URL Search Domain Scan URL

URL: https://feed.seguranca-informatica.pt/
Title: 0xSI_f33d

Search URL Search Domain Scan URL

URL: https://twitter.com/DJ_PRMF
Title: @DJ_PRMF

Search URL Search Domain Scan URL

URL: https://twitter.com/t14g0p
Title: @t14g0p

Search URL Search Domain Scan URL

URL: https://www.embarcadero.com/br/
Title: Embarcaredo

Search URL Search Domain Scan URL

URL: https://malware.pt/posts/banker_google_docs/
Title: publication

Search URL Search Domain Scan URL

URL: https://gist.github.com/t14g0p/a45d8cdef974742cdf0711987deb56fc/raw/40a94e88d2b5e252430db650d516b5e05c76ade4/deobfs.py
Title: view raw

Search URL Search Domain Scan URL

URL: https://gist.github.com/t14g0p/a45d8cdef974742cdf0711987deb56fc#file-deobfs-py
Title: deobfs.py

Search URL Search Domain Scan URL

URL: https://github.com/
Title: GitHub

Search URL Search Domain Scan URL

URL: https://www.blockchain.com/btc/address/18KdHi9CJea1AjEtrVQSfqyN6QXZvJZXqS
Title: bitcoin wallet

Search URL Search Domain Scan URL

URL: https://www.shodan.io/
Title: Shodan

Search URL Search Domain Scan URL

URL: https://twitter.com/cocaman
Title: @cocaman

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/3701d539821e5e68891d72cc1dd54f6ead592c3e277e92a4349f99b82e0cbcd3/detection
Title: https://www.virustotal.com/gui/file/3701d539821e5e68891d72cc1dd54f6ead592c3e277e92a4349f99b82e0cbcd3/detection

Search URL Search Domain Scan URL

URL: https://www.hybrid-analysis.com/sample/421d6d28978d687aee62ef539d4c2d24e9e4d2b0d74c70c2856d8f978e538d5a/5eb163ce3c3c05767b1bcc69
Title: https://www.hybrid-analysis.com/sample/421d6d28978d687aee62ef539d4c2d24e9e4d2b0d74c70c2856d8f978e538d5a/5eb163ce3c3c05767b1bcc69

Search URL Search Domain Scan URL

URL: https://www.joesandbox.com/analysis/227588/0/html
Title: https://www.joesandbox.com/analysis/227588/0/html

Search URL Search Domain Scan URL

URL: https://analyze.intezer.com/#/analyses/92fad8e8-a756-4a70-8a7f-3c0098cc200a
Title: https://analyze.intezer.com/#/analyses/92fad8e8-a756-4a70-8a7f-3c0098cc200a

Search URL Search Domain Scan URL

URL: https://gist.github.com/sirpedrotavares/bba17721b7102e01a3e452ea800de5ed/raw/7b7519cdb537e20d8f9131df68789762597cc254/brazilian_trojan_portugal_april2020.yar
Title: view raw

Search URL Search Domain Scan URL

URL: https://gist.github.com/sirpedrotavares/bba17721b7102e01a3e452ea800de5ed#file-brazilian_trojan_portugal_april2020-yar
Title: brazilian_trojan_portugal_april2020.yar

Search URL Search Domain Scan URL

URL: https://github.com/sirpedrotavares/SI-LAB-Yara_rules
Title: here

Search URL Search Domain Scan URL

URL: https://twitter.com/sirpedrotavares/status/1256619456060669952
Title: https://twitter.com/sirpedrotavares/status/1256619456060669952

Search URL Search Domain Scan URL

URL: https://tugatech.com.pt/t33136-novo-ransomware-propaga-se-sobre-faturas-falsas-da-vodafone
Title: https://tugatech.com.pt/t33136-novo-ransomware-propaga-se-sobre-faturas-falsas-da-vodafone

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/sirpedrotavares/
Title: Pedro Tavares

Search URL Search Domain Scan URL

URL: https://www.facebook.com/segurancainformatica

Search URL Search Domain Scan URL

URL: https://twitter.com/sirpedrotavares

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/sirpedrotavares

Search URL Search Domain Scan URL

URL: https://feed.seguranca-informatica.pt/reports/2020/Infographic%20-%20Threat%20Report%20Portugal%20Q1%202020.pdf

Search URL Search Domain Scan URL

URL: https://feed.seguranca-informatica.pt/reports/2020/Infographic%20-%20Threat%20Report%20Portugal%20Q1%202020.png
Title: PNG

Search URL Search Domain Scan URL

URL: https://t.me/segurancainformatica

Search URL Search Domain Scan URL

URL: https://facebook.com/segurancainformatica

Search URL Search Domain Scan URL

URL: https://plus.google.com/u/0/+PedroTavaresSir

Search URL Search Domain Scan URL

URL: https://youtube.com/channel/UCGs6Ju6rSM9BHP5UGtVvdXw?sub_confirmation=1

Search URL Search Domain Scan URL

URL: https://www.pinterest.pt/sirpedrotavares/seguranca-informaticapt/

Search URL Search Domain Scan URL

URL: https://www.trignosfera.pt/

Search URL Search Domain Scan URL

URL: https://creativecommons.org/licenses/by/4.0/

Search URL Search Domain Scan URL

URL: https://github.com/sirpedrotavares
Title:

Search URL Search Domain Scan URL

URL: https://plus.google.com/+PedroTavaresSir
Title:

Search URL Search Domain Scan URL

URL: https://linkedin.com/in/sirpedrotavares
Title:

Search URL Search Domain Scan URL

URL: https://www.reddit.com/user/sirpedrotavares
Title:

Search URL Search Domain Scan URL

URL: https://www.addthis.com/website-tools/overview?utm_source=AddThis%20Tools&utm_medium=image
Title: AddThis

Search URL Search Domain Scan URL

URL: https://v1.addthis.com/live/redirect/?url=http%3A%2F%2Fseguranca-informatica.pt%2Ftargeting-portugal-a-new-trojan-lampion-has-spread-using-template-emails-from-the-portuguese-government-finance-tax%2F%23at_pco%3Dsmlwn-1.0%26at_si%3D5ebec26f60444cf0%26at_ab%3Dper-2%26at_pos%3D0%26at_tot%3D1&uid=5ebec26f415ed80e&pub=ra-5a74cca42a90a07e&rev=v8.28.5-wp&per=undefined&pco=smlwn-1.0

Search URL Search Domain Scan URL

URL: https://www.addthis.com/website-tools/overview?utm_source=AddThis%20Tools&utm_medium=image&utm_campaign=Sharing%20tools%20logo
Title: AddThis

Search URL Search Domain Scan URL

URL: https://www.addthis.com/website-tools/overview?utm_source=AddThis%20Tools&utm_medium=image&utm_campaign=Recommended%20content%20logo
Title: AddThis

Search URL Search Domain Scan URL

URL: https://v1.addthis.com/live/redirect/?url=http%3A%2F%2Fseguranca-informatica.pt%2Fsensitive-data-from-edp-group-is-now-published-by-criminals-on-the-darkweb%2F%23at_pco%3Djrcf-1.0%26at_si%3D5ebec26f60444cf0%26at_ab%3Dper-2%26at_pos%3D0%26at_tot%3D3&uid=5ebec26f462c605f&pub=ra-5a74cca42a90a07e&rev=v8.28.5-wp&per=undefined&pco=jrcf-1.0

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://seguranca-informatica.pt/brazilia= HTTP 301
https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 79

https://www.paypal.com/en_PT/i/scr/pixel.gif HTTP 301
https://www.paypalobjects.com/en_PT/i/scr/pixel.gif

Request Chain 258

https://syndication.twitter.com/i/jot HTTP 302
https://platform.twitter.com/jot.html

253 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
Redirect Chain

https://seguranca-informatica.pt/brazilia=
https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

131 KB
28 KB

822ms
822ms

Document
text/html

2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.4.5

Resource Hash

f2a31a2e0e6b043951d06351175ae4ba898dcaf54f7046f01718cf992f2c1907

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: seguranca-informatica.pt
:scheme: https
:path: /brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=d8f29c5db32e67aa3d19dce31bfb824e51589559916
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Fri, 15 May 2020 16:25:18 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.5
x-pingback: https://seguranca-informatica.pt/xmlrpc.php
link: <https://seguranca-informatica.pt/wp-json/>; rel="https://api.w.org/", <https://seguranca-informatica.pt/?p=7502>; rel=shortlink, </wp-content/cache/minify/398c6.css>; rel=preload; as=style, </wp-content/cache/minify/eabb6.css>; rel=preload; as=style, </wp-content/cache/minify/021e7.css>; rel=preload; as=style, </wp-content/cache/minify/c841a.css>; rel=preload; as=style
vary: Accept-Encoding
referrer-policy
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 593e36cc0c1d97fc-FRA
content-encoding: br
cf-h2-pushed: </wp-content/cache/minify/398c6.css>,</wp-content/cache/minify/eabb6.css>,</wp-content/cache/minify/021e7.css>,</wp-content/cache/minify/c841a.css>
cf-request-id: 02bac09381000097fc1306f200000001

Redirect headers

status: 301
date: Fri, 15 May 2020 16:25:17 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d8f29c5db32e67aa3d19dce31bfb824e51589559916; expires=Sun, 14-Jun-20 16:25:16 GMT; path=/; domain=.seguranca-informatica.pt; HttpOnly; SameSite=Lax; Secure
x-powered-by: PHP/7.4.5
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
vary: Accept-Encoding
location: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
referrer-policy
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 593e36c45ba697fc-FRA
cf-request-id: 02bac08eb4000097fc1301f200000001

GET
H2 200 398c6.css
seguranca-informatica.pt/wp-content/cache/minify/ 60 KB
8 KB 9ms
0ms Stylesheet
text/css 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/cache/minify/398c6.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db0de0d4de1311eb99b9327550146b23da220725b6739baa3158eb12f12d358a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 743
cf-polished: origSize=63257
status: 200
vary: Accept-Encoding
cf-request-id: 02bac096b1000097fc130a3200000001
referrer-policy
last-modified: Tue, 12 May 2020 12:49:28 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/css
cache-control: max-age=14400
cf-ray: 593e36d119c797fc-FRA
cf-bgj: minify

GET
H2 200 eabb6.css
seguranca-informatica.pt/wp-content/cache/minify/ 43 KB
9 KB 6ms
0ms Stylesheet
text/css 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/cache/minify/eabb6.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

268653524785d611cab68ecbf094a5720b51a8e15828eb2bbedea14bb17c5354

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 743
cf-polished: origSize=45567
status: 200
vary: Accept-Encoding
cf-request-id: 02bac096b1000097fc130a4200000001
referrer-policy
last-modified: Tue, 12 May 2020 18:15:42 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/css
cache-control: max-age=14400
cf-ray: 593e36d119c997fc-FRA
cf-bgj: minify

GET
H2 200 021e7.css
seguranca-informatica.pt/wp-content/cache/minify/ 82 KB
10 KB 7ms
0ms Stylesheet
text/css 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/cache/minify/021e7.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0b867e89571d23202e9a1cf026372048737c930c3e0c6002231ef5729297e4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 743
cf-polished: origSize=87101
status: 200
vary: Accept-Encoding
cf-request-id: 02bac096b1000097fc130a5200000001
referrer-policy
last-modified: Tue, 12 May 2020 09:18:59 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/css
cache-control: max-age=14400
cf-ray: 593e36d119ca97fc-FRA
cf-bgj: minify

GET
H2 200 c841a.css
seguranca-informatica.pt/wp-content/cache/minify/ 80 KB
15 KB 15ms
0ms Stylesheet
text/css 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/cache/minify/c841a.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41842b8a7787f30dd7c129b53b921da9705e8420e0926550013d0252822547ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 743
cf-polished: origSize=83892
status: 200
vary: Accept-Encoding
cf-request-id: 02bac096b1000097fc130a6200000001
referrer-policy
last-modified: Tue, 12 May 2020 12:49:33 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/css
cache-control: max-age=14400
cf-ray: 593e36d119cb97fc-FRA
cf-bgj: minify

GET
H2 200 dI4tRH6z5eYOCbLZuWBC7Ig0Jis.js Show response
seguranca-informatica.pt/cdn-cgi/apps/head/ 6 KB
2 KB 22ms
20ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/cdn-cgi/apps/head/dI4tRH6z5eYOCbLZuWBC7Ig0Jis.js

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2a12b82bb4b7e9b29fd41e3f22c394ee3d3737f8f9af9f7ae041d0bb895d8bd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 743
status: 200
vary: Accept-Encoding
x-amz-request-id: 5A6D031A65A7B0C2
x-amz-id-2: 4XbYJlareRgd91xRUSuuPE4CqNGm5f+IG/gdWfs+X50vzASXyUcegjznKMbnxmRdiQ/30sGoWaU=
last-modified: Sun, 05 Apr 2020 15:14:50 GMT
server: cloudflare
etag: W/"0393fdb4c7fd5923b28dfb50d125f8c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: lJHzaW_9htzRbalNZ7mokDHK2gBXM6Ql
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-request-id: 02bac096bf000097fc130a8200000001
cf-ray: 593e36d139e897fc-FRA

GET
H2 200 css
fonts.googleapis.com/ 19 KB
1 KB 18ms
15ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C700%2C300%2C400italic%2C700italic%7CRoboto%3A400%2C700%2C300&subset=latin%2Clatin-ext

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

02a8eed49f3f9c8463957eb112a8f7fc681736cabea524c019c7e405ad0c0f24

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
Origin: https://seguranca-informatica.pt

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 15 May 2020 16:25:18 GMT
server: ESF
date: Fri, 15 May 2020 16:25:18 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 15 May 2020 16:25:18 GMT

GET
H2 200 jquery.js Show response
seguranca-informatica.pt/wp-includes/js/jquery/ 95 KB
32 KB 23ms
20ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c7ee0238fa5cd80a02ef9870a7fff498ef52097181cb73edb9219dc022fd919

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 600
cf-polished: origSize=96873
status: 200
vary: Accept-Encoding
cf-request-id: 02bac096c0000097fc130a9200000001
referrer-policy
last-modified: Tue, 21 May 2019 20:30:23 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 593e36d139e997fc-FRA
cf-bgj: minify

GET
H2 200 jquery-migrate.min.js Show response
seguranca-informatica.pt/wp-includes/js/jquery/ 10 KB
4 KB 21ms
19ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 600
status: 200
vary: Accept-Encoding
cf-request-id: 02bac096c0000097fc130aa200000001
referrer-policy
last-modified: Tue, 21 Jun 2016 18:04:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 593e36d139ea97fc-FRA

GET
H2 200 frontend.min.js Show response
seguranca-informatica.pt/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/ 9 KB
3 KB 14ms
12ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend.min.js?ver=6.0.2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dab98b1d5558dd15c7db5ada4438fe03a424a7c1f5e0f29567d39a0a892bcc41

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 600
status: 200
vary: Accept-Encoding
cf-request-id: 02bac096c0000097fc130ab200000001
referrer-policy
last-modified: Thu, 27 Feb 2020 10:54:08 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 593e36d139eb97fc-FRA

GET
H2 200 nivo-lightbox.min.js Show response
seguranca-informatica.pt/wp-content/plugins/responsive-lightbox/assets/nivo/ 8 KB
2 KB 18ms
15ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/plugins/responsive-lightbox/assets/nivo/nivo-lightbox.min.js?ver=2.2.2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3391a9fa68a12cce5d9736593e3b24f78698c5f7f6a6a3a1a6644f813875403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 743
status: 200
vary: Accept-Encoding
cf-request-id: 02bac096c0000097fc130ac200000001
referrer-policy
last-modified: Mon, 25 Nov 2019 22:36:31 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 593e36d139ec97fc-FRA

GET
H2 200 infinite-scroll.pkgd.min.js Show response
seguranca-informatica.pt/wp-content/plugins/responsive-lightbox/assets/infinitescroll/ 25 KB
7 KB 19ms
17ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/plugins/responsive-lightbox/assets/infinitescroll/infinite-scroll.pkgd.min.js?ver=5.4.1

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f97fb27fc5a2b0b2ef192937aeea30f869e026c98518e154a796755e3d0d864

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 600
status: 200
vary: Accept-Encoding
cf-request-id: 02bac096c0000097fc130ad200000001
referrer-policy
last-modified: Mon, 25 Nov 2019 22:36:31 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 593e36d139ed97fc-FRA

GET
H2 200 front.js Show response
seguranca-informatica.pt/wp-content/plugins/responsive-lightbox/js/ 16 KB
4 KB 18ms
16ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/plugins/responsive-lightbox/js/front.js?ver=2.2.2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9a44ab6217570448889e9e625c86288f47692343285d48fd2642e9f9e46c3158

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 600
cf-polished: origSize=26898
status: 200
vary: Accept-Encoding
cf-request-id: 02bac096c0000097fc130ae200000001
referrer-policy
last-modified: Mon, 25 Nov 2019 22:36:31 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 593e36d139ee97fc-FRA
cf-bgj: minify

GET
H2 200 wpp-5.0.0.min.js Show response
seguranca-informatica.pt/wp-content/plugins/wordpress-popular-posts/assets/js/ 1 KB
738 B 16ms
14ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/plugins/wordpress-popular-posts/assets/js/wpp-5.0.0.min.js?ver=5.1.0

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

191e2a2deb0b16b4e6c833685b15ab930c8eaeec228391f6b26bc1fcda208c7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 600
status: 200
vary: Accept-Encoding
cf-request-id: 02bac096c0000097fc130af200000001
referrer-policy
last-modified: Tue, 31 Mar 2020 16:24:47 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 593e36d139ef97fc-FRA

GET
H2 200 logotipox600.png
seguranca-informatica.pt/logotipo/ 20 KB
20 KB 61ms
43ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/logotipo/logotipox600.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be73c16f766dc7c7a8c08a6ba72cdd7645f553ec28ca32640022b6d7355f590a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 743
status: 200
vary: Accept-Encoding
content-length: 20475
cf-request-id: 02bac09724000097fc130c4200000001
referrer-policy
last-modified: Tue, 13 Feb 2018 18:11:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1dab297fc-FRA

GET
H2 200 twitter_PNG28-e1517184971128.png
seguranca-informatica.pt/wp-content/uploads/2018/01/ 600 B
711 B 64ms
46ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2018/01/twitter_PNG28-e1517184971128.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e60d58e3602f1b85a212115e4d7300e09234e89eeec8df6065c2568c43e3f056

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 743
status: 200
vary: Accept-Encoding
content-length: 600
cf-request-id: 02bac09724000097fc130c5200000001
referrer-policy
last-modified: Mon, 29 Jan 2018 00:16:14 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1dab497fc-FRA

GET
H2 200 icon-circle-150x150-youtube.png
seguranca-informatica.pt/ 7 KB
8 KB 73ms
55ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/icon-circle-150x150-youtube.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e02a28e995334093dff6f19238e59aba7b5ba434ea2c84ef78f6a70ce260b49d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 743
status: 200
vary: Accept-Encoding
content-length: 7592
cf-request-id: 02bac09724000097fc130c6200000001
referrer-policy
last-modified: Wed, 07 Jun 2017 10:30:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1dab597fc-FRA

GET
H2 200 0xsi-f33d-2.png
seguranca-informatica.pt/wp-content/uploads/2020/04/ 874 B
1003 B 54ms
37ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/04/0xsi-f33d-2.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c848f8748dcbd3ae9248bd4ef3309e931660b0ebd18b20b7c3989ac54144e5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 874
cf-request-id: 02bac09724000097fc130c7200000001
referrer-policy
last-modified: Mon, 06 Apr 2020 13:02:57 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1dab697fc-FRA

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 107 KB
38 KB 38ms
20ms Script
text/javascript 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f1615095a9e662d58ed44a7fc6c80c04b642ee9122a037e620680008463b3e68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 39297
x-xss-protection: 0
server: cafe
etag: 18167252803202742783
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 15 May 2020 16:25:18 GMT

GET
H2 200 02-template_phishing-768x467.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 105 KB
106 KB 76ms
59ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/02-template_phishing-768x467.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fa475ad9dd9c0bb2328beb67fcf6085332122077f3b535f9f2e3c65a1a26722

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 743
status: 200
vary: Accept-Encoding
content-length: 107898
cf-request-id: 02bac09724000097fc130c8200000001
referrer-policy
last-modified: Wed, 06 May 2020 19:41:24 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1dab797fc-FRA

GET
H2 200 03-trojan-banker-high-diagram-.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 259 KB
260 KB 67ms
50ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/03-trojan-banker-high-diagram-.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fdc456f04f1fc0810426165c11e0cb1e6c0cdc7e186b25b2be8100a1c69257f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 265489
cf-request-id: 02bac09724000097fc130c9200000001
referrer-policy
last-modified: Wed, 06 May 2020 19:42:49 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1dab897fc-FRA

GET
H2 200 02-template_phishing.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 41 KB
41 KB 72ms
54ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/02-template_phishing.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7d0f4f7cdf67f0adb696aac5b9bfc64d4f83ce63300eaeff781e8da2529f5a93

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 41565
cf-request-id: 02bac09724000097fc130ca200000001
referrer-policy
last-modified: Wed, 06 May 2020 19:41:13 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1dab997fc-FRA

GET
H2 200 01-template_phishing.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 38 KB
39 KB 69ms
52ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/01-template_phishing.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8394fa4c884becaf16b858b07351f347291befcbc43bf61bd472e1a132aeccef

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 743
status: 200
vary: Accept-Encoding
content-length: 39345
cf-request-id: 02bac09724000097fc130cb200000001
referrer-policy
last-modified: Wed, 06 May 2020 19:49:41 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1daba97fc-FRA

GET
H2 200 4-zip-file-from-compromised-server.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 130 KB
130 KB 70ms
53ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/4-zip-file-from-compromised-server.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec6bb89fc1e8890c4c5ed5585f056c095c71b19cb32b9f4a67cba6c34adf70b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 133184
cf-request-id: 02bac09724000097fc130cc200000001
referrer-policy
last-modified: Wed, 06 May 2020 20:05:24 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1dabd97fc-FRA

GET
H2 200 5-msi_downloading_2nd_stage.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 153 KB
153 KB 74ms
57ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/5-msi_downloading_2nd_stage.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67a84a39ba8f7d4a16a477304a3a0a8dd86ffcd75683b3e3222c7a59661f9c6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 743
status: 200
vary: Accept-Encoding
content-length: 156389
cf-request-id: 02bac09724000097fc130cd200000001
referrer-policy
last-modified: Wed, 06 May 2020 20:07:34 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1dabe97fc-FRA

GET
H2 200 6-google-sites.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 33 KB
33 KB 61ms
44ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/6-google-sites.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b276423ec475f732888c695bb9e2f852868409cb99ae992200d57b3fde08ba3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 743
status: 200
vary: Accept-Encoding
content-length: 33522
cf-request-id: 02bac09724000097fc130ce200000001
referrer-policy
last-modified: Wed, 06 May 2020 20:07:49 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1dabf97fc-FRA

GET
H2 200 7-creating-file-startup-folder.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 81 KB
81 KB 77ms
60ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/7-creating-file-startup-folder.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a7467c2e03239b2990273b1f57ba654dc7211e9244d3a86f838cc09790104193

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 83011
cf-request-id: 02bac09724000097fc130cf200000001
referrer-policy
last-modified: Wed, 06 May 2020 20:12:57 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1dac097fc-FRA

GET
H2 200 8-trojan-startup-folder.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 24 KB
25 KB 71ms
54ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/8-trojan-startup-folder.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce90d978164af230185a56b2420acc4439027772953d6b9a3079d4e8bebe9d94

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 743
status: 200
vary: Accept-Encoding
content-length: 24970
cf-request-id: 02bac09724000097fc130d0200000001
referrer-policy
last-modified: Wed, 06 May 2020 20:13:10 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1dac197fc-FRA

GET
H2 200 embarcaredo.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 82 KB
82 KB 56ms
40ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/embarcaredo.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4acd60b107c604bb10e4308dd5aa04d2f8bdb490d5c3a77981617dfa5c2a576d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 83614
cf-request-id: 02bac09724000097fc130d1200000001
referrer-policy
last-modified: Wed, 06 May 2020 20:18:31 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1dac297fc-FRA

GET
H2 200 mapa.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 24 KB
24 KB 60ms
43ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/mapa.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ac5c0cb194d016a5b86c0ebf341b176a9ea948b1d5c0b35074696039bdc9aba4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 24517
cf-request-id: 02bac0972d000097fc130d2200000001
referrer-policy
last-modified: Wed, 06 May 2020 20:39:57 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eac897fc-FRA

GET
H2 200 11-packer.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 5 KB
5 KB 62ms
46ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/11-packer.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c6ad7e581d104b86cebc286fdab623582d9c62e3ede04ff60207ce02cbee95f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 4778
cf-request-id: 02bac0972d000097fc130d3200000001
referrer-policy
last-modified: Wed, 06 May 2020 20:46:56 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eaca97fc-FRA

GET
H2 200 13-anti-dbg.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 48 KB
49 KB 63ms
47ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/13-anti-dbg.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8aafe0abf8b20593244ec20b5239f72a3d239abeaa943ee04bf4f32e9b8dc2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 49594
cf-request-id: 02bac0972d000097fc130d4200000001
referrer-policy
last-modified: Wed, 06 May 2020 20:48:09 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eacb97fc-FRA

GET
H2 200 20-mutexes.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 17 KB
17 KB 65ms
49ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/20-mutexes.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e20b68778dd2f83aea8f4c96b03c1fecf5d255ae53c86cd293968de3a6475568

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 17745
cf-request-id: 02bac0972d000097fc130d5200000001
referrer-policy
last-modified: Wed, 06 May 2020 20:51:31 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eacc97fc-FRA

GET
H2 200 14-sections.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 59 KB
59 KB 65ms
50ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/14-sections.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bedbdc5e01fd1749ece5ad222243e3a27c2dfa5b8871328289d89aebd013ea7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 60474
cf-request-id: 02bac0972d000097fc130d6200000001
referrer-policy
last-modified: Wed, 06 May 2020 20:54:15 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eace97fc-FRA

GET
H2 200 15-packed.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 27 KB
28 KB 66ms
50ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/15-packed.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccc0c1397db71720dc6565ce306e033eba13f61a175e3e14ca3b5093204e1172

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 28066
cf-request-id: 02bac0972d000097fc130d7200000001
referrer-policy
last-modified: Wed, 06 May 2020 20:56:01 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eacf97fc-FRA

GET
H2 200 19-portex.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 55 KB
55 KB 66ms
50ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/19-portex.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9065ce3b15006e2211ffa09108571baf48e21db653a8098d53a0a828f10cd4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 56281
cf-request-id: 02bac0972d000097fc130d8200000001
referrer-policy
last-modified: Wed, 06 May 2020 20:58:19 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1ead097fc-FRA

GET
H2 200 clipboard_.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 318 KB
318 KB 66ms
50ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/clipboard_.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4d57f3e484049e822c85edf524d5cef778fe769a8c10eec807c3f987009c9548

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 325368
cf-request-id: 02bac0972d000097fc130d9200000001
referrer-policy
last-modified: Wed, 06 May 2020 21:02:59 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1ead197fc-FRA

GET
H2 200 17-bpi-overlay.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 49 KB
49 KB 66ms
51ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/17-bpi-overlay.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7779b7dc26af3310711148c1acae9e02f631e368239e048597ce7ec6f7e05e98

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 49887
cf-request-id: 02bac0972d000097fc130da200000001
referrer-policy
last-modified: Wed, 06 May 2020 21:05:17 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1ead597fc-FRA

GET
H2 200 21-santander-strings.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 56 KB
56 KB 66ms
51ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/21-santander-strings.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b75d3c01b481f0ccd00800a3dd803e9807d3fb1961f66a53fa0d0e091bb3cb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 57477
cf-request-id: 02bac0972d000097fc130db200000001
referrer-policy
last-modified: Wed, 06 May 2020 21:07:36 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1ead697fc-FRA

GET
H2 200 22-overlay-banco.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 217 KB
217 KB 66ms
51ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/22-overlay-banco.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8410a075bea6718f549c25b3da4d714b8c262d8c029849748193f614b383631

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 221911
cf-request-id: 02bac0972d000097fc130dc200000001
referrer-policy
last-modified: Wed, 06 May 2020 21:08:50 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1ead797fc-FRA

GET
H2 200 24-browser-overlay-1.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 147 KB
147 KB 67ms
51ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/24-browser-overlay-1.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

77304452b2274417b8a3476d75f1253e5d144edde5a269455d4d7a4ab5df0ec3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 150400
cf-request-id: 02bac0972d000097fc130dd200000001
referrer-policy
last-modified: Wed, 06 May 2020 21:11:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1ead997fc-FRA

GET
H2 200 25-positionin-overlay.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 24 KB
24 KB 67ms
52ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/25-positionin-overlay.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7ac9409eaf87e270f1860f0aea0dfb7f74c31e18a0679a9d2ec44acade354cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 24070
cf-request-id: 02bac0972d000097fc130de200000001
referrer-policy
last-modified: Wed, 06 May 2020 21:12:38 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eada97fc-FRA

GET
H2 200 26-millenium.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 212 KB
213 KB 67ms
52ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/26-millenium.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa014d32cb2f0fed10084c403e677c10b0e7b77898f2bd790af112330ecc78d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 217253
cf-request-id: 02bac0972d000097fc130df200000001
referrer-policy
last-modified: Wed, 06 May 2020 21:13:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eadc97fc-FRA

GET
H2 200 27-santander.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 213 KB
213 KB 67ms
53ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/27-santander.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74bce64b8642ede6c809586769d20a3bb3f69b7cbbf3edd32f81108a7767e1e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 218020
cf-request-id: 02bac0972d000097fc130e0200000001
referrer-policy
last-modified: Wed, 06 May 2020 21:14:43 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eadd97fc-FRA

GET
H2 200 28-montepio.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 335 KB
335 KB 68ms
53ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/28-montepio.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

85b8a0e5bf5a3a99353f90240d550078fee29d6df74fd47cc139f3bac73d865b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 342543
cf-request-id: 02bac0972d000097fc130e1200000001
referrer-policy
last-modified: Wed, 06 May 2020 21:16:06 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eade97fc-FRA

GET
H2 200 29-bpi.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 319 KB
319 KB 68ms
53ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/29-bpi.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8995e173fbc28814420648e43c723f859473e3ee823575b0b32af64796620cab

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 326190
cf-request-id: 02bac0972d000097fc130e2200000001
referrer-policy
last-modified: Wed, 06 May 2020 21:16:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eadf97fc-FRA

GET
H2 200 37-wireshark-gdocs.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 242 KB
243 KB 68ms
54ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/37-wireshark-gdocs.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53e15c9521875f1e3db0552ca297efd73bf3f649125e0467f5301338a345fc91

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 248216
cf-request-id: 02bac0972d000097fc130e3200000001
referrer-policy
last-modified: Wed, 06 May 2020 21:18:53 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eae097fc-FRA

GET
H2 200 42-request.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 91 KB
91 KB 68ms
54ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/42-request.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84fdb44da06c6f70548aa4b4f73b439515775dc211d85b3f55721954e2329049

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 93028
cf-request-id: 02bac0972d000097fc130e4200000001
referrer-policy
last-modified: Wed, 06 May 2020 21:21:19 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eae197fc-FRA

GET
H2 200 41-key-xor.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 19 KB
19 KB 69ms
55ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/41-key-xor.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

048f480590ec0ca08fc57ba331065bc46fc3c36ac030a2feeb8b407db66f71ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 19508
cf-request-id: 02bac0972d000097fc130e5200000001
referrer-policy
last-modified: Wed, 06 May 2020 21:22:49 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eae397fc-FRA

GET
H2 200 email-decode.min.js Show response
seguranca-informatica.pt/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
843 B 8ms
8ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
cf-request-id: 02bac096d6000097fc130b1200000001
last-modified: Tue, 12 May 2020 16:13:55 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5ebacb43-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 593e36d15a2997fc-FRA
expires: Sun, 17 May 2020 16:25:18 GMT

GET
H/1.1 200
OK a45d8cdef974742cdf0711987deb56fc.js Show response
gist.github.com/t14g0p/ 7 KB
3 KB 245ms
174ms Script
text/javascript 140.82.118.4
GITHUB

General

Check archive.org

Show headers Download Go to

Full URL

https://gist.github.com/t14g0p/a45d8cdef974742cdf0711987deb56fc.js

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

140.82.118.4 , United States, ASN36459 (GITHUB, US),

Reverse DNS

lb-140-82-118-4-ams.github.com

Software

GitHub.com /

Resource Hash

7d29213064fdf8bfceb38f5266f178f36fee29ef00140c7c6c3c0c086b00d307

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://live.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
Content-Encoding: gzip
x-content-type-options: nosniff
status: 200 OK
vary: X-PJAX, Accept-Encoding, Accept, X-Requested-With
Content-Length: 1253
x-xss-protection: 1; mode=block
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: GitHub.com
X-GitHub-Request-Id: DB68:2D063:220458:2F25A3:5EBEC26E
x-frame-options: deny
etag: W/"7d29213064fdf8bfceb38f5266f178f3"
expect-ct: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-type: text/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://live.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com
Accept-Ranges: bytes

GET
H2 200 30-google-doc1.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 20 KB
21 KB 69ms
55ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/30-google-doc1.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0999fade5a38c3dfbc134a8f2a3733281ed22974b02813f8cc88dc8f12d34c2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 20951
cf-request-id: 02bac0972d000097fc130e6200000001
referrer-policy
last-modified: Wed, 06 May 2020 21:36:18 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eaeb97fc-FRA

GET
H2 200 31-googledoc2.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 21 KB
21 KB 70ms
56ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/31-googledoc2.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

28f7d67cfa34ceb2c89c3654c49bb1b9c64f3f0bcbd8f42bda3d29eeb1208dc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 21057
cf-request-id: 02bac0972d000097fc130e7200000001
referrer-policy
last-modified: Wed, 06 May 2020 21:37:24 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eaec97fc-FRA

GET
H2 200 32-googledoc3.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 24 KB
24 KB 70ms
56ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/32-googledoc3.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b6fa87c387d5db09c4ca0b7a5b9c22c064787488c8eec63a7f173101cbbbbc58

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 24668
cf-request-id: 02bac0972d000097fc130e8200000001
referrer-policy
last-modified: Wed, 06 May 2020 21:38:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eaef97fc-FRA

GET
H2 200 33-btc-768x360.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 90 KB
90 KB 76ms
62ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/33-btc-768x360.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

369e456b46d16a544d65269fcaae1c1edc9d75edca11e324cde573943c240072

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 92139
cf-request-id: 02bac0972d000097fc130e9200000001
referrer-policy
last-modified: Wed, 06 May 2020 21:39:54 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eaf097fc-FRA

GET
H2 200 34-btc2-768x626.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 159 KB
160 KB 70ms
56ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/34-btc2-768x626.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

efd9885e28a8bab88f38cc1d62a3b5aae4f3508420abe3242ac4bbed30e5204d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 163281
cf-request-id: 02bac0972d000097fc130ea200000001
referrer-policy
last-modified: Wed, 06 May 2020 21:40:06 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eaf197fc-FRA

GET
H2 200 shodan.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 297 KB
298 KB 70ms
57ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/shodan.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f8262dd29fd6d3274eab1dc2c06a77a0cb803358ef1512416b5497239ee09cbb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 304506
cf-request-id: 02bac0972d000097fc130eb200000001
referrer-policy
last-modified: Wed, 06 May 2020 21:44:30 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eaf297fc-FRA

GET
H2 200 38-c2-server.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 98 KB
98 KB 70ms
57ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/38-c2-server.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c2cc4ca2c334a2b67bbc3f9a550682887c8c2831cc338299e01192257645545

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 100199
cf-request-id: 02bac0972d000097fc130ec200000001
referrer-policy
last-modified: Wed, 06 May 2020 21:46:06 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eaf397fc-FRA

GET
H2 200 mitre-attackmatrix.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 155 KB
156 KB 71ms
57ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/mitre-attackmatrix.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c347a51497091ee71f5a8e9edda0eb728ebee53336051447c66838997e8aa734

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 159174
cf-request-id: 02bac0972d000097fc130ed200000001
referrer-policy
last-modified: Wed, 06 May 2020 21:47:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eaf597fc-FRA

GET
H/1.1 200
OK bba17721b7102e01a3e452ea800de5ed.js Show response
gist.github.com/sirpedrotavares/ 7 KB
3 KB 242ms
173ms Script
text/javascript 140.82.118.4
GITHUB

General

Check archive.org

Show headers Download Go to

Full URL

https://gist.github.com/sirpedrotavares/bba17721b7102e01a3e452ea800de5ed.js

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

140.82.118.4 , United States, ASN36459 (GITHUB, US),

Reverse DNS

lb-140-82-118-4-ams.github.com

Software

GitHub.com /

Resource Hash

9bd8c19f3d4f5fdd60b123818f5df4fc1d4fc3bb7f18a23faa50a7ee0278b909

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://live.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
Content-Encoding: gzip
x-content-type-options: nosniff
status: 200 OK
vary: X-PJAX, Accept-Encoding, Accept, X-Requested-With
Content-Length: 1176
x-xss-protection: 1; mode=block
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: GitHub.com
X-GitHub-Request-Id: DB66:12331:176B2C:20A366:5EBEC26E
x-frame-options: deny
etag: W/"9bd8c19f3d4f5fdd60b123818f5df4fc"
expect-ct: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-type: text/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://live.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com
Accept-Ranges: bytes

GET
H2 200 pedro-tavares-300x200.jpg
seguranca-informatica.pt/wp-content/uploads/2018/11/ 80 KB
80 KB 71ms
58ms Image
image/jpeg 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2018/11/pedro-tavares-300x200.jpg

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8cb27788844e455b92854743ee7ecab79e95c50735dc7e23b064b92e359bbf6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 82070
cf-request-id: 02bac0972d000097fc130ee200000001
referrer-policy
last-modified: Fri, 02 Nov 2018 14:44:20 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eaf697fc-FRA

GET
H2 200 si_f33d.png
seguranca-informatica.pt/wp-content/uploads/2020/04/ 5 KB
5 KB 71ms
58ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/04/si_f33d.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

575593b187efc8e164cf80d79952d18b79ecad5fb42a81b1711dedf7a2af46b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 5308
cf-request-id: 02bac0972d000097fc130ef200000001
referrer-policy
last-modified: Mon, 06 Apr 2020 14:06:26 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eaf897fc-FRA

GET
H2 200 Infographic%20-%20Threat%20Report%20Portugal%20Q1%202020.png
feed.seguranca-informatica.pt/reports/2020/ 192 KB
192 KB 82ms
69ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://feed.seguranca-informatica.pt/reports/2020/Infographic%20-%20Threat%20Report%20Portugal%20Q1%202020.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d0154bc5c5f57538a82d600332062423bc61361a127b27cb1be7077c07e34fdf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 196135
cf-request-id: 02bac0972d000097fc13103200000001
last-modified: Sun, 19 Apr 2020 23:20:34 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eb1397fc-FRA

GET
H2 200 blog-cover.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 589 KB
590 KB 75ms
62ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/blog-cover.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

caace78c6f887ecbf780bdf5b71e57a02776d7ef5a0e54e797e3e007130262e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 603351
cf-request-id: 02bac0972d000097fc130f0200000001
referrer-policy
last-modified: Wed, 06 May 2020 22:18:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eafa97fc-FRA

GET
H2 200 cover_lampion-768x315.png
seguranca-informatica.pt/wp-content/uploads/2019/12/ 261 KB
261 KB 71ms
58ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2019/12/cover_lampion-768x315.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1fc9e562f67ac01fc3db71ce882b51a1096010a777f2d9f3a87db6a642ad19a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 266845
cf-request-id: 02bac0972d000097fc130f1200000001
referrer-policy
last-modified: Sat, 28 Dec 2019 02:40:21 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eafd97fc-FRA

GET
H2 200 blog-cover__.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 86 KB
86 KB 81ms
69ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/blog-cover__.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8742843c9c346c419f6a487e08a8f6d6c5f3200d4f7a7c0e15dab4a4a7c0c65d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 87653
cf-request-id: 02bac0972d000097fc130f2200000001
referrer-policy
last-modified: Mon, 11 May 2020 21:38:13 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eafe97fc-FRA

GET
H2 200 emotet-ryuk-portugal-768x425.png
seguranca-informatica.pt/wp-content/uploads/2020/01/ 361 KB
361 KB 81ms
68ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/01/emotet-ryuk-portugal-768x425.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

544ed0eb98a5b7a489c206546fe3155e32508ceda7da3d3d25f6100c0097cd17

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 369542
cf-request-id: 02bac0972d000097fc130f3200000001
referrer-policy
last-modified: Thu, 30 Jan 2020 14:44:14 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eaff97fc-FRA

GET
H2 200 youtube-subscribe-button-2.png
seguranca-informatica.pt/ 4 KB
5 KB 71ms
59ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/youtube-subscribe-button-2.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8220596e6a32feeaa3c95078f2a72efb6a01025245097384816d26c2a3f38c3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 4586
cf-request-id: 02bac0972d000097fc130f4200000001
referrer-policy
last-modified: Wed, 07 Jun 2017 10:30:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eb0097fc-FRA

GET
H2 200 telegram.jpg
seguranca-informatica.pt/wp-content/uploads/2018/12/ 11 KB
11 KB 71ms
59ms Image
image/jpeg 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2018/12/telegram.jpg

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c36d0094cb3d176360c91599d13da78f0c77df004bc076aadd883f189fa1767e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 11537
cf-request-id: 02bac0972d000097fc130f5200000001
referrer-policy
last-modified: Thu, 27 Dec 2018 12:10:57 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eb0297fc-FRA

GET
H2 200 if_60-rss_104443.png
seguranca-informatica.pt/wp-content/uploads/2018/01/ 2 KB
2 KB 71ms
59ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2018/01/if_60-rss_104443.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b6bad8fb5327a87ba126a50844529fa2d207b42b7df8e31e104c5d48c5092d87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 2265
cf-request-id: 02bac0972d000097fc130f6200000001
referrer-policy
last-modified: Mon, 29 Jan 2018 13:11:36 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eb0397fc-FRA

GET
H2 200 if_1_Media_social_website_facebook_2657542.png
seguranca-informatica.pt/wp-content/uploads/2018/01/ 2 KB
2 KB 71ms
60ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2018/01/if_1_Media_social_website_facebook_2657542.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9be7537f55bde87db7acf7c9aa482e56e3c8891f09710e19113637cdbb8143ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 1792
cf-request-id: 02bac0972d000097fc130f7200000001
referrer-policy
last-modified: Mon, 29 Jan 2018 12:51:40 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eb0497fc-FRA

GET
H2 200 if_18_Media_social_website_in_2657551.png
seguranca-informatica.pt/wp-content/uploads/2018/01/ 2 KB
2 KB 72ms
60ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2018/01/if_18_Media_social_website_in_2657551.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

48b3b17bf53635986804b63fb97b63fd84d72e6f2d169519f36ba2a3ca6a70a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 2141
cf-request-id: 02bac0972d000097fc130f8200000001
referrer-policy
last-modified: Mon, 29 Jan 2018 12:51:34 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eb0597fc-FRA

GET
H2 200 if_12_Media_social_website_Twitter_2657545.png
seguranca-informatica.pt/wp-content/uploads/2018/01/ 3 KB
3 KB 72ms
60ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2018/01/if_12_Media_social_website_Twitter_2657545.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

066d6b6d0ac47e197c9816ecc646022123de9bd034a81b4b3efb7b790ff89963

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 2756
cf-request-id: 02bac0972d000097fc130f9200000001
referrer-policy
last-modified: Mon, 29 Jan 2018 12:51:31 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eb0697fc-FRA

GET
H2 200 if_5_Media_social_website_gmail_2657573.png
seguranca-informatica.pt/wp-content/uploads/2018/01/ 2 KB
3 KB 72ms
60ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2018/01/if_5_Media_social_website_gmail_2657573.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dbab26b6050d95f1f5165ebb4114ba93bc15f011f34eca927242cb3d1f0d95f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 2512
cf-request-id: 02bac0972d000097fc130fa200000001
referrer-policy
last-modified: Mon, 29 Jan 2018 12:51:27 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eb0797fc-FRA

GET
H2 200 if_11_Media_social_website_youtube_2657544.png
seguranca-informatica.pt/wp-content/uploads/2018/01/ 2 KB
3 KB 73ms
61ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2018/01/if_11_Media_social_website_youtube_2657544.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea3906631ed3ac3f02664bb801434732b02ec1b79ca261909136c5b4ef663de9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 2502
cf-request-id: 02bac0972d000097fc130fb200000001
referrer-policy
last-modified: Mon, 29 Jan 2018 12:51:23 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eb0997fc-FRA

GET
H2 200 if_14_Media_social_website_pinterest_2657547.png
seguranca-informatica.pt/wp-content/uploads/2018/01/ 3 KB
3 KB 72ms
61ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2018/01/if_14_Media_social_website_pinterest_2657547.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8db469b90b8d9e2a0675931132266a305d0f080fc5ef4e7bd0f841f161b78b5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 3147
cf-request-id: 02bac0972d000097fc130fc200000001
referrer-policy
last-modified: Mon, 29 Jan 2018 12:51:20 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eb0a97fc-FRA

GET
H2 200 trignosfera.png
seguranca-informatica.pt/logotipo/partners/ 45 KB
45 KB 72ms
61ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/logotipo/partners/trignosfera.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3622c7c6c64b493c982f365e01b5eaa59f48da664e98025c383d4f8c57c4396

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 46166
cf-request-id: 02bac0972d000097fc130fd200000001
referrer-policy
last-modified: Fri, 16 Feb 2018 16:25:33 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eb0b97fc-FRA

GET
H2 200 81231ea4f1f1574817ce729145adde5b.gif
seguranca-informatica.pt/wp-content/uploads/2018/07/ 7 KB
7 KB 72ms
61ms Image
image/gif 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2018/07/81231ea4f1f1574817ce729145adde5b.gif

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1f449b6d1dba1bf792d53ca14c3938763dd4b0f7208cddab9eadce5c41d108a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 7181
cf-request-id: 02bac0972d000097fc130fe200000001
referrer-policy
last-modified: Mon, 30 Jul 2018 13:41:24 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/gif
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eb0d97fc-FRA

GET
H2 200 scam.gif
seguranca-informatica.pt/wp-content/uploads/2019/01/ 22 KB
23 KB 73ms
62ms Image
image/gif 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2019/01/scam.gif

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44f42160647efdb85b129d040beee22d6e3a55998c83febb2f4a03ccb0e4b714

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 22962
cf-request-id: 02bac0972d000097fc130ff200000001
referrer-policy
last-modified: Wed, 23 Jan 2019 10:49:23 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/gif
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eb0e97fc-FRA

GET
H2 200 coffepaypal.png
seguranca-informatica.pt/wp-content/uploads/2019/02/ 52 KB
52 KB 79ms
68ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2019/02/coffepaypal.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce4cb34807330a0b7afe401877ad09ecc7f930f9706cac7994716bcc1b3fd886

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 53007
cf-request-id: 02bac0972d000097fc13100200000001
referrer-policy
last-modified: Mon, 11 Feb 2019 23:55:59 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d1eb0f97fc-FRA

GET
H2

404

pixel.gif
www.paypalobjects.com/en_PT/i/scr/
Redirect Chain

https://www.paypal.com/en_PT/i/scr/pixel.gif
https://www.paypalobjects.com/en_PT/i/scr/pixel.gif

0
0

1112ms
1111ms

Image
text/html

104.111.228.123
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.paypalobjects.com/en_PT/i/scr/pixel.gif
Requested by: Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-228-123.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

x-edgeconnect-origin-mex-latency: 28
date: Fri, 15 May 2020 16:25:18 GMT
x-edgeconnect-midmile-rtt: 153
status: 301
location: https://www.paypalobjects.com/en_PT/i/scr/pixel.gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id: 4b6a707c81d1a
strict-transport-security: max-age=63072000
dc: phx-origin-www-1.paypal.com
content-length: 0

GET
H2 200 88x31.png
licensebuttons.net/l/by/4.0/ 1 KB
2 KB 50ms
13ms Image
image/png 2606:4700:20::681a:4d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://licensebuttons.net/l/by/4.0/88x31.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:4d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d8a628333a76cfe484a2b9c01bca786fccf08d0010d4bffca2b38b29dd4ed0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3887
cf-polished: origSize=4739
status: 200
vary: Accept-Encoding
content-length: 1283
x-xss-protection: 1; mode=block
last-modified: Thu, 30 Apr 2020 21:59:13 GMT
server: cloudflare
x-frame-options: deny
etag: "5eab4a31-1283"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000
content-type: image/png
cache-control: max-age=432000
cf-request-id: 02bac0973e00009778fd8ac200000001
accept-ranges: bytes
cf-ray: 593e36d1f85d9778-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 cherry-js-core.min.js Show response
seguranca-informatica.pt/wp-content/plugins/cherry-search/cherry-framework/modules/cherry-js-core/assets/js/min/ 994 B
548 B 55ms
35ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/plugins/cherry-search/cherry-framework/modules/cherry-js-core/assets/js/min/cherry-js-core.min.js?ver=1.5.11

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9382c1ac33e60533971224071a03c61bd2a759689a41085dbc757872e40ec5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 600
status: 200
vary: Accept-Encoding
cf-request-id: 02bac09720000097fc130b4200000001
referrer-policy
last-modified: Tue, 07 May 2019 09:01:50 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 593e36d1ca9a97fc-FRA

GET
H2 200 comment_count.js Show response
seguranca-informatica.pt/wp-content/plugins/disqus-comment-system/public/js/ 708 B
472 B 73ms
53ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.17

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b385fd0614f2927f0e7fdc03ccdb2428e3a93de0c7fe467149b34213cc32c0f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 600
cf-polished: origSize=889
status: 200
vary: Accept-Encoding
cf-request-id: 02bac09720000097fc130b5200000001
referrer-policy
last-modified: Wed, 06 Mar 2019 09:03:33 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 593e36d1ca9b97fc-FRA
cf-bgj: minify

GET
H2 200 comment_embed.js Show response
seguranca-informatica.pt/wp-content/plugins/disqus-comment-system/public/js/ 828 B
448 B 56ms
37ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.17

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7f5a831ead8920451598097754bb1d4fbf16fff1fd90794b950724867345794

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 743
cf-polished: origSize=1150
status: 200
vary: Accept-Encoding
cf-request-id: 02bac09720000097fc130b6200000001
referrer-policy
last-modified: Wed, 06 Mar 2019 09:03:33 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 593e36d1ca9e97fc-FRA
cf-bgj: minify

GET
H2 200 main.js Show response
seguranca-informatica.pt/wp-content/themes/xmag/js/ 2 KB
781 B 62ms
43ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/themes/xmag/js/main.js?ver=20170211

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef1605fb5d18e00bb446a2009a75eb5c44486fdddbef8d64acfdfe2b8d9ecd83

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 743
cf-polished: origSize=2332
status: 200
vary: Accept-Encoding
cf-request-id: 02bac09720000097fc130b7200000001
referrer-policy
last-modified: Sun, 04 Jun 2017 20:13:54 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 593e36d1ca9f97fc-FRA
cf-bgj: minify

GET
H2 200 jquery.sticky.js Show response
seguranca-informatica.pt/wp-content/themes/xmag/js/ 4 KB
1 KB 69ms
50ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/themes/xmag/js/jquery.sticky.js?ver=20160906

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fdf3003543c3572ba8dfc6a87a9289ebadde2db18f09a36657301eaccd157866

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 600
cf-polished: origSize=7171
status: 200
vary: Accept-Encoding
cf-request-id: 02bac09720000097fc130b8200000001
referrer-policy
last-modified: Sun, 04 Jun 2017 20:13:54 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 593e36d1caa397fc-FRA
cf-bgj: minify

GET
H2 200 sticky-setting.js Show response
seguranca-informatica.pt/wp-content/themes/xmag/js/ 213 B
281 B 76ms
57ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/themes/xmag/js/sticky-setting.js?ver=20160906

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f2401623ae567bc1ee575b6702e3a178c8b4f6a58d29cdfa3caae48e03ff9b2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 600
cf-polished: origSize=289
status: 200
vary: Accept-Encoding
cf-request-id: 02bac09720000097fc130b9200000001
referrer-policy
last-modified: Sun, 04 Jun 2017 20:13:54 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 593e36d1caa497fc-FRA
cf-bgj: minify

GET
H2 200 comment-reply.min.js Show response
seguranca-informatica.pt/wp-includes/js/ 2 KB
1 KB 35ms
15ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-includes/js/comment-reply.min.js?ver=5.4.1

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a37ca4608218cccdfb8b6d4edbdfbf375d0e1368b46397e3b7049e0cbf5bc1f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 600
status: 200
vary: Accept-Encoding
cf-request-id: 02bac09724000097fc130bb200000001
referrer-policy
last-modified: Wed, 01 Apr 2020 14:18:39 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 593e36d1daa797fc-FRA

GET
H2 200 cherry-handler.min.js Show response
seguranca-informatica.pt/wp-content/plugins/cherry-search/cherry-framework/modules/cherry-handler/assets/js/min/ 3 KB
1 KB 74ms
55ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/plugins/cherry-search/cherry-framework/modules/cherry-handler/assets/js/min/cherry-handler.min.js?ver=1.5.11

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7f837ecf8426cc760739e8a17218b3b501156f43a7bd03afb7207949b12ab0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 600
status: 200
vary: Accept-Encoding
cf-request-id: 02bac09724000097fc130bc200000001
referrer-policy
last-modified: Tue, 07 May 2019 09:01:50 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 593e36d1daa897fc-FRA

GET
H2 200 validate.js Show response
seguranca-informatica.pt/wp-content/plugins/newsletter/subscription/ 880 B
398 B 77ms
58ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/plugins/newsletter/subscription/validate.js?ver=6.6.5

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc9739d0d7392121fdc9d51cee01553a500980a5ce417343483982c68e3e2625

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 600
cf-polished: origSize=1089
status: 200
vary: Accept-Encoding
cf-request-id: 02bac09724000097fc130bd200000001
referrer-policy
last-modified: Tue, 12 May 2020 09:10:54 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 593e36d1daaa97fc-FRA
cf-bgj: minify

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 353 KB
114 KB 124ms
38ms Script
application/javascript 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js?ver=5.4.1

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

01a9f2ee033909141e4b8865aaecf728d74d4b6a1811ca6356a5f1a08387f931

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Wed, 08 Apr 2020 13:56:52 GMT
server: nginx/1.15.8
etag: W/"5e8dd824-582c2"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
status: 200
cache-control: public, max-age=600
date: Fri, 15 May 2020 16:25:18 GMT
x-host: s7.addthis.com
content-length: 116281

GET
H2 200 enlighterjs.min.js Show response
seguranca-informatica.pt/wp-content/plugins/enlighter/resources/enlighterjs/ 55 KB
15 KB 64ms
45ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/plugins/enlighter/resources/enlighterjs/enlighterjs.min.js?ver=4.2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a20b3be7d4327e93b19c5f9294f18c262e209b1831db3daee58a82baf8f96ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 743
status: 200
vary: Accept-Encoding
cf-request-id: 02bac09724000097fc130be200000001
referrer-policy
last-modified: Wed, 29 Apr 2020 21:38:05 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 593e36d1daab97fc-FRA

GET
H2 200 wp-embed.min.js Show response
seguranca-informatica.pt/wp-includes/js/ 1 KB
906 B 61ms
42ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-includes/js/wp-embed.min.js?ver=5.4.1

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 600
status: 200
vary: Accept-Encoding
cf-request-id: 02bac09724000097fc130bf200000001
referrer-policy
last-modified: Wed, 01 Apr 2020 14:18:40 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 593e36d1daac97fc-FRA

GET
H2 200 scripts.js Show response
seguranca-informatica.pt/wp-content/plugins/eu-cookie-law/js/ 2 KB
920 B 65ms
46ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/plugins/eu-cookie-law/js/scripts.js?ver=3.1.2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7daf3f5acd448e33c96a746407198ccbe6eff0402f20bbf1164a1129205c13bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 743
cf-polished: origSize=2960
status: 200
vary: Accept-Encoding
cf-request-id: 02bac09724000097fc130c0200000001
referrer-policy
last-modified: Fri, 01 May 2020 13:59:33 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 593e36d1daad97fc-FRA
cf-bgj: minify

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 8 KB
3 KB 43ms
15ms Script
application/javascript 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=5.4.1
Requested by: Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9f29c510c4b21638d69fb6e6513fcb03ded2d50e2347644ddb214fd760a9372c

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: gzip
cf-cache-status: HIT
server: cloudflare
age: 2762
etag: W/"9d9aed5a8d74707da3c47d0230168852"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=259200
cf-ray: 593e36d1ead097e4-FRA
cf-request-id: 02bac09735000097e4762eb200000001
expires: Mon, 18 May 2020 16:25:18 GMT

GET
H2 200 underscore.min.js Show response
seguranca-informatica.pt/wp-includes/js/ 16 KB
6 KB 54ms
35ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-includes/js/underscore.min.js?ver=1.8.3

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b5fc275c98a58b1073a713920cefa54fab60ad9d85a67cf6907aaf8fbb3c474

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 743
status: 200
vary: Accept-Encoding
cf-request-id: 02bac09724000097fc130c1200000001
referrer-policy
last-modified: Wed, 01 Apr 2020 14:18:40 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 593e36d1daae97fc-FRA

GET
H2 200 wp-util.min.js Show response
seguranca-informatica.pt/wp-includes/js/ 1 KB
648 B 72ms
53ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-includes/js/wp-util.min.js?ver=5.4.1

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

622bd29e595894b02f5c5ab95628f99d6e6d46483bac342b4fff38bbc64a8a35

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 743
status: 200
vary: Accept-Encoding
cf-request-id: 02bac09724000097fc130c2200000001
referrer-policy
last-modified: Wed, 01 Apr 2020 14:18:43 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 593e36d1daaf97fc-FRA

GET
H2 200 cherry-search.min.js Show response
seguranca-informatica.pt/wp-content/plugins/cherry-search/assets/js/min/ 2 KB
1015 B 67ms
49ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/plugins/cherry-search/assets/js/min/cherry-search.min.js?ver=1.1.5

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7cd9e72894580d70b0cc6a28b3836d34eb7f907eb97a152c310bfebafb65a2f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 600
status: 200
vary: Accept-Encoding
cf-request-id: 02bac09724000097fc130c3200000001
referrer-policy
last-modified: Tue, 07 May 2019 09:01:50 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 593e36d1dab197fc-FRA

GET
H2 200 qNcmPTj79EMUOrzZ4I-EprFF7Y8.js Show response
seguranca-informatica.pt/cdn-cgi/apps/body/ 28 KB
6 KB 72ms
62ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/cdn-cgi/apps/body/qNcmPTj79EMUOrzZ4I-EprFF7Y8.js

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/cdn-cgi/apps/head/dI4tRH6z5eYOCbLZuWBC7Ig0Jis.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

343bde3e98b9503c4aa226f553e1e53a20437cc8a4e3aa84eff40b5e8bd99afc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
x-amz-request-id: B1A34C54B00795F5
x-amz-id-2: VyLprAeAEHyQzkdWParS9BRVX3BWymAqexBJx0ZGlHXKZwc6m6gjUnNVfnZNXvKti8lSly16zlo=
last-modified: Sun, 05 Apr 2020 15:14:50 GMT
server: cloudflare
etag: W/"2f0664ac054357af08048b56dbb23ecd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 39Vrrl1hwaQV.tQQHe0gpcneNyDq0WPl
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-request-id: 02bac0972d000097fc13101200000001
cf-ray: 593e36d1eb1097fc-FRA

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 16ms
6ms Script
text/javascript 2a00:1450:4001:819::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Apr 2020 21:54:13 GMT
server: Golfe2
age: 6403
date: Fri, 15 May 2020 14:38:35 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18433
expires: Fri, 15 May 2020 16:38:35 GMT

GET
H2 200 wp-emoji-release.min.js Show response
seguranca-informatica.pt/wp-includes/js/ 14 KB
4 KB 79ms
69ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-includes/js/wp-emoji-release.min.js?ver=5.4.1

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

96d33f532112177ede6bf262dcf6d0140dbe29f05a4595d17b0be4743205b5ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 600
status: 200
vary: Accept-Encoding
cf-request-id: 02bac0972d000097fc13102200000001
referrer-policy
last-modified: Wed, 01 Apr 2020 14:18:51 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 593e36d1eb1197fc-FRA

POST
H2 201 popular-posts Show response
seguranca-informatica.pt/wp-json/wordpress-popular-posts/v1/ 55 B
618 B 604ms
604ms XHR
application/json 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-json/wordpress-popular-posts/v1/popular-posts

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/wp-content/plugins/wordpress-popular-posts/assets/js/wpp-5.0.0.min.js?ver=5.1.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.4.5

Resource Hash

6a445412d9169d67973237446c863781e3e661653e36ab7e83ae24a521da5d44

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-powered-by: PHP/7.4.5
status: 201
vary: Origin,Accept-Encoding
cf-request-id: 02bac0970f000097fc130b3200000001
referrer-policy
access-control-allow-headers: Authorization, Content-Type
allow: GET, POST
server: cloudflare
x-wp-nonce: d87d90e536
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-methods: OPTIONS, GET, POST, PUT, PATCH, DELETE
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://seguranca-informatica.pt
access-control-expose-headers: X-WP-Total, X-WP-TotalPages
x-robots-tag: noindex
access-control-allow-credentials: true
cf-ray: 593e36d1ba7b97fc-FRA
link: <https://seguranca-informatica.pt/wp-json/>; rel="https://api.w.org/"

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 131 KB
31 KB 16ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4cb61e44bf63a9e090e666898cd04d382e4c33b55b62cc5e9ff7dab055fbf787

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=3600
content-length: 31766
x-xss-protection: 0
pragma: public
x-fb-debug: KGW38I08nVCvO84vNadCnrZO5UTlt9bNaurJpdFj6aQHTM0FyGuZrVgI83NcUECfmtOSHNHVx9vCTJ2gN+yzaA==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Fri, 15 May 2020 16:25:18 GMT, Fri, 15 May 2020 16:25:18 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4013815c062a913724b100213570c46fdc0463020d81b5b2ed7ed0b4a56eb727

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 3UBuaWbl6MfSa7aPbvrONA==
status: 200
alt-svc: h3-27=":443"; ma=3600
content-length: 1779
etag: "d36fd03e8a8fd4c4963b8086d8b5e11a"
x-fb-debug: WhKOcMCOEBJfvl7lPUEGFMwpPOofnbE/j05+nAmWyuF2Uc5lA2M/98cOY2id3M1FlU+bo0kN1Tbx+7urHfF/qQ==
x-fb-trip-id: 664085054
x-fb-content-md5: 9326fe330379fe4fcade34bcf3cd6171
x-frame-options: DENY
date: Fri, 15 May 2020 16:25:18 GMT, Fri, 15 May 2020 16:25:18 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 15 May 2020 16:44:48 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v17/ 9 KB
9 KB 14ms
4ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C700%2C300%2C400italic%2C700italic%7CRoboto%3A400%2C700%2C300&subset=latin%2Clatin-ext
Origin: https://seguranca-informatica.pt

Response headers

date: Wed, 15 Apr 2020 23:49:44 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 19:30:49 GMT
server: sffe
age: 2565334
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9132
x-xss-protection: 0
expires: Thu, 15 Apr 2021 23:49:44 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 14ms
5ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C700%2C300%2C400italic%2C700italic%7CRoboto%3A400%2C700%2C300&subset=latin%2Clatin-ext
Origin: https://seguranca-informatica.pt

Response headers

date: Wed, 15 Apr 2020 00:22:14 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:58 GMT
server: sffe
age: 2649784
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11020
x-xss-protection: 0
expires: Thu, 15 Apr 2021 00:22:14 GMT

GET
H2 200 simple-line-icons.ttf
seguranca-informatica.pt/wp-content/themes/xmag/fonts/ 18 KB
12 KB 24ms
15ms Font
font/ttf 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/themes/xmag/fonts/simple-line-icons.ttf?v=2.2.2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

88731bd32d2242a6918772bd11e6e16f46c2e3c05c7bbd4ed47d162cff9683f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://seguranca-informatica.pt/wp-content/cache/minify/eabb6.css
Origin: https://seguranca-informatica.pt

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: br
referrer-policy
cf-cache-status: HIT
server: cloudflare
age: 600
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/ttf
status: 200
cache-control: max-age=14400
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 593e36d1daa697fc-FRA
cf-request-id: 02bac09724000097fc130ba200000001

GET
H2 200 mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v17/ 9 KB
9 KB 14ms
5ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C700%2C300%2C400italic%2C700italic%7CRoboto%3A400%2C700%2C300&subset=latin%2Clatin-ext
Origin: https://seguranca-informatica.pt

Response headers

date: Mon, 11 May 2020 18:37:12 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 19:31:11 GMT
server: sffe
age: 337686
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9080
x-xss-protection: 0
expires: Tue, 11 May 2021 18:37:12 GMT

GET
H2 200 memnYaGs126MiZpBA-UFUKWiUNhrIqOxjaPX.woff2
fonts.gstatic.com/s/opensans/v17/ 9 KB
9 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v17/memnYaGs126MiZpBA-UFUKWiUNhrIqOxjaPX.woff2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d6762417b3b91c64f1d9c9689deb17a1120dfaf507b547b6bf5a11fdf0968a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C700%2C300%2C400italic%2C700italic%7CRoboto%3A400%2C700%2C300&subset=latin%2Clatin-ext
Origin: https://seguranca-informatica.pt

Response headers

date: Tue, 14 Apr 2020 08:08:26 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 19:31:15 GMT
server: sffe
age: 2708212
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9416
x-xss-protection: 0
expires: Wed, 14 Apr 2021 08:08:26 GMT

GET
H2 200 mem6YaGs126MiZpBA-UFUK0Zdc1GAK6b.woff2
fonts.gstatic.com/s/opensans/v17/ 10 KB
10 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v17/mem6YaGs126MiZpBA-UFUK0Zdc1GAK6b.woff2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ffcde34efda55a63cb66dbec4bf10acb531014d581e2d8e511836b84e08c2305

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C700%2C300%2C400italic%2C700italic%7CRoboto%3A400%2C700%2C300&subset=latin%2Clatin-ext
Origin: https://seguranca-informatica.pt

Response headers

date: Wed, 06 May 2020 00:04:55 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 19:31:02 GMT
server: sffe
age: 836423
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9728
x-xss-protection: 0
expires: Thu, 06 May 2021 00:04:55 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C700%2C300%2C400italic%2C700italic%7CRoboto%3A400%2C700%2C300&subset=latin%2Clatin-ext
Origin: https://seguranca-informatica.pt

Response headers

date: Mon, 13 Apr 2020 13:00:06 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:52 GMT
server: sffe
age: 2777112
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11180
x-xss-protection: 0
expires: Tue, 13 Apr 2021 13:00:06 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C700%2C300%2C400italic%2C700italic%7CRoboto%3A400%2C700%2C300&subset=latin%2Clatin-ext
Origin: https://seguranca-informatica.pt

Response headers

date: Tue, 14 Apr 2020 23:26:59 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 2653099
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11016
x-xss-protection: 0
expires: Wed, 14 Apr 2021 23:26:59 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 395 KB
115 KB 18ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=b0ae6ab2705b949d7e4b28cc60e31c0d&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9840e5261564d2b2575ef0c31e248f448397153cd846edea4810be60efeafc52

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
Origin: https://seguranca-informatica.pt

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: tz5rnwq96hIq8gH0xReSdQ==
status: 200
alt-svc: h3-27=":443"; ma=3600
content-length: 117430
etag: "8a88386633dd7aa10f5dbb13b7d2c4b4"
x-fb-debug: BO1ABXST7X0rIkdnQ8rY57GVXyl3QOGBdyQ9+u5V59nno7AklScQlSWs5KFoAdVYDOvsF2oTryPXReDUk3pmGA==
x-fb-trip-id: 664085054
x-fb-content-md5: 35db90c072105836971820031e4b73ce
x-frame-options: DENY
date: Fri, 15 May 2020 16:25:18 GMT, Fri, 15 May 2020 16:25:18 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
expires: Sat, 15 May 2021 16:24:48 GMT

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
108 B 14ms
13ms Image
image/gif 2a00:1450:4001:819::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j82&a=855129066&t=pageview&_s=1&dl=https%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F&ul=en-us&de=UTF-8&dt=Brazilian%20trojan%20banker%20is%20targeting%20Portuguese%20users%20using%20browser%20overlay&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=YEBAAUABC~&jid=867492113&gjid=266133277&cid=1103881291.1589559919&tid=UA-100437516-1&_gid=130372977.1589559919&_r=1&z=1926588755

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 134215180689421 Show response
connect.facebook.net/signals/config/ 516 KB
129 KB 10ms
10ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/134215180689421?v=2.9.18&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ee855adef8d74ff58e90a1c1c1efcf2550e3ba6d0db5a80a417b0dc22a3efb94

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=3600
content-length: 131653
x-xss-protection: 0
pragma: public
x-fb-debug: 7BqJj+NDSyA8dgD+aqU1WsI1paOzulx6wbwz7QohDnck/9iCQZuwhb7OQBND4NKSsKfNU8GhvOmXIg9Sg9lBFA==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Fri, 15 May 2020 16:25:18 GMT, Fri, 15 May 2020 16:25:18 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
168 B 17ms
16ms Script
application/javascript 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=seguranca-informatica.pt

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
168 B 14ms
14ms Script
application/javascript 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=seguranca-informatica.pt

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20200511/r20190131/ 218 KB
82 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20200511/r20190131/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecb531bdf231039081a7a6879d73bca91d8b8c7fc671615063746454c0daaa8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 84031
x-xss-protection: 0
server: cafe
etag: 11558267481566639666
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 May 2020 16:25:18 GMT

GET
H2 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20200511/r20190131/ Frame C2BE 0
0 14ms
6ms Document
text/html 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20200511/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20200511/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
vary: Accept-Encoding
date: Tue, 12 May 2020 04:34:05 GMT
expires: Tue, 26 May 2020 04:34:05 GMT
content-type: text/html; charset=UTF-8
etag: 4094386822458569044
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4444
x-xss-protection: 0
cache-control: public, max-age=1209600
age: 301873
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ 1 KB
0 Stylesheet
text/css

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d09e163a3868a47d1c51be0b013497ce6975c036fcc5d7b65bba70419c74b7ad

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: text/css;charset=utf-8

GET
H2 200 gist-embed-31007ea0d3bd9f80540adfbc55afc7bd.css
github.githubassets.com/assets/ 23 KB
5 KB 129ms
38ms Stylesheet
text/css 185.199.108.154
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://github.githubassets.com/assets/gist-embed-31007ea0d3bd9f80540adfbc55afc7bd.css
Requested by: Host: gist.github.com
URL: https://gist.github.com/t14g0p/a45d8cdef974742cdf0711987deb56fc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.199.108.154 Hoover, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: aa06051b1c939145f22a163564c3b9d5a3e5b95151c11d675fee25a5ac272a18

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fastly-request-id: 4beff509c4ecefd44810b4cce4e0a16887833b02
date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: gzip
age: 6098708
x-cache: HIT, HIT
status: 200
access-control-max-age: 3600
content-length: 4953
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-iad2134-IAD, cache-cdg20735-CDG
last-modified: Fri, 06 Mar 2020 02:17:54 GMT
server: AmazonS3
x-timer: S1589559919.779205,VS0,VE0
etag: "251755a24392f37def7c7d714f49c2e4"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 3, 5889

GET
H2 200 /
www.facebook.com/tr/ 44 B
254 B 7ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=134215180689421&ev=PageView&dl=https%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F&rl=&if=false&ts=1589559918795&sw=1600&sh=1200&v=2.9.18&r=stable&ec=0&o=30&fbp=fb.1.1589559918794.30841961&it=1589559918584&coo=false&rqm=GET

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT, Fri, 15 May 2020 16:25:18 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 15 May 2020 16:25:18 GMT

GET
H2 200 ads
googleads.g.doubleclick.net/pagead/ Frame 99EF 0
0 206ms
205ms Document
text/html 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5067310443593238&output=html&h=185&slotname=8346471494&adk=580740002&adf=2311144427&w=740&fwrn=4&lmt=1589559918&rafmt=11&psa=0&guci=1.2.0.0.2.2.0.0&format=740x185&url=https%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F&flash=0&wgl=1&adsid=NT&dt=1589559918630&bpp=20&bdt=366&idt=171&shv=r20200511&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=1630424912878&frm=20&pv=2&ga_vid=1103881291.1589559919&ga_sid=1589559919&ga_hid=855129066&ga_fc=0&iag=0&icsg=550024249256&dssz=30&mdo=0&mso=0&rplot=4&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=223&ady=1142&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21066085%2C21066124%2C182982100%2C182982300&oid=3&pvsid=593196012584025&pem=87&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8336&bc=31&ifi=1&uci=a!1&fsb=1&xpc=gJ3HfNvSs5&p=https%3A//seguranca-informatica.pt&dtd=188

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200511/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5067310443593238&output=html&h=185&slotname=8346471494&adk=580740002&adf=2311144427&w=740&fwrn=4&lmt=1589559918&rafmt=11&psa=0&guci=1.2.0.0.2.2.0.0&format=740x185&url=https%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F&flash=0&wgl=1&adsid=NT&dt=1589559918630&bpp=20&bdt=366&idt=171&shv=r20200511&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=1630424912878&frm=20&pv=2&ga_vid=1103881291.1589559919&ga_sid=1589559919&ga_hid=855129066&ga_fc=0&iag=0&icsg=550024249256&dssz=30&mdo=0&mso=0&rplot=4&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=223&ady=1142&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21066085%2C21066124%2C182982100%2C182982300&oid=3&pvsid=593196012584025&pem=87&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8336&bc=31&ifi=1&uci=a!1&fsb=1&xpc=gJ3HfNvSs5&p=https%3A//seguranca-informatica.pt&dtd=188
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 15 May 2020 16:25:19 GMT
server: cafe
content-length: 21432
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 15-May-2020 16:40:18 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Fri, 15 May 2020 16:25:19 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
27 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200511/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

df4b376fc112266e6f1854609311b809452d452ecead88a1689693f8c2af84e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1589369616634380"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 27726
x-xss-protection: 0
expires: Fri, 15 May 2020 16:25:18 GMT

GET
H2 200 eqyuAj9hvy4
www.youtube.com/embed/ Frame D33D 0
0 144ms
144ms Document
text/html 2a00:1450:4001:81a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/eqyuAj9hvy4

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/eqyuAj9hvy4
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Response headers

status: 200
strict-transport-security: max-age=31536000
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
x-content-type-options: nosniff
content-type: text/html; charset=utf-8
expires: Tue, 27 Apr 1971 19:44:06 GMT
cache-control: no-cache
date: Fri, 15 May 2020 16:25:19 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
set-cookie: VISITOR_INFO1_LIVE=XTcOD4rQXVc; path=/; domain=.youtube.com; secure; expires=Wed, 11-Nov-2020 16:25:18 GMT; httponly; samesite=None VISITOR_INFO1_LIVE=XTcOD4rQXVc; path=/; domain=.youtube.com; secure; expires=Wed, 11-Nov-2020 16:25:18 GMT; httponly; samesite=None YSC=cnwH2BZ5Lfw; path=/; domain=.youtube.com; secure; httponly; samesite=None GPS=1; path=/; domain=.youtube.com; expires=Fri, 15-May-2020 16:55:18 GMT
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 E-mail-Icon-co%CC%81pia-e1515360297525.png
seguranca-informatica.pt/wp-content/uploads/2018/01/ 1009 B
1 KB 14ms
13ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2018/01/E-mail-Icon-co%CC%81pia-e1515360297525.png

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba23d13ab9eb27eb4933ae12135dc7f2775699d06d8628f73b9ff9b9f01aeef4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 742
status: 200
vary: Accept-Encoding
content-length: 1009
cf-request-id: 02bac09953000097fc13128200000001
referrer-policy
last-modified: Wed, 24 Jan 2018 22:17:30 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d55e8f97fc-FRA

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 96 KB
29 KB 26ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/4199) /
Resource Hash: cb88bf7a67ba917b5ee7b4a1cc593d8bfe94cf2670cb24df338308ec8a573ec3

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 15 May 2020 16:25:19 GMT
Content-Encoding: gzip
Last-Modified: Tue, 12 May 2020 17:25:55 GMT
Server: ECS (fcn/4199)
Age: 1213
Etag: "580310dcde7e145486d79be6e5257680+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Content-Type: application/javascript; charset=utf-8
Content-Length: 29223

GET
H/1.1 200
OK count.js Show response
seguranca-informatica.disqus.com/ 1 KB
1 KB 91ms
29ms Script
application/javascript 151.101.112.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.disqus.com/count.js

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.17

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.134 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 15 May 2020 16:25:19 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 2486787
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 871
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 16 Apr 2020 19:48:14 GMT
Server: nginx
ETag: "5e98b67e-367"
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=300
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect

GET
H/1.1 200
OK embed.js Show response
seguranca-informatica.disqus.com/ 66 KB
22 KB 91ms
29ms Script
application/javascript 151.101.112.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.disqus.com/embed.js

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.17

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.134 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

ce043667908d00d8e98d74e8a805b8a6cbf6aacdfcc5f44879d52a5eaff6930e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 15 May 2020 16:25:19 GMT
Content-Encoding: gzip
Server: openresty
Age: 92
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Strict-Transport-Security: max-age=300; includeSubdomains
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 22116

GET
H2 200 fontawesome-webfont.woff2
seguranca-informatica.pt/wp-content/plugins/cherry-search/assets/fonts/ 70 KB
70 KB 17ms
16ms Font
font/woff2 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/plugins/cherry-search/assets/fonts/fontawesome-webfont.woff2?v=4.6.3

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://seguranca-informatica.pt/wp-content/cache/minify/c841a.css
Origin: https://seguranca-informatica.pt

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 422
status: 200
vary: Accept-Encoding
content-length: 71896
cf-request-id: 02bac09997000097fc1312c200000001
referrer-policy
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36d5bef797fc-FRA

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 148ms
43ms Script
application/x-javascript 72.247.226.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?ver=5.4.1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: C0B7E130097BC605
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=8003
accept-ranges: bytes
content-length: 948
x-amz-id-2: WMRpIO186SrpMgXAdDxxqtwuB/nVpPpDrif5aSQ8+ORAAGwczaqMUoDLYLjYQOU+EHP09vSgz8E=

GET
H2 200 2764.svg
s.w.org/images/core/emoji/12.0.0-1/svg/ 368 B
567 B 54ms
17ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/12.0.0-1/svg/2764.svg

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

09a743ee0c32ca57c9be64b13b29c396310d1dd309cb4d7d3be722e47db95f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nc: HIT vie 2
date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
last-modified: Mon, 08 Apr 2019 05:13:23 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
status: 200
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 368
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ads
googleads.g.doubleclick.net/pagead/ Frame 03FB 0
0 87ms
87ms Document
text/html 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5067310443593238&output=html&adk=1812271804&adf=3025194257&lmt=1589559919&plat=1%3A32776%2C2%3A32776%2C8%3A32776%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1589559919162&bpp=1&bdt=898&idt=1&shv=r20200511&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=740x185&nras=1&correlator=1630424912878&frm=20&pv=1&ga_vid=1103881291.1589559919&ga_sid=1589559919&ga_hid=855129066&ga_fc=0&iag=0&icsg=143675245936447&dssz=76&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21066085%2C21066124%2C182982100%2C182982300&oid=3&pvsid=593196012584025&pem=87&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8208&bc=31&ifi=5&uci=a!5&fsb=1&dtd=16

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200511/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5067310443593238&output=html&adk=1812271804&adf=3025194257&lmt=1589559919&plat=1%3A32776%2C2%3A32776%2C8%3A32776%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1589559919162&bpp=1&bdt=898&idt=1&shv=r20200511&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=740x185&nras=1&correlator=1630424912878&frm=20&pv=1&ga_vid=1103881291.1589559919&ga_sid=1589559919&ga_hid=855129066&ga_fc=0&iag=0&icsg=143675245936447&dssz=76&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21066085%2C21066124%2C182982100%2C182982300&oid=3&pvsid=593196012584025&pem=87&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8208&bc=31&ifi=5&uci=a!5&fsb=1&dtd=16
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmnaOKRCEic-Re2oXjtmpnSRHfB1y5fS1RlY7pKHPJ2ieOSyKA97Wamapde
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 15 May 2020 16:25:19 GMT
server: cafe
content-length: 1052
x-xss-protection: 0
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 page.php
www.facebook.com/v2.12/plugins/ Frame 25A8 0
0 65ms
64ms Document
text/html 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.12/plugins/page.php?adapt_container_width=true&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D46%23cb%3Df44a0173b63e08%26domain%3Dseguranca-informatica.pt%26origin%3Dhttps%253A%252F%252Fseguranca-informatica.pt%252Ff34a70f2a100378%26relation%3Dparent.parent&container_width=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fsegurancainformatica&locale=en_US&sdk=joey&show_facepile=true&small_header=false

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=b0ae6ab2705b949d7e4b28cc60e31c0d&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /v2.12/plugins/page.php?adapt_container_width=true&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D46%23cb%3Df44a0173b63e08%26domain%3Dseguranca-informatica.pt%26origin%3Dhttps%253A%252F%252Fseguranca-informatica.pt%252Ff34a70f2a100378%26relation%3Dparent.parent&container_width=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fsegurancainformatica&locale=en_US&sdk=joey&show_facepile=true&small_header=false
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: fr=0WcUD6ZFNQpmejBSj..BevsJu...1.0.BevsJu.
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Response headers

status: 200
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
pragma: no-cache
strict-transport-security: max-age=15552000; preload
content-encoding: br
timing-allow-origin: *
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
vary: Accept-Encoding
x-content-type-options: nosniff
facebook-api-version: v3.0
x-xss-protection: 0
content-type: text/html; charset="utf-8"
x-fb-debug: a0obQ9U1Wd0mVE3Z37v9WYYbE/THYC3Qne2LbbKkk8mMql1ddSc9yQ+WsIihZdysh4ogNot8qwVP0rrT45Ch4w==
date: Fri, 15 May 2020 16:25:19 GMT Fri, 15 May 2020 16:25:19 GMT
alt-svc: h3-27=":443"; ma=3600

GET sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame E385 0
0

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/ra-5a74cca42a90a07e/ 7 KB
1 KB 688ms
687ms Script
application/javascript 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/ra-5a74cca42a90a07e/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?ver=5.4.1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-44.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 85d11a34cf5ae0738a3f2a2e0f463484c9b7371b46c9e5bc991f57d44f58400f

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
content-encoding: gzip
etag: -713750497--gzip
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
status: 200
cache-control: public, max-age=59, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-length: 1214

GET
H2 200 300lo.json Show response
m.addthis.com/live/red_lojson/ 89 B
249 B 188ms
186ms Script
application/javascript 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://m.addthis.com/live/red_lojson/300lo.json?si=5ebec26f60444cf0&bkl=0&bl=5&pdt=2091&sid=5ebec26f60444cf0&pub=ra-5a74cca42a90a07e&rev=v8.28.5-wp&ln=pt&pc=wpp&cb=0&ab=-&dp=seguranca-informatica.pt&fp=brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F&fr=&fcu=Xr7Cb9OxX0M&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=1&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1589559919270&wpv=wpp-6.2.6&addthis_plugin_info=%7B%22info_status%22%3A%22enabled%22%2C%22cms_name%22%3A%22WordPress%22%2C%22plugin_name%22%3A%22Share%20Buttons%20by%20AddThis%22%2C%22plugin_version%22%3A%226.2.6%22%2C%22plugin_mode%22%3A%22AddThis%22%2C%22anonymous_profile_id%22%3A%22wp-1c09be8100890cf963a4479ddde30a88%22%2C%22page_info%22%3A%7B%22template%22%3A%22posts%22%2C%22post_type%22%3A%22%22%7D%2C%22sharing_enabled_on_post_via_metabox%22%3Afalse%7D&jsl=129&uvs=5ebec26fc453d010000&skipb=1&callback=addthis.cbs.jsonp__27668766030364320
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?ver=5.4.1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-44.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0df85097e94244ca09381822b45b249ba9baa7e59fe1d08d20f9a8e7f9ba27de

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
pragma: no-cache
date: Fri, 15 May 2020 16:25:19 GMT
cache-control: max-age=0, no-cache, no-store, no-transform
content-disposition: attachment; filename=1.txt
content-length: 89
content-type: application/javascript;charset=utf-8

GET
H2 200 sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame AE56 0
0 83ms
82ms Document
text/html 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?ver=5.4.1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

:method: GET
:authority: s7.addthis.com
:scheme: https
:path: /static/sh.f48a1a04fe8dbf021b4cda1d.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Response headers

status: 200
server: nginx/1.15.8
content-type: text/html
last-modified: Mon, 09 Sep 2019 15:34:57 GMT
etag: W/"5d767121-1115f"
timing-allow-origin: *
cache-control: public, max-age=86313600
p3p: CP="NON ADM OUR DEV IND COM STA"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 25412
date: Fri, 15 May 2020 16:25:19 GMT
vary: Accept-Encoding
x-host: s7.addthis.com

GET
H2 200 client.pt.min.json Show response
s7.addthis.com/l10n/ 4 KB
2 KB 183ms
85ms XHR
application/json 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/l10n/client.pt.min.json

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?ver=5.4.1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

2a0114ee843f8e5fcb15026a43365c3455464f43e1ea135b075e49662a9905b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Tue, 10 Sep 2019 15:15:17 GMT
server: nginx/1.15.8
status: 200
etag: W/"5d77be05-e24"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, s-maxage=604800
date: Fri, 15 May 2020 16:25:19 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 1747

GET
H2 200 /
www.facebook.com/tr/ 44 B
129 B 7ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=134215180689421&ev=PageView&dl=https%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F%23.Xr7Cb9OxX0M&rl=&if=false&ts=1589559919262&sw=1600&sh=1200&v=2.9.18&r=stable&ec=1&o=30&fbp=fb.1.1589559918794.30841961&it=1589559918584&coo=false&rqm=GET

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT, Fri, 15 May 2020 16:25:19 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 15 May 2020 16:25:19 GMT

POST
H2 200 /
www.facebook.com/tr/ 0
58 B 6ms
6ms Other
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFM6pFMQ8BDYAQKZr

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Fri, 15 May 2020 16:25:19 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://seguranca-informatica.pt
access-control-allow-credentials: true
alt-svc: h3-27=":443"; ma=3600
content-length: 0

GET
H2 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20200511/r20190131/ 142 KB
52 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20200511/r20190131/reactive_library_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200511/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

32c6c8175c556f53109ae8579fcd763478eb74c8b756e98f1f651ccf58732aff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 52596
x-xss-protection: 0
server: cafe
etag: 4912600474625003837
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 May 2020 16:25:19 GMT

GET
H2 200 ads
googleads.g.doubleclick.net/pagead/ Frame 9CC0 0
0 316ms
316ms Document
text/html 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5067310443593238&output=html&h=280&adk=1909131177&adf=3723832354&w=340&fwrn=4&fwrnh=100&lmt=1589559919&rafmt=1&to=qs&pwprc=7674192041&psa=1&guci=1.2.0.0.2.2.0.0&format=340x280&url=https%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F%23.Xr7Cb9OxX0M&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1589559919625&bpp=1&bdt=1361&idt=1&shv=r20200511&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=740x185%2C0x0%2C740x280%2C740x280%2C720x280&nras=4&correlator=1630424912878&frm=20&pv=1&ga_vid=1103881291.1589559919&ga_sid=1589559919&ga_hid=855129066&ga_fc=0&iag=0&icsg=143675245936447&dssz=79&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1023&ady=1665&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21066085%2C21066124%2C182982100%2C182982300&oid=3&psts=AGkb-H_UezkdLTl2bB85Md-Y7xTjZYQnn-hbY24h5yurOImBO4mKFASWXW15boTc4R9p%2CAGkb-H_UezkdLTl2bB85Md-Y7xTjZYQnn-hbY24h5yurOImBO4mKFASWXW15boTc4R9p&pvsid=593196012584025&pem=87&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8336&bc=31&ifi=9&uci=a!9&btvi=4&fsb=1&xpc=iigC4eMgFk&p=https%3A//seguranca-informatica.pt&dtd=59

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200511/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5067310443593238&output=html&h=280&adk=1909131177&adf=3723832354&w=340&fwrn=4&fwrnh=100&lmt=1589559919&rafmt=1&to=qs&pwprc=7674192041&psa=1&guci=1.2.0.0.2.2.0.0&format=340x280&url=https%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F%23.Xr7Cb9OxX0M&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1589559919625&bpp=1&bdt=1361&idt=1&shv=r20200511&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=740x185%2C0x0%2C740x280%2C740x280%2C720x280&nras=4&correlator=1630424912878&frm=20&pv=1&ga_vid=1103881291.1589559919&ga_sid=1589559919&ga_hid=855129066&ga_fc=0&iag=0&icsg=143675245936447&dssz=79&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1023&ady=1665&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21066085%2C21066124%2C182982100%2C182982300&oid=3&psts=AGkb-H_UezkdLTl2bB85Md-Y7xTjZYQnn-hbY24h5yurOImBO4mKFASWXW15boTc4R9p%2CAGkb-H_UezkdLTl2bB85Md-Y7xTjZYQnn-hbY24h5yurOImBO4mKFASWXW15boTc4R9p&pvsid=593196012584025&pem=87&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8336&bc=31&ifi=9&uci=a!9&btvi=4&fsb=1&xpc=iigC4eMgFk&p=https%3A//seguranca-informatica.pt&dtd=59
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 15 May 2020 16:25:19 GMT
server: cafe
content-length: 205
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 15-May-2020 16:40:19 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Fri, 15 May 2020 16:25:19 GMT
cache-control: private

GET
H/1.1 200
OK widget_iframe.2a008290075125adde2d7b849b06a0bb.html
platform.twitter.com/widgets/ Frame 4C4B 0
0 7ms
6ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2a008290075125adde2d7b849b06a0bb.html?origin=https%3A%2F%2Fseguranca-informatica.pt
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/40AE) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 79215
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Fri, 15 May 2020 16:25:19 GMT
Etag: "9fa476ae827f556d5b037fe43632370d+gzip"
Last-Modified: Tue, 12 May 2020 17:24:25 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/40AE)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 5825

GET
H/1.1 200
OK count-data.js Show response
seguranca-informatica.disqus.com/ 281 B
820 B 29ms
29ms Script
application/javascript 151.101.112.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.disqus.com/count-data.js?1=7502%20https%3A%2F%2Fseguranca-informatica.pt%2F%3Fp%3D7502

Requested by

Host: seguranca-informatica.disqus.com
URL: https://seguranca-informatica.disqus.com/count.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.134 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

6087407f28cbfab23e3c6e98e180dec583e1725fb522f414946e08e3c2a6d93d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 15 May 2020 16:25:19 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 742
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Vary: Accept-Encoding
Cache-Control: public, max-age=600
Connection: keep-alive
Content-Type: application/javascript; charset=UTF-8
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 281
X-XSS-Protection: 1; mode=block

GET
H2 200 lounge.db072b7d11b56c5c060394cab39e75c5.css
c.disquscdn.com/next/embed/styles/ 0
22 KB 37ms
17ms Other
text/css 2606:4700::6812:a913
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.db072b7d11b56c5c060394cab39e75c5.css

Requested by

Host: seguranca-informatica.disqus.com
URL: https://seguranca-informatica.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a913 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 167714
status: 200
strict-transport-security: max-age=300; includeSubdomains
content-length: 21979
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Wed, 13 May 2020 17:13:15 GMT
server: cloudflare
etag: "5ebc2aab-55db"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
cf-request-id: 02bac09c8c000098148d1c2200000001
accept-ranges: bytes
cf-ray: 593e36da7a379814-FRA
expires: Thu, 13 May 2021 17:50:03 GMT

GET
H2 200 common.bundle.f9554506a08a1cc2b021f0dfc3f59ebb.js
c.disquscdn.com/next/embed/ 0
89 KB 38ms
18ms Other
application/javascript 2606:4700::6812:a913
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.f9554506a08a1cc2b021f0dfc3f59ebb.js

Requested by

Host: seguranca-informatica.disqus.com
URL: https://seguranca-informatica.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a913 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2483106
status: 200
strict-transport-security: max-age=300; includeSubdomains
content-length: 90432
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Thu, 16 Apr 2020 22:27:00 GMT
server: cloudflare
etag: "5e98dbb4-16140"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
cf-request-id: 02bac09c8c000098148d1c3200000001
accept-ranges: bytes
cf-ray: 593e36da7a399814-FRA
expires: Fri, 16 Apr 2021 22:40:09 GMT

GET
H2 200 lounge.bundle.d3858dbda732166bc46a5391f5b0b789.js
c.disquscdn.com/next/embed/ 0
109 KB 43ms
23ms Other
application/javascript 2606:4700::6812:a913
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.d3858dbda732166bc46a5391f5b0b789.js

Requested by

Host: seguranca-informatica.disqus.com
URL: https://seguranca-informatica.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a913 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 84810
status: 200
strict-transport-security: max-age=300; includeSubdomains
content-length: 111169
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Thu, 14 May 2020 16:45:12 GMT
server: cloudflare
etag: "5ebd7598-1b241"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
cf-request-id: 02bac09c8c000098148d1c4200000001
accept-ranges: bytes
cf-ray: 593e36da7a3b9814-FRA
expires: Fri, 14 May 2021 16:51:48 GMT

GET
H/1.1 200
OK config.js
disqus.com/next/ 0
7 KB 117ms
40ms Other
application/javascript 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: seguranca-informatica.disqus.com
URL: https://seguranca-informatica.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 15 May 2020 16:25:19 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 44
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 6232
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK moment~timeline~tweet.4b4530aef3cb5159868348e8a492de60.js Show response
platform.twitter.com/js/ 24 KB
8 KB 7ms
7ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/moment~timeline~tweet.4b4530aef3cb5159868348e8a492de60.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/40D9) /
Resource Hash: 9c677df6c0eccea7dfe6231398ee68e1e1fcd0061912fb23275f631d8c1c8bae

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 15 May 2020 16:25:19 GMT
Content-Encoding: gzip
Last-Modified: Tue, 12 May 2020 17:24:16 GMT
Server: ECS (fcn/40D9)
Age: 79214
Etag: "8d1aa2559c6c7464859f2e6be8063257+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Content-Type: application/javascript; charset=utf-8
Content-Length: 7868

GET
H/1.1 200
OK timeline.dcd659352714d721a9f3457b8601524a.js Show response
platform.twitter.com/js/ 21 KB
7 KB 14ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/timeline.dcd659352714d721a9f3457b8601524a.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/4199) /
Resource Hash: cfc86c5d7acfe015875d9893737f5a243d8ba8c0cafef01b2b5ffa46cabb9e0e

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 15 May 2020 16:25:19 GMT
Content-Encoding: gzip
Last-Modified: Tue, 12 May 2020 17:24:16 GMT
Server: ECS (fcn/4199)
Age: 79213
Etag: "035c82c5b07090eda0eec374cd2886c7+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Content-Type: application/javascript; charset=utf-8
Content-Length: 6659

GET
H2 200 ads
googleads.g.doubleclick.net/pagead/ Frame E0B9 0
0 171ms
170ms Document
text/html 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5067310443593238&output=html&h=280&adk=1863295039&adf=2818823524&w=740&fwrn=4&fwrnh=100&lmt=1589559919&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7674192041&psa=1&guci=1.2.0.0.2.2.0.0&ad_type=text_image&format=740x280&url=https%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F%23.Xr7Cb9OxX0M&flash=0&fwr=0&pra=3&rh=185&rw=740&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&dt=1589559919625&bpp=2&bdt=1361&idt=-M&shv=r20200511&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=740x185%2C0x0&nras=2&correlator=1630424912878&frm=20&pv=1&ga_vid=1103881291.1589559919&ga_sid=1589559919&ga_hid=855129066&ga_fc=0&iag=0&icsg=143675245936447&dssz=78&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=223&ady=2983&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21066085%2C21066124%2C182982100%2C182982300&oid=3&psts=AGkb-H_UezkdLTl2bB85Md-Y7xTjZYQnn-hbY24h5yurOImBO4mKFASWXW15boTc4R9p%2CAGkb-H_UezkdLTl2bB85Md-Y7xTjZYQnn-hbY24h5yurOImBO4mKFASWXW15boTc4R9p&pvsid=593196012584025&pem=87&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8336&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=CHGmCAcpmo&p=https%3A//seguranca-informatica.pt&dtd=43

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200511/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5067310443593238&output=html&h=280&adk=1863295039&adf=2818823524&w=740&fwrn=4&fwrnh=100&lmt=1589559919&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7674192041&psa=1&guci=1.2.0.0.2.2.0.0&ad_type=text_image&format=740x280&url=https%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F%23.Xr7Cb9OxX0M&flash=0&fwr=0&pra=3&rh=185&rw=740&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&dt=1589559919625&bpp=2&bdt=1361&idt=-M&shv=r20200511&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=740x185%2C0x0&nras=2&correlator=1630424912878&frm=20&pv=1&ga_vid=1103881291.1589559919&ga_sid=1589559919&ga_hid=855129066&ga_fc=0&iag=0&icsg=143675245936447&dssz=78&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=223&ady=2983&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21066085%2C21066124%2C182982100%2C182982300&oid=3&psts=AGkb-H_UezkdLTl2bB85Md-Y7xTjZYQnn-hbY24h5yurOImBO4mKFASWXW15boTc4R9p%2CAGkb-H_UezkdLTl2bB85Md-Y7xTjZYQnn-hbY24h5yurOImBO4mKFASWXW15boTc4R9p&pvsid=593196012584025&pem=87&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8336&bc=31&ifi=6&uci=a!6&btvi=1&fsb=1&xpc=CHGmCAcpmo&p=https%3A//seguranca-informatica.pt&dtd=43
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 15 May 2020 16:25:19 GMT
server: cafe
content-length: 205
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 15-May-2020 16:40:19 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Fri, 15 May 2020 16:25:19 GMT
cache-control: private

GET
H2 200 ads
googleads.g.doubleclick.net/pagead/ Frame AAC9 0
0 198ms
196ms Document
text/html 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5067310443593238&output=html&h=280&adk=1863295039&adf=4183343689&w=740&fwrn=4&fwrnh=100&lmt=1589559919&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7674192041&psa=1&guci=1.2.0.0.2.2.0.0&ad_type=text_image&format=740x280&url=https%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F%23.Xr7Cb9OxX0M&flash=0&fwr=0&pra=3&rh=185&rw=740&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&dt=1589559919625&bpp=2&bdt=1360&idt=-M&shv=r20200511&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=740x185%2C0x0%2C740x280&nras=3&correlator=1630424912878&frm=20&pv=1&ga_vid=1103881291.1589559919&ga_sid=1589559919&ga_hid=855129066&ga_fc=0&iag=0&icsg=143675245936447&dssz=79&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=223&ady=4715&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21066085%2C21066124%2C182982100%2C182982300&oid=3&psts=AGkb-H_UezkdLTl2bB85Md-Y7xTjZYQnn-hbY24h5yurOImBO4mKFASWXW15boTc4R9p%2CAGkb-H_UezkdLTl2bB85Md-Y7xTjZYQnn-hbY24h5yurOImBO4mKFASWXW15boTc4R9p&pvsid=593196012584025&pem=87&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8336&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=hBjqLaFlcI&p=https%3A//seguranca-informatica.pt&dtd=49

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200511/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5067310443593238&output=html&h=280&adk=1863295039&adf=4183343689&w=740&fwrn=4&fwrnh=100&lmt=1589559919&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7674192041&psa=1&guci=1.2.0.0.2.2.0.0&ad_type=text_image&format=740x280&url=https%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F%23.Xr7Cb9OxX0M&flash=0&fwr=0&pra=3&rh=185&rw=740&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&dt=1589559919625&bpp=2&bdt=1360&idt=-M&shv=r20200511&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=740x185%2C0x0%2C740x280&nras=3&correlator=1630424912878&frm=20&pv=1&ga_vid=1103881291.1589559919&ga_sid=1589559919&ga_hid=855129066&ga_fc=0&iag=0&icsg=143675245936447&dssz=79&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=223&ady=4715&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21066085%2C21066124%2C182982100%2C182982300&oid=3&psts=AGkb-H_UezkdLTl2bB85Md-Y7xTjZYQnn-hbY24h5yurOImBO4mKFASWXW15boTc4R9p%2CAGkb-H_UezkdLTl2bB85Md-Y7xTjZYQnn-hbY24h5yurOImBO4mKFASWXW15boTc4R9p&pvsid=593196012584025&pem=87&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8336&bc=31&ifi=7&uci=a!7&btvi=2&fsb=1&xpc=hBjqLaFlcI&p=https%3A//seguranca-informatica.pt&dtd=49
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 15 May 2020 16:25:19 GMT
server: cafe
content-length: 205
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 15-May-2020 16:40:19 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Fri, 15 May 2020 16:25:19 GMT
cache-control: private

GET
H2 200 ads
googleads.g.doubleclick.net/pagead/ Frame D62A 0
0 158ms
157ms Document
text/html 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5067310443593238&output=html&h=280&adk=3832473613&adf=1840210285&w=720&fwrn=4&fwrnh=100&lmt=1589559919&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7674192041&psa=1&guci=1.2.0.0.2.2.0.0&ad_type=text_image&format=720x280&url=https%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F%23.Xr7Cb9OxX0M&flash=0&fwr=0&pra=3&rh=180&rw=720&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&dt=1589559919625&bpp=1&bdt=1361&idt=-M&shv=r20200511&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=740x185%2C0x0%2C740x280%2C740x280&nras=4&correlator=1630424912878&frm=20&pv=1&ga_vid=1103881291.1589559919&ga_sid=1589559919&ga_hid=855129066&ga_fc=0&iag=0&icsg=143675245936447&dssz=79&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=243&ady=6098&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21066085%2C21066124%2C182982100%2C182982300&oid=3&psts=AGkb-H_UezkdLTl2bB85Md-Y7xTjZYQnn-hbY24h5yurOImBO4mKFASWXW15boTc4R9p%2CAGkb-H_UezkdLTl2bB85Md-Y7xTjZYQnn-hbY24h5yurOImBO4mKFASWXW15boTc4R9p&pvsid=593196012584025&pem=87&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8336&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=Ni9rtYE5II&p=https%3A//seguranca-informatica.pt&dtd=54

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200511/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5067310443593238&output=html&h=280&adk=3832473613&adf=1840210285&w=720&fwrn=4&fwrnh=100&lmt=1589559919&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7674192041&psa=1&guci=1.2.0.0.2.2.0.0&ad_type=text_image&format=720x280&url=https%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F%23.Xr7Cb9OxX0M&flash=0&fwr=0&pra=3&rh=180&rw=720&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&dt=1589559919625&bpp=1&bdt=1361&idt=-M&shv=r20200511&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=740x185%2C0x0%2C740x280%2C740x280&nras=4&correlator=1630424912878&frm=20&pv=1&ga_vid=1103881291.1589559919&ga_sid=1589559919&ga_hid=855129066&ga_fc=0&iag=0&icsg=143675245936447&dssz=79&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=243&ady=6098&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21066085%2C21066124%2C182982100%2C182982300&oid=3&psts=AGkb-H_UezkdLTl2bB85Md-Y7xTjZYQnn-hbY24h5yurOImBO4mKFASWXW15boTc4R9p%2CAGkb-H_UezkdLTl2bB85Md-Y7xTjZYQnn-hbY24h5yurOImBO4mKFASWXW15boTc4R9p&pvsid=593196012584025&pem=87&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8336&bc=31&ifi=8&uci=a!8&btvi=3&fsb=1&xpc=Ni9rtYE5II&p=https%3A//seguranca-informatica.pt&dtd=54
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 15 May 2020 16:25:19 GMT
server: cafe
content-length: 205
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 15-May-2020 16:40:19 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Fri, 15 May 2020 16:25:19 GMT
cache-control: private

GET
H2 200 profile Show response
cdn.syndication.twimg.com/timeline/ 190 KB
16 KB 28ms
7ms Script
application/javascript 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.syndication.twimg.com/timeline/profile?callback=__twttr.callbacks.tl_i0_profile_sirpedrotavares_old&dnt=false&domain=seguranca-informatica.pt&lang=pt&screen_name=sirpedrotavares&suppress_response_codes=true&t=1766177&tz=GMT%2B0200&with_replies=false

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40D7) /

Resource Hash

b9fb5b0f85d85712c484371fdbfecd018e2cbf9c627670b601a502fa4577a129

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 255
x-cache: HIT
status: 200
content-disposition: attachment; filename=jsonp.jsonp
vary: Accept-Encoding
content-length: 15666
x-xss-protection: 0
x-response-time: 207
last-modified: Fri, 15 May 2020 16:21:04 GMT
server: ECS (fcn/40D7)
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
access-control-allow-methods: GET
content-type: application/javascript;charset=utf-8
expires: Fri, 15 May 2020 16:30:19 GMT
cache-control: must-revalidate, max-age=300
x-connection-hash: ae84255df82d3ca22d2282484fb090d3
accept-ranges: bytes
timing-allow-origin: *
x-transaction: 0011122b008ecc5e
access-contol-allow-origin: platform.twitter.com

GET
H2 200 syndication
syndication.twitter.com/i/jot/ 43 B
360 B 277ms
269ms Image
image/gif 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot/syndication?l=%7B%22_category_%22%3A%22syndicated_impression%22%2C%22triggered_on%22%3A1589559919791%2C%22dnt%22%3Afalse%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22timeline%22%2C%22action%22%3A%22impression%22%7D%7D

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 232
pragma: no-cache
last-modified: Fri, 15 May 2020 16:25:19 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 72bea6e80254fbf55cb41480d33a0f8f
x-transaction: 00b6ccbc0032eb93
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 1f9d0.png
abs.twimg.com/emoji/v2/72x72/ Frame 70B5 1 KB
1 KB 11ms
8ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/1f9d0.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41D7) /

Resource Hash

36db3512ea89976cd734e544a1edd6a0609a824da59b596146f955cb6274040c

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 26864440
x-ton-expected-size: 1105
x-cache: HIT
status: 200
content-length: 1105
x-response-time: 14
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:30:38 GMT
server: ECS (fcn/41D7)
etag: "oA1ovLweWKnd1llNXl6J9g=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 6b4e9879fbd20b51dad5368df81c0d1e
accept-ranges: bytes
expires: Sat, 15 May 2021 16:25:19 GMT

GET
H2 200 1f1f5-1f1f9.png
abs.twimg.com/emoji/v2/72x72/ Frame 70B5 715 B
856 B 10ms
8ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/1f1f5-1f1f9.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4191) /

Resource Hash

659e7da9c5f2ea8933af2e78a4d9646b419851e9979dbb38d12e9d43c7711cb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 21830885
x-ton-expected-size: 715
x-cache: HIT
status: 200
content-length: 715
x-response-time: 7
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:28:27 GMT
server: ECS (fcn/4191)
etag: "FTmpXqH4P3R1TK0OI32VdQ=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 7f221139df6ccec7082a82d479eaf700
accept-ranges: bytes
expires: Sat, 15 May 2021 16:25:19 GMT

GET
H2 200 26a0.png
abs.twimg.com/emoji/v2/72x72/ Frame 70B5 595 B
809 B 9ms
7ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/26a0.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/418E) /

Resource Hash

7a03a74a92cb2f04b7f3e0338f51a3c4dfc1491a8f046b722f8a951502a7740e

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 12199791
x-ton-expected-size: 595
x-cache: HIT
status: 200
content-length: 595
x-response-time: 2244
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:30:42 GMT
server: ECS (fcn/418E)
etag: "Z7wDoqWvSIaJGOXpgObfsw=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 9d58789b3c8608664e2f04bd4858f222
accept-ranges: bytes
expires: Sat, 15 May 2021 16:25:17 GMT

GET
H2 200 2622.png
abs.twimg.com/emoji/v2/72x72/ Frame 70B5 755 B
899 B 10ms
7ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/2622.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4190) /

Resource Hash

e6dc579ac077f2e0bd24a04b3d2b0c88a2d977cd22a5170d2851644e5f25ec68

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 28573315
x-ton-expected-size: 755
x-cache: HIT
status: 200
content-length: 755
x-response-time: 24
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:30:42 GMT
server: ECS (fcn/4190)
etag: "noPKYKGFNOZUq+jtdn1H7Q=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: c8e143c7c44c839e0b908883c3b7c016
accept-ranges: bytes
expires: Sat, 15 May 2021 16:25:19 GMT

GET
H2 200 otrHzz7B
pbs.twimg.com/card_img/1260915470120738818/ Frame 70B5 4 KB
5 KB 11ms
9ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1260915470120738818/otrHzz7B?format=jpg&name=144x144_2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/419D) /

Resource Hash

bab527bcf0232ad28a870abdd7e18dd7b42b0994beb65c36530ae9baba74494b

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 99246
x-cache: HIT
status: 200
content-length: 4429
x-response-time: 140
surrogate-key: card_img card_img/bucket/5 card_img/1260915470120738818
last-modified: Thu, 14 May 2020 12:48:49 GMT
server: ECS (fcn/419D)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: ae39201cbd3bcd4a9f2c4d9d9c8b113a
accept-ranges: bytes

GET
H2 200 bOXSAGDp
pbs.twimg.com/card_img/1260880527042777090/ Frame 70B5 2 KB
2 KB 11ms
9ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1260880527042777090/bOXSAGDp?format=png&name=144x144_2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40F7) /

Resource Hash

94ece170ac337a76b357bb486ae6ddb00ef2418e8b00d81cac6942b8ebfb6510

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 107575
x-cache: HIT
status: 200
content-length: 1638
x-response-time: 142
surrogate-key: card_img card_img/bucket/3 card_img/1260880527042777090
last-modified: Thu, 14 May 2020 10:29:58 GMT
server: ECS (fcn/40F7)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 7d467480b3cee22e40d7be671cd223fc
accept-ranges: bytes

GET
H2 200 iRaKib4f
pbs.twimg.com/card_img/1260727687439618048/ Frame 70B5 55 KB
55 KB 10ms
7ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1260727687439618048/iRaKib4f?format=jpg&name=600x314

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/419B) /

Resource Hash

46b713ecb8535f31055d6349de02f1051cb87a9433a17ad7e80d8efb065a03e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 124911
x-cache: HIT
status: 200
content-length: 56026
x-response-time: 149
surrogate-key: card_img card_img/bucket/5 card_img/1260727687439618048
last-modified: Thu, 14 May 2020 00:22:38 GMT
server: ECS (fcn/419B)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 6c4647d244ff72f7fd01c22cfe1e1709
accept-ranges: bytes

GET
H2 200 2623.png
abs.twimg.com/emoji/v2/72x72/ Frame 70B5 1 KB
1 KB 9ms
6ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/2623.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40D4) /

Resource Hash

91d4207e7c66e4f58b75db09d4bf19e44186e48913d9f9fb8a15823019ea143b

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 24899231
x-ton-expected-size: 1028
x-cache: HIT
status: 200
content-length: 1028
x-response-time: 8
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:30:42 GMT
server: ECS (fcn/40D4)
etag: "RmsuVSL5GfkT0nAdRbywqg=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 33e481a24c36c56d6e4675eb63f696be
accept-ranges: bytes
expires: Sat, 15 May 2021 16:25:19 GMT

GET
H2 200 27a1.png
abs.twimg.com/emoji/v2/72x72/ Frame 70B5 363 B
507 B 9ms
7ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/27a1.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40D1) /

Resource Hash

d5b7288f327425755badd771bd9807addb77d9a752890906f95eddfed131b627

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 30876675
x-ton-expected-size: 363
x-cache: HIT
status: 200
content-length: 363
x-response-time: 16
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:30:44 GMT
server: ECS (fcn/40D1)
etag: "80IPnYtwZPbD8vd5/RBI8A=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 4dbe75df63108177785b2cb63a49f9f6
accept-ranges: bytes
expires: Sat, 15 May 2021 16:25:19 GMT

GET
H2 200 1f4b3.png
abs.twimg.com/emoji/v2/72x72/ Frame 70B5 439 B
619 B 15ms
13ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/1f4b3.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40E9) /

Resource Hash

66a1646024f0fd58b7fbc8f674b9c097d9e9a96ab0dbb11b92bb377a2eccfa4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 28665303
x-ton-expected-size: 439
x-cache: HIT
status: 200
content-length: 439
x-response-time: 22
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:30:24 GMT
server: ECS (fcn/40E9)
etag: "ZL78/npQ0q6CVv3uroQDcg=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 32d2858c50357697ee3892e072942f68
accept-ranges: bytes
expires: Sat, 15 May 2021 16:25:19 GMT

GET
H2 200 2705.png
abs.twimg.com/emoji/v2/72x72/ Frame 70B5 525 B
698 B 15ms
13ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/2705.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40E4) /

Resource Hash

e3cc2f7251c41ff1f4b2e07a3ccd074d21288160fbd9893f0f0e4fc62d2c63c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 12053712
x-ton-expected-size: 525
x-cache: HIT
status: 200
content-length: 525
x-response-time: 8
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:30:43 GMT
server: ECS (fcn/40E4)
etag: "7zUYLT41o1+zuu1kEClhZw=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 0b4a7deb331d83726a6482563cdaa204
accept-ranges: bytes
expires: Sat, 15 May 2021 16:25:19 GMT

GET
H2 200 Bj3eS0F8
pbs.twimg.com/card_img/1260313571361042433/ Frame 70B5 6 KB
6 KB 16ms
14ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1260313571361042433/Bj3eS0F8?format=png&name=144x144_2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40DC) /

Resource Hash

c90172b5431c9075ab79303e0ce34e304768f6602952a97c14fa0010885b03a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 240707
x-cache: HIT
status: 200
content-length: 6408
x-response-time: 152
surrogate-key: card_img card_img/bucket/9 card_img/1260313571361042433
last-modified: Tue, 12 May 2020 20:57:05 GMT
server: ECS (fcn/40DC)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 060b725ecae9640d7f5632c45fa259a3
accept-ranges: bytes

GET
H2 200 1f3ac.png
abs.twimg.com/emoji/v2/72x72/ Frame 70B5 697 B
849 B 13ms
13ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/1f3ac.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40E5) /

Resource Hash

0952427c6f4fa6f960b8954afbf10c45ab099876ec25e748b73ade0757e88207

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 28668621
x-ton-expected-size: 697
x-cache: HIT
status: 200
content-length: 697
x-response-time: 19
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:28:31 GMT
server: ECS (fcn/40E5)
etag: "aXu0aU2odwMElU/npBtK3w=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 251b256d854f56d742e225ad4f2bd243
accept-ranges: bytes
expires: Sat, 15 May 2021 16:25:19 GMT

GET
H2 200 1f41e.png
abs.twimg.com/emoji/v2/72x72/ Frame 70B5 998 B
1 KB 7ms
6ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/1f41e.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40DE) /

Resource Hash

e69c8d33258983d26a64c123163df7cccdccffc8178e8c4365ae5c58e48040d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 30974390
x-ton-expected-size: 998
x-cache: HIT
status: 200
content-length: 998
x-response-time: 66
surrogate-key: twitter-assets
last-modified: Mon, 17 Sep 2018 19:12:54 GMT
server: ECS (fcn/40DE)
etag: "wQtQ1Npn7ccQl1w0b/vQIA=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 2587fb3ccab86103942acaac20d85f01
accept-ranges: bytes
expires: Sat, 15 May 2021 16:25:19 GMT

GET
H2 200 1f3e6.png
abs.twimg.com/emoji/v2/72x72/ Frame 70B5 526 B
669 B 7ms
7ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/1f3e6.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40FA) /

Resource Hash

18f1e1f4fe5585108349cf029e48ad91a12dae4627be962667fb0b4933c69bba

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 20631725
x-ton-expected-size: 526
x-cache: HIT
status: 200
content-length: 526
x-response-time: 17
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:28:33 GMT
server: ECS (fcn/40FA)
etag: "7oybjS8/zWyVdOorER5KGA=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 31a9e160c2975bee464fb1c3db1dd792
accept-ranges: bytes
expires: Sat, 15 May 2021 16:25:19 GMT

GET
H2 200 1f1ef-1f1f5.png
abs.twimg.com/emoji/v2/72x72/ Frame 70B5 335 B
465 B 10ms
7ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/1f1ef-1f1f5.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40DE) /

Resource Hash

18055014f2eafc20d5a83b1af0a659b8ff8aa38e9c4aa2996750e9177588f145

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 21481462
x-ton-expected-size: 335
x-cache: HIT
status: 200
content-length: 335
x-response-time: 30
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:28:26 GMT
server: ECS (fcn/40DE)
etag: "i1up/RvmEhvPjzMdgrv7nw=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 0b79638f44ecd55bcf6b3e20f597fcde
accept-ranges: bytes
expires: Sat, 15 May 2021 16:25:19 GMT

GET
H2 200 7uHJC-KV
pbs.twimg.com/card_img/1259974755957997570/ Frame 70B5 4 KB
4 KB 10ms
7ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1259974755957997570/7uHJC-KV?format=jpg&name=144x144_2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/418E) /

Resource Hash

079d21515f2c8e93ebb26f1f9f89fa7dd1cc4dd7aeb37a78eb0a5b9e9fc5a64b

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 323540
x-cache: HIT
status: 200
content-length: 4303
x-response-time: 143
surrogate-key: card_img card_img/bucket/6 card_img/1259974755957997570
last-modified: Mon, 11 May 2020 22:30:45 GMT
server: ECS (fcn/418E)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 09fefbe59989eaba26df6deb730afe00
accept-ranges: bytes

GET
H2 200 Ut37ZGRp
pbs.twimg.com/card_img/1257322194239025158/ Frame 70B5 5 KB
5 KB 10ms
8ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1257322194239025158/Ut37ZGRp?format=jpg&name=144x144_2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40AE) /

Resource Hash

e918c7a354d2f69cfd44ad24c87b814cf2d86a0d73854f3259cc69f9f3f6a19c

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 226741
x-cache: HIT
status: 200
content-length: 4867
x-response-time: 143
surrogate-key: card_img card_img/bucket/5 card_img/1257322194239025158
last-modified: Mon, 04 May 2020 14:50:25 GMT
server: ECS (fcn/40AE)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 794e6d1d4d98dc958a6bd2265bf03a85
accept-ranges: bytes

GET
H/1.1 200
OK timeline.d41c1d7e4bac44f4658ca45d09564e79.light.ltr.css
platform.twitter.com/css/ Frame 70B5 52 KB
12 KB 6ms
6ms Stylesheet
text/css 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/css/timeline.d41c1d7e4bac44f4658ca45d09564e79.light.ltr.css
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/419E) /
Resource Hash: 12bf529a0f4d0a3f10d003a07d5b91e40579a3da18022a9896a9ccd9e5dc1b33

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 15 May 2020 16:25:19 GMT
Content-Encoding: gzip
Last-Modified: Tue, 12 May 2020 17:24:12 GMT
Server: ECS (fcn/419E)
Age: 79214
Etag: "0100ec69a2c00683a1ae89e074b822c1+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Content-Type: text/css; charset=utf-8
Content-Length: 12155

GET
H/1.1 200
OK timeline.d41c1d7e4bac44f4658ca45d09564e79.light.ltr.css
platform.twitter.com/css/ 52 KB
52 KB 8ms
6ms Image
text/css 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform.twitter.com/css/timeline.d41c1d7e4bac44f4658ca45d09564e79.light.ltr.css
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/419E) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 15 May 2020 16:25:19 GMT
Content-Encoding: gzip
Last-Modified: Tue, 12 May 2020 17:24:12 GMT
Server: ECS (fcn/419E)
Age: 79214
Etag: "0100ec69a2c00683a1ae89e074b822c1+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Content-Type: text/css; charset=utf-8
Content-Length: 12155

GET
H/1.1 200
OK /
disqus.com/embed/comments/ Frame 211A 0
0 300ms
299ms Document
text/html 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/embed/comments/?base=default&f=seguranca-informatica&t_i=7502%20https%3A%2F%2Fseguranca-informatica.pt%2F%3Fp%3D7502&t_u=https%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F&t_e=Brazilian%20trojan%20banker%20is%20targeting%20Portuguese%20users%20using%20browser%20overlay&t_d=Brazilian%20trojan%20banker%20is%20targeting%20Portuguese%20users%20using%20browser%20overlay&t_t=Brazilian%20trojan%20banker%20is%20targeting%20Portuguese%20users%20using%20browser%20overlay&s_o=default

Requested by

Host: seguranca-informatica.disqus.com
URL: https://seguranca-informatica.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: disqus.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Response headers

Connection: keep-alive
Content-Length: 2646
Server: nginx
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Type: text/html; charset=utf-8
Last-Modified: Wed, 06 May 2020 22:29:24 GMT
ETag: W/"lounge:view:8011033060.e872d7a7e2c13f8bb3d669b80af3f2af.2"
Content-Encoding: gzip
Date: Fri, 15 May 2020 16:25:20 GMT
Age: 0
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains

GET
H2 200 1f9d0.png
abs.twimg.com/emoji/v2/72x72/ Frame 70B5 1 KB
1 KB 11ms
8ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/1f9d0.png

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline~tweet.4b4530aef3cb5159868348e8a492de60.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41D7) /

Resource Hash

36db3512ea89976cd734e544a1edd6a0609a824da59b596146f955cb6274040c

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 26864440
x-ton-expected-size: 1105
x-cache: HIT
status: 200
content-length: 1105
x-response-time: 14
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:30:38 GMT
server: ECS (fcn/41D7)
etag: "oA1ovLweWKnd1llNXl6J9g=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 6b4e9879fbd20b51dad5368df81c0d1e
accept-ranges: bytes
expires: Sat, 15 May 2021 16:25:19 GMT

GET
H2 200 1f1f5-1f1f9.png
abs.twimg.com/emoji/v2/72x72/ Frame 70B5 715 B
861 B 11ms
8ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/1f1f5-1f1f9.png

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline~tweet.4b4530aef3cb5159868348e8a492de60.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4191) /

Resource Hash

659e7da9c5f2ea8933af2e78a4d9646b419851e9979dbb38d12e9d43c7711cb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 21830885
x-ton-expected-size: 715
x-cache: HIT
status: 200
content-length: 715
x-response-time: 7
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:28:27 GMT
server: ECS (fcn/4191)
etag: "FTmpXqH4P3R1TK0OI32VdQ=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 7f221139df6ccec7082a82d479eaf700
accept-ranges: bytes
expires: Sat, 15 May 2021 16:25:19 GMT

GET
H2 200 26a0.png
abs.twimg.com/emoji/v2/72x72/ Frame 70B5 595 B
787 B 11ms
9ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/26a0.png

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline~tweet.4b4530aef3cb5159868348e8a492de60.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/418E) /

Resource Hash

7a03a74a92cb2f04b7f3e0338f51a3c4dfc1491a8f046b722f8a951502a7740e

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 12199791
x-ton-expected-size: 595
x-cache: HIT
status: 200
content-length: 595
x-response-time: 2244
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:30:42 GMT
server: ECS (fcn/418E)
etag: "Z7wDoqWvSIaJGOXpgObfsw=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 9d58789b3c8608664e2f04bd4858f222
accept-ranges: bytes
expires: Sat, 15 May 2021 16:25:17 GMT

GET
H2 200 2622.png
abs.twimg.com/emoji/v2/72x72/ Frame 70B5 755 B
876 B 11ms
9ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/2622.png

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline~tweet.4b4530aef3cb5159868348e8a492de60.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4190) /

Resource Hash

e6dc579ac077f2e0bd24a04b3d2b0c88a2d977cd22a5170d2851644e5f25ec68

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 28573315
x-ton-expected-size: 755
x-cache: HIT
status: 200
content-length: 755
x-response-time: 24
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:30:42 GMT
server: ECS (fcn/4190)
etag: "noPKYKGFNOZUq+jtdn1H7Q=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: c8e143c7c44c839e0b908883c3b7c016
accept-ranges: bytes
expires: Sat, 15 May 2021 16:25:19 GMT

GET
H2 200 otrHzz7B
pbs.twimg.com/card_img/1260915470120738818/ Frame 70B5 4 KB
4 KB 21ms
20ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1260915470120738818/otrHzz7B?format=jpg&name=144x144_2

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline~tweet.4b4530aef3cb5159868348e8a492de60.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40D4) /

Resource Hash

bab527bcf0232ad28a870abdd7e18dd7b42b0994beb65c36530ae9baba74494b

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 99246
x-cache: MISS
status: 200
content-length: 4429
x-response-time: 140
surrogate-key: card_img card_img/bucket/5 card_img/1260915470120738818
last-modified: Thu, 14 May 2020 12:48:49 GMT
server: ECS (fcn/40D4)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: ae39201cbd3bcd4a9f2c4d9d9c8b113a
accept-ranges: bytes

GET
H2 200 bOXSAGDp
pbs.twimg.com/card_img/1260880527042777090/ Frame 70B5 2 KB
2 KB 27ms
24ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1260880527042777090/bOXSAGDp?format=png&name=144x144_2

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline~tweet.4b4530aef3cb5159868348e8a492de60.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41D7) /

Resource Hash

94ece170ac337a76b357bb486ae6ddb00ef2418e8b00d81cac6942b8ebfb6510

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 107575
x-cache: HIT
status: 200
content-length: 1638
x-response-time: 142
surrogate-key: card_img card_img/bucket/3 card_img/1260880527042777090
last-modified: Thu, 14 May 2020 10:29:58 GMT
server: ECS (fcn/41D7)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 7d467480b3cee22e40d7be671cd223fc
accept-ranges: bytes

GET
H2 200 2623.png
abs.twimg.com/emoji/v2/72x72/ Frame 70B5 1 KB
1 KB 9ms
7ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/2623.png

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline~tweet.4b4530aef3cb5159868348e8a492de60.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40D4) /

Resource Hash

91d4207e7c66e4f58b75db09d4bf19e44186e48913d9f9fb8a15823019ea143b

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 24899231
x-ton-expected-size: 1028
x-cache: HIT
status: 200
content-length: 1028
x-response-time: 8
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:30:42 GMT
server: ECS (fcn/40D4)
etag: "RmsuVSL5GfkT0nAdRbywqg=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 33e481a24c36c56d6e4675eb63f696be
accept-ranges: bytes
expires: Sat, 15 May 2021 16:25:19 GMT

GET
H2 200 27a1.png
abs.twimg.com/emoji/v2/72x72/ Frame 70B5 363 B
517 B 10ms
7ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/27a1.png

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline~tweet.4b4530aef3cb5159868348e8a492de60.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40D1) /

Resource Hash

d5b7288f327425755badd771bd9807addb77d9a752890906f95eddfed131b627

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 30876675
x-ton-expected-size: 363
x-cache: HIT
status: 200
content-length: 363
x-response-time: 16
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:30:44 GMT
server: ECS (fcn/40D1)
etag: "80IPnYtwZPbD8vd5/RBI8A=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 4dbe75df63108177785b2cb63a49f9f6
accept-ranges: bytes
expires: Sat, 15 May 2021 16:25:19 GMT

GET
H2 200 TB7O3TW0_normal.jpg
pbs.twimg.com/profile_images/1058367083518529536/ Frame 70B5 2 KB
2 KB 10ms
8ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1058367083518529536/TB7O3TW0_normal.jpg

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40D7) /

Resource Hash

a71906f87b3603ad144c94d721618e87bd868fefbabf53743730c6aa0f1b1343

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 5697
x-cache: HIT
status: 200
content-length: 2111
x-response-time: 128
surrogate-key: profile_images profile_images/bucket/1 profile_images/1058367083518529536
last-modified: Fri, 02 Nov 2018 14:33:50 GMT
server: ECS (fcn/40D7)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: a20ebe630e0c8de244ed1ce3e4ae49c9
accept-ranges: bytes

GET
H2 200 rAT-5Sgb_normal.jpg
pbs.twimg.com/profile_images/1250537180499509250/ Frame 70B5 2 KB
2 KB 11ms
9ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1250537180499509250/rAT-5Sgb_normal.jpg

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40B0) /

Resource Hash

f403b8185a2a6777d3ca85a914289b03522d148b1f12d4087b564a35417a1f47

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 153152
x-cache: HIT
status: 200
content-length: 1959
x-response-time: 124
surrogate-key: profile_images profile_images/bucket/3 profile_images/1250537180499509250
last-modified: Wed, 15 Apr 2020 21:29:12 GMT
server: ECS (fcn/40B0)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 81d219c5e3dc28c96b5202b0b1cf750e
accept-ranges: bytes

GET
H2 200 ETgkedSV_normal.jpg
pbs.twimg.com/profile_images/838808063163396096/ Frame 70B5 2 KB
2 KB 10ms
8ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/838808063163396096/ETgkedSV_normal.jpg

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41A1) /

Resource Hash

7c4d72e2d472e7e06026bb5d0015364bf5592cce84d6e747af34f90227b15821

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 238611
x-cache: HIT
status: 200
content-length: 2111
x-response-time: 120
surrogate-key: profile_images profile_images/bucket/5 profile_images/838808063163396096
last-modified: Mon, 06 Mar 2017 17:44:41 GMT
server: ECS (fcn/41A1)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: a363f0f181614d5ccff05ee7a5b58d3c
accept-ranges: bytes

GET
H2 200 hIimMJ6R_normal.jpg
pbs.twimg.com/profile_images/1216860398118371329/ Frame 70B5 2 KB
3 KB 12ms
10ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1216860398118371329/hIimMJ6R_normal.jpg

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4193) /

Resource Hash

78f1e4753f574162c7ab58a2ab05779e44cb50b8c53ef59852e4d801597abfaf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 297057
x-cache: HIT
status: 200
content-length: 2339
x-response-time: 113
surrogate-key: profile_images profile_images/bucket/3 profile_images/1216860398118371329
last-modified: Mon, 13 Jan 2020 23:09:41 GMT
server: ECS (fcn/4193)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 3af2a2587c4691a4556f23c969fd2f09
accept-ranges: bytes

GET
H2 200 1cjg0aMs_normal.png
pbs.twimg.com/profile_images/594161373703188480/ Frame 70B5 2 KB
2 KB 10ms
8ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/594161373703188480/1cjg0aMs_normal.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4196) /

Resource Hash

2cf6e3735711cb747ba8bdf53c78cf954bf3579d10d691dfefefd243f1a5dd6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 132060
x-cache: HIT
status: 200
content-length: 2035
x-response-time: 125
surrogate-key: profile_images profile_images/bucket/6 profile_images/594161373703188480
last-modified: Fri, 01 May 2015 15:26:05 GMT
server: ECS (fcn/4196)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 03c68d6bc089fcc504ed639b2f3aea18
accept-ranges: bytes

GET
H2 200 4ae724ea6ed248d871bc9d523ae1c24e_normal.png
pbs.twimg.com/profile_images/3703513695/ Frame 70B5 7 KB
7 KB 9ms
7ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/3703513695/4ae724ea6ed248d871bc9d523ae1c24e_normal.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4191) /

Resource Hash

c8d20f2ec4e0562596cd22bc91b00586d7fe77152cbfeb81db48b38274fdaf18

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 197977
x-cache: HIT
status: 200
content-length: 7190
x-response-time: 119
surrogate-key: profile_images profile_images/bucket/2 profile_images/3703513695
last-modified: Thu, 04 Nov 2010 01:42:54 GMT
server: ECS (fcn/4191)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: d0ef0ec2689378102f0278e97c3c402e
accept-ranges: bytes

GET
H2 200 EYAlJ8fWAAElsTX
pbs.twimg.com/media/ Frame 70B5 49 KB
50 KB 9ms
8ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EYAlJ8fWAAElsTX?format=jpg&name=small

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40D2) /

Resource Hash

174d3edd8918d63b407da0dd216c05ed0f8c7a1844b835825b96d8501c9744b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 21119
x-cache: HIT
status: 200
content-length: 50645
x-response-time: 121
surrogate-key: media media/bucket/1 media/1261048748450381825
last-modified: Thu, 14 May 2020 21:38:25 GMT
server: ECS (fcn/40D2)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 47b1e588ff566dc68d7aee5493f1055d
accept-ranges: bytes

GET
H2 200 EX7m9-PXsAMDE_k
pbs.twimg.com/media/ Frame 70B5 19 KB
20 KB 10ms
9ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EX7m9-PXsAMDE_k?format=jpg&name=360x360

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4198) /

Resource Hash

7a5de508f163596415bb264f8f130f70d18ca0deddfcbc0fd7312de00214f9d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 150592
x-cache: HIT
status: 200
content-length: 19852
x-response-time: 172
surrogate-key: media media/bucket/8 media/1260698898064191491
last-modified: Wed, 13 May 2020 22:28:14 GMT
server: ECS (fcn/4198)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: ce895ded0dbb6a630227bc97a33dac8e
accept-ranges: bytes

GET
H2 200 EXxYHQHXQAAL52C
pbs.twimg.com/media/ Frame 70B5 37 KB
37 KB 9ms
9ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EXxYHQHXQAAL52C?format=png&name=360x360

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41D7) /

Resource Hash

7c7399d32456ccf860fbaee43cbfb0b746f6efcffc5537851eab271e73b5b7a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 322146
x-cache: HIT
status: 200
content-length: 37452
x-response-time: 154
surrogate-key: media media/bucket/0 media/1259978877365075968
last-modified: Mon, 11 May 2020 22:47:08 GMT
server: ECS (fcn/41D7)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 540e1cb874ecb45a422bf931ee942c57
accept-ranges: bytes

GET
H2 200 EYDWXn7XQAAsqXC
pbs.twimg.com/media/ Frame 70B5 14 KB
14 KB 10ms
8ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EYDWXn7XQAAsqXC?format=png&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4197) /

Resource Hash

53056a4566d25ac95d51f9927a5e328358a9726a7800a2c36f05910f710cce85

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 20719
x-cache: HIT
status: 200
content-length: 14542
x-response-time: 142
surrogate-key: media media/bucket/5 media/1261243597007044608
last-modified: Fri, 15 May 2020 10:32:40 GMT
server: ECS (fcn/4197)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 709494882b5cd07e5c1989344c48501a
accept-ranges: bytes

GET
H2 200 EYDWahLWsAIiXnw
pbs.twimg.com/media/ Frame 70B5 48 KB
48 KB 9ms
9ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EYDWahLWsAIiXnw?format=png&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41A4) /

Resource Hash

4135944d69b30495fe01a8d8474077055a055c913489125cb52a675841ab2e25

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 20719
x-cache: HIT
status: 200
content-length: 48719
x-response-time: 144
surrogate-key: media media/bucket/3 media/1261243646734675970
last-modified: Fri, 15 May 2020 10:32:52 GMT
server: ECS (fcn/41A4)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: b2d9e46d3d95902287b0101f0846e40c
accept-ranges: bytes

GET
H2 200 EX_gzcRWAAM-nmk
pbs.twimg.com/media/ Frame 70B5 4 KB
4 KB 10ms
9ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EX_gzcRWAAM-nmk?format=jpg&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/419E) /

Resource Hash

ba0250e71d8796cbd2f3310cdac52c8c1723c611df9a0f5b747934945d49140c

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 77116
x-cache: HIT
status: 200
content-length: 4304
x-response-time: 138
surrogate-key: media media/bucket/9 media/1260973595053916163
last-modified: Thu, 14 May 2020 16:39:47 GMT
server: ECS (fcn/419E)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 7159b3118a8027ec427ae709105bf841
accept-ranges: bytes

GET
H2 200 EX_gzmaXsAA1sAc
pbs.twimg.com/media/ Frame 70B5 9 KB
9 KB 8ms
6ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EX_gzmaXsAA1sAc?format=jpg&name=360x360

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41AD) /

Resource Hash

adef2af3bc521b5d2171f199574fdfc7421d81323511fb82c60d89ae0ae6fcd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 85224
x-cache: HIT
status: 200
content-length: 9261
x-response-time: 172
surrogate-key: media media/bucket/5 media/1260973597776130048
last-modified: Thu, 14 May 2020 16:39:48 GMT
server: ECS (fcn/41AD)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: fb8431f0a24f18017a7b7a869ac983ae
accept-ranges: bytes

GET
H2 200 EX_g0DsXgAIfGOI
pbs.twimg.com/media/ Frame 70B5 10 KB
10 KB 8ms
7ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EX_g0DsXgAIfGOI?format=jpg&name=360x360

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41AB) /

Resource Hash

5d5bf22bef8cf97bbeba3a744967690de92394ed356ba77b908f854fd4671422

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 85223
x-cache: HIT
status: 200
content-length: 9932
x-response-time: 152
surrogate-key: media media/bucket/0 media/1260973605636243458
last-modified: Thu, 14 May 2020 16:39:49 GMT
server: ECS (fcn/41AB)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 8c9bb48473bb00c3378e427217b8450a
accept-ranges: bytes

GET
H2 200 EX_Gi6xXYAAKpSA
pbs.twimg.com/media/ Frame 70B5 10 KB
11 KB 8ms
7ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EX_Gi6xXYAAKpSA?format=jpg&name=360x360

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40B5) /

Resource Hash

2a8cadd71f7dc844a929c41d81858be70df79038a44bd25e7e6a3956c7fdf85e

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 89862
x-cache: HIT
status: 200
content-length: 10631
x-response-time: 192
surrogate-key: media media/bucket/7 media/1260944723881189376
last-modified: Thu, 14 May 2020 14:45:04 GMT
server: ECS (fcn/40B5)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 79461f57eb42577f5b47507bbdf7cc02
accept-ranges: bytes

GET
H2 200 EX_GjZdWkAAJ7vZ
pbs.twimg.com/media/ Frame 70B5 4 KB
5 KB 10ms
6ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EX_GjZdWkAAJ7vZ?format=jpg&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41A1) /

Resource Hash

3dfc92728cb060fb00769ef2d288e623c76b9ee1e7b6d9540b2e37c6aeac5889

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 89862
x-cache: HIT
status: 200
content-length: 4455
x-response-time: 128
surrogate-key: media media/bucket/7 media/1260944732118749184
last-modified: Thu, 14 May 2020 14:45:06 GMT
server: ECS (fcn/41A1)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 9cd0dc89573ffffcc019cbcc804bf93b
accept-ranges: bytes

GET
H2 200 EX_GjjuXYAAL7mP
pbs.twimg.com/media/ Frame 70B5 14 KB
14 KB 9ms
7ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EX_GjjuXYAAL7mP?format=jpg&name=360x360

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40D9) /

Resource Hash

eb2717f24569d4ff3b4ab9000a0e36ef758c2764baac864e6bb4167eeae08728

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 89862
x-cache: HIT
status: 200
content-length: 14559
x-response-time: 162
surrogate-key: media media/bucket/4 media/1260944734874460160
last-modified: Thu, 14 May 2020 14:45:06 GMT
server: ECS (fcn/40D9)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 281b44ad2172c66aabaf10e78bb59ec1
accept-ranges: bytes

GET
H2 200 EX_GkGnXgAAhmyd
pbs.twimg.com/media/ Frame 70B5 13 KB
13 KB 9ms
7ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EX_GkGnXgAAhmyd?format=jpg&name=360x360

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40FD) /

Resource Hash

30f3b038c341bc4064e2a6591307c99fc2b60105a4c6a45ec511f54137c34d55

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 89848
x-cache: HIT
status: 200
content-length: 13498
x-response-time: 165
surrogate-key: media media/bucket/6 media/1260944744240349184
last-modified: Thu, 14 May 2020 14:45:08 GMT
server: ECS (fcn/40FD)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 6b218949971d47afd554dc8f480f2c94
accept-ranges: bytes

GET
H2 200 EX-Tqe6XQAEZ1F9
pbs.twimg.com/media/ Frame 70B5 8 KB
8 KB 10ms
9ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EX-Tqe6XQAEZ1F9?format=jpg&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/418B) /

Resource Hash

4e838cf2ce665e2208aa8515065b3c524003a16034b5b759f36a4b982e4c2501

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 105264
x-cache: HIT
status: 200
content-length: 8166
x-response-time: 133
surrogate-key: media media/bucket/4 media/1260888778748674049
last-modified: Thu, 14 May 2020 11:02:45 GMT
server: ECS (fcn/418B)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 7fc958c2f887b667f1bc9063a3fc94d4
accept-ranges: bytes

GET
H2 200 EX-TsFOXsAIvhsh
pbs.twimg.com/media/ Frame 70B5 49 KB
49 KB 12ms
10ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EX-TsFOXsAIvhsh?format=png&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/419F) /

Resource Hash

39c4be699458b5a63bec979d0bc7fe44c0b152a4c57dac6631b07ee6d4dfdb95

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 105264
x-cache: HIT
status: 200
content-length: 50480
x-response-time: 170
surrogate-key: media media/bucket/6 media/1260888806213005314
last-modified: Thu, 14 May 2020 11:02:52 GMT
server: ECS (fcn/419F)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 268da6735b15a111851588b99608654d
accept-ranges: bytes

GET
H2 200 EX-Tsy7WoAMMdan
pbs.twimg.com/media/ Frame 70B5 27 KB
27 KB 9ms
8ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EX-Tsy7WoAMMdan?format=png&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41A4) /

Resource Hash

7c372b7c48b31724a9536ee4ba3fda2ba092916acb6c6be3c6b445d91597bd87

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 105264
x-cache: HIT
status: 200
content-length: 27826
x-response-time: 144
surrogate-key: media media/bucket/7 media/1260888818481274883
last-modified: Thu, 14 May 2020 11:02:55 GMT
server: ECS (fcn/41A4)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 0eb7a83d9724ab3e5bf956fe4b940c85
accept-ranges: bytes

GET
H2 200 EX-TtjeXsAAHRPJ
pbs.twimg.com/media/ Frame 70B5 3 KB
3 KB 8ms
5ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EX-TtjeXsAAHRPJ?format=png&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40E6) /

Resource Hash

978bbde57b292c60c62b0d2c26d51be6460dd1b1cc7afbeab4b8810cc9fb8f05

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 105103
x-cache: HIT
status: 200
content-length: 2603
x-response-time: 137
surrogate-key: media media/bucket/1 media/1260888831513047040
last-modified: Thu, 14 May 2020 11:02:58 GMT
server: ECS (fcn/40E6)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 6e975b797a6b10b554cc2631f6117754
accept-ranges: bytes

GET
H2 200 EX7gR7yWAAM0eCj
pbs.twimg.com/media/ Frame 70B5 10 KB
11 KB 9ms
6ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EX7gR7yWAAM0eCj?format=png&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41A8) /

Resource Hash

0a3fb128fef97ba127eda81efa18c16dca145031f3729cb2e58557faf08bc05d

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 151725
x-cache: HIT
status: 200
content-length: 10643
x-response-time: 157
surrogate-key: media media/bucket/0 media/1260691544421564419
last-modified: Wed, 13 May 2020 21:59:01 GMT
server: ECS (fcn/41A8)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 2aaf621457e88463ff4be012c957194d
accept-ranges: bytes

GET
H2 200 EX7gdecXYAE7biR
pbs.twimg.com/media/ Frame 70B5 4 KB
4 KB 9ms
6ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EX7gdecXYAE7biR?format=jpg&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4190) /

Resource Hash

393be40f33765f8293a512c338e92e31d467d6ce2e5d5a64fa1cfae498e72cc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 151725
x-cache: HIT
status: 200
content-length: 4088
x-response-time: 144
surrogate-key: media media/bucket/7 media/1260691742703181825
last-modified: Wed, 13 May 2020 21:59:48 GMT
server: ECS (fcn/4190)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 0fe3924b3e8881aa76a10e8c0711e257
accept-ranges: bytes

GET
H2 200 EX7gjifXYAkKkg7
pbs.twimg.com/media/ Frame 70B5 5 KB
5 KB 9ms
7ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EX7gjifXYAkKkg7?format=jpg&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40FE) /

Resource Hash

c6a75664bb6f5dad258104bb7c11dba4eeebad12aa673fe9f93c199a7e04133c

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 151725
x-cache: HIT
status: 200
content-length: 4974
x-response-time: 144
surrogate-key: media media/bucket/3 media/1260691846868721673
last-modified: Wed, 13 May 2020 22:00:13 GMT
server: ECS (fcn/40FE)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 9a08a0a7224ac1a6019e696eaf4e3e33
accept-ranges: bytes

GET
H2 200 EX7g5XNWkAEyp6s
pbs.twimg.com/media/ Frame 70B5 19 KB
19 KB 9ms
7ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EX7g5XNWkAEyp6s?format=png&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41AD) /

Resource Hash

5c31698e0cf01f68fe45381e6359de5c5beff2371359e413267729a88b1cca01

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 151725
x-cache: HIT
status: 200
content-length: 19119
x-response-time: 147
surrogate-key: media media/bucket/2 media/1260692221797502977
last-modified: Wed, 13 May 2020 22:01:42 GMT
server: ECS (fcn/41AD)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 89260f49c0d45110a129e9494faaa0ae
accept-ranges: bytes

GET
H2 200 EX7blEuXsAAzONE
pbs.twimg.com/media/ Frame 70B5 4 KB
5 KB 8ms
7ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EX7blEuXsAAzONE?format=jpg&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40DD) /

Resource Hash

2dc6b608f38ecbf65f6942da886e4a746f003ea35da562ef85fcbcd4369dc62b

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 153059
x-cache: HIT
status: 200
content-length: 4450
x-response-time: 131
surrogate-key: media media/bucket/4 media/1260686375680192512
last-modified: Wed, 13 May 2020 21:38:29 GMT
server: ECS (fcn/40DD)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 5dbfd8602afd2821e6299d6c7f51b0fa
accept-ranges: bytes

GET
H2 200 EX7cfvHWoAAY4e_
pbs.twimg.com/media/ Frame 70B5 3 KB
4 KB 7ms
7ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EX7cfvHWoAAY4e_?format=jpg&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40DD) /

Resource Hash

4124e9739c0a68290bb7c4437b303b57eed7b32ea383ba28936dbb3d98aea1c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 153059
x-cache: HIT
status: 200
content-length: 3511
x-response-time: 135
surrogate-key: media media/bucket/7 media/1260687383491682304
last-modified: Wed, 13 May 2020 21:42:29 GMT
server: ECS (fcn/40DD)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 1a27c6604afdb65e4001d6cbf686311f
accept-ranges: bytes

GET
H2 200 EX7dyWhWkAcPLir
pbs.twimg.com/media/ Frame 70B5 3 KB
3 KB 9ms
6ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EX7dyWhWkAcPLir?format=jpg&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4187) /

Resource Hash

64b0515dac3562cf5137c0775b2a3631cc10ef36a62f96b8590c800f794ce4cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 153058
x-cache: HIT
status: 200
content-length: 3121
x-response-time: 145
surrogate-key: media media/bucket/5 media/1260688802818985991
last-modified: Wed, 13 May 2020 21:48:07 GMT
server: ECS (fcn/4187)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: d34b853d3a320cf37cc48dc4c5f7f675
accept-ranges: bytes

GET
H2 200 EX5jGvBXsAAozzx
pbs.twimg.com/media/ Frame 70B5 14 KB
14 KB 10ms
7ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EX5jGvBXsAAozzx?format=png&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4195) /

Resource Hash

31e50406a9f34d791065021db1990af9fc39ad5f4654e28a2b388cfcb17fee05

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 183290
x-cache: HIT
status: 200
content-length: 14452
x-response-time: 147
surrogate-key: media media/bucket/4 media/1260553913062895616
last-modified: Wed, 13 May 2020 12:52:07 GMT
server: ECS (fcn/4195)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 5207cb47a3e8c7b635f598d24f3b76fb
accept-ranges: bytes

GET
H2 200 EX5lrFLXsAEvv1-
pbs.twimg.com/media/ Frame 70B5 8 KB
9 KB 12ms
9ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EX5lrFLXsAEvv1-?format=png&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4199) /

Resource Hash

080d2c31f5785db73fbb77cd8b33a3e0be5a9534588eb202b5998587a61a5a9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 184492
x-cache: HIT
status: 200
content-length: 8693
x-response-time: 130
surrogate-key: media media/bucket/0 media/1260556736508964865
last-modified: Wed, 13 May 2020 13:03:20 GMT
server: ECS (fcn/4199)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 8c4e3063e7f7e0d5b9670d1881bd1d46
accept-ranges: bytes

GET
H2 200 EX5mIVuXQAAJ5JK
pbs.twimg.com/media/ Frame 70B5 16 KB
16 KB 9ms
8ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EX5mIVuXQAAJ5JK?format=png&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/419F) /

Resource Hash

15718a43bc0e65eb765d930a5adb586af8cbf57f26f29f79ce85fd90a31ead3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 184492
x-cache: HIT
status: 200
content-length: 16305
x-response-time: 143
surrogate-key: media media/bucket/1 media/1260557239166910464
last-modified: Wed, 13 May 2020 13:05:20 GMT
server: ECS (fcn/419F)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: f6a529887ecc659e634d235e0de4c91d
accept-ranges: bytes

GET
H2 200 EX1tiDdX0AIbpVK
pbs.twimg.com/media/ Frame 70B5 7 KB
8 KB 10ms
8ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EX1tiDdX0AIbpVK?format=jpg&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40B0) /

Resource Hash

5111a42826ba8b50d8f02fb189cf6c24b1a91710eb639d695437498997a30f69

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 243601
x-cache: HIT
status: 200
content-length: 7621
x-response-time: 136
surrogate-key: media media/bucket/7 media/1260283902545088514
last-modified: Tue, 12 May 2020 18:59:11 GMT
server: ECS (fcn/40B0)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: d32a4e140d24570b3fb63bcfd67d2f65
accept-ranges: bytes

GET
H2 200 EX1tiaUXgAEf59-
pbs.twimg.com/media/ Frame 70B5 9 KB
9 KB 8ms
7ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EX1tiaUXgAEf59-?format=jpg&name=360x360

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/418C) /

Resource Hash

0c962688ca1fdc38ae8fa9955d146abeb0e504be807bd08009280ca3f14b1fa2

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 243601
x-cache: HIT
status: 200
content-length: 9477
x-response-time: 159
surrogate-key: media media/bucket/0 media/1260283908681334785
last-modified: Tue, 12 May 2020 18:59:13 GMT
server: ECS (fcn/418C)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 6c5c486455aec2ba0ce9c3639a6883b9
accept-ranges: bytes

GET
H2 200 EX1ti2_WsAINOlg
pbs.twimg.com/media/ Frame 70B5 11 KB
11 KB 10ms
6ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EX1ti2_WsAINOlg?format=jpg&name=360x360

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41A1) /

Resource Hash

3708af56382d5c8ab19f6816ff04b48b15abea4896cfc28decf48d26d4e3c3d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 243600
x-cache: HIT
status: 200
content-length: 10851
x-response-time: 184
surrogate-key: media media/bucket/4 media/1260283916377829378
last-modified: Tue, 12 May 2020 18:59:15 GMT
server: ECS (fcn/41A1)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: aa5901db1132b0429e5e8e3e77909e42
accept-ranges: bytes

GET
H2 200 EX0YABGXYAMgAhT
pbs.twimg.com/media/ Frame 70B5 7 KB
8 KB 10ms
7ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EX0YABGXYAMgAhT?format=jpg&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40FC) /

Resource Hash

4508ed282e22c46c28e17901b281d40056792ded8d2282eb16617bf6f66dbf9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 271266
x-cache: HIT
status: 200
content-length: 7570
x-response-time: 162
surrogate-key: media media/bucket/5 media/1260189859307806723
last-modified: Tue, 12 May 2020 12:45:30 GMT
server: ECS (fcn/40FC)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: e3e29b0596c7d458d0aa861d8ef24f8d
accept-ranges: bytes

GET
H2 200 EX0YHAZWkAATMkQ
pbs.twimg.com/media/ Frame 70B5 19 KB
19 KB 11ms
9ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EX0YHAZWkAATMkQ?format=png&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40B4) /

Resource Hash

6c67afdaf9f3aa20008089c39b35ffce9ae635db7bbe0d53be99792e170adc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 271266
x-cache: HIT
status: 200
content-length: 19361
x-response-time: 147
surrogate-key: media media/bucket/1 media/1260189979378094080
last-modified: Tue, 12 May 2020 12:45:58 GMT
server: ECS (fcn/40B4)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 63223d068b63bcf8696c6740543203eb
accept-ranges: bytes

GET
H2 200 EX0YN06XQAApk6g
pbs.twimg.com/media/ Frame 70B5 16 KB
16 KB 9ms
7ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EX0YN06XQAApk6g?format=png&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4188) /

Resource Hash

fb9c61f90626f09bdeed4fb101e70f3303096693a89670958cd13edd3db22b16

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 271266
x-cache: HIT
status: 200
content-length: 16685
x-response-time: 132
surrogate-key: media media/bucket/6 media/1260190096554409984
last-modified: Tue, 12 May 2020 12:46:26 GMT
server: ECS (fcn/4188)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 11f8e74232534656c307244b2e967855
accept-ranges: bytes

GET
H2 200 EX0aKkjXkAEvf_Q
pbs.twimg.com/media/ Frame 70B5 21 KB
21 KB 9ms
8ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EX0aKkjXkAEvf_Q?format=png&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4189) /

Resource Hash

26f43788d6f24ed01133b2a18ee170b4e1ba2af7c81d633840fb8a05bdca6e9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 271266
x-cache: HIT
status: 200
content-length: 21155
x-response-time: 150
surrogate-key: media media/bucket/8 media/1260192239646642177
last-modified: Tue, 12 May 2020 12:54:57 GMT
server: ECS (fcn/4189)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: fc0a27d6259b0d37bb5a2fe1812dd151
accept-ranges: bytes

GET
H2 200 EXr7QMbWAAIPWbM
pbs.twimg.com/media/ Frame 70B5 14 KB
14 KB 10ms
9ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EXr7QMbWAAIPWbM?format=png&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4193) /

Resource Hash

beec1a102eeef34452d715d74e9e76d9bf3ac64171d98f301345c0780578f96e

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 411762
x-cache: HIT
status: 200
content-length: 14625
x-response-time: 142
surrogate-key: media media/bucket/3 media/1259595301435867138
last-modified: Sun, 10 May 2020 21:22:56 GMT
server: ECS (fcn/4193)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: ab80d633e3075f1ccdf32e1cf399d979
accept-ranges: bytes

GET
H2 200 EXr7T9lWkAUB_ax
pbs.twimg.com/media/ Frame 70B5 5 KB
5 KB 9ms
7ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EXr7T9lWkAUB_ax?format=jpg&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40FD) /

Resource Hash

013763bcd11aee4296dec2332b0cd4194330e17b1b3785ed23b56ed59a8a2652

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
x-content-type-options: nosniff
age: 411762
x-cache: HIT
status: 200
content-length: 5411
x-response-time: 143
surrogate-key: media media/bucket/2 media/1259595366170791941
last-modified: Sun, 10 May 2020 21:23:12 GMT
server: ECS (fcn/40FD)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 7f1019f9a02ba7d7df3ce6f344330b8d
accept-ranges: bytes

GET
H2 200 syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css
ton.twimg.com/tfw/css/ Frame 70B5 44 KB
7 KB 11ms
9ms Stylesheet
text/css 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://ton.twimg.com/tfw/css/syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/418C) /

Resource Hash

a549034009f79ead18a2154a8b730d8acb61e2f36c0434c0f9cff0f73df5d8cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 562517
x-ton-expected-size: 45170
x-cache: HIT
status: 200
vary: Accept-Encoding
content-length: 6839
x-response-time: 12
surrogate-key: tfw
last-modified: Tue, 14 May 2019 18:53:54 GMT
server: ECS (fcn/418C)
etag: "4mhImCFS9rptiUICNnLD1g=="
strict-transport-security: max-age=631138519
content-type: text/css
access-control-allow-origin: *
x-connection-hash: aae4135ed66c6a503050b8ae0bdcd456
accept-ranges: bytes
expires: Fri, 22 May 2020 16:25:19 GMT

GET
H2 200 syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css
ton.twimg.com/tfw/css/ 44 KB
44 KB 8ms
7ms Image
text/css 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ton.twimg.com/tfw/css/syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/418C) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 562517
x-ton-expected-size: 45170
x-cache: HIT
status: 200
vary: Accept-Encoding
content-length: 6839
x-response-time: 12
surrogate-key: tfw
last-modified: Tue, 14 May 2019 18:53:54 GMT
server: ECS (fcn/418C)
etag: "4mhImCFS9rptiUICNnLD1g=="
strict-transport-security: max-age=631138519
content-type: text/css
access-control-allow-origin: *
x-connection-hash: aae4135ed66c6a503050b8ae0bdcd456
accept-ranges: bytes
expires: Fri, 22 May 2020 16:25:19 GMT

GET
DATA 200
OK truncated
/ Frame 70B5 512 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eddfb285df91d818926b2f8ec64c71be82e0ea4f21ca9f63f5b0bc5dbcd75b0b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 70B5 825 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 45055babdbc02ea34c7baa53f33fc68389c4c5f73afe0bfafd6c9bc5733399bc

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 70B5 572 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: abd2a457215e60ab60b2a6b4f25a17583c5d80e13935f76e097236f729c5dcd6

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 70B5 644 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a87f4fd815fc95288f2da6efc536c950ef940bd9eb52176fd9e8e56107cc65e2

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 70B5 739 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4ed07f590bdfa9aa775dbfdef617d98e1e972d102d4289c7a68d3bd9118c280b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 layers.ab5cd98fe1b9a38a4a9f.js Show response
s7.addthis.com/static/ 263 KB
76 KB 32ms
32ms Script
application/javascript 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/layers.ab5cd98fe1b9a38a4a9f.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?ver=5.4.1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Wed, 18 Sep 2019 14:16:17 GMT
server: nginx/1.15.8
etag: W/"5d823c31-41b9f"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=86313600
date: Fri, 15 May 2020 16:25:20 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 77528

GET
H2 200 otrHzz7B
pbs.twimg.com/card_img/1260915470120738818/ Frame 70B5 4 KB
4 KB 6ms
6ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1260915470120738818/otrHzz7B?format=jpg&name=144x144_2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40D4) /

Resource Hash

bab527bcf0232ad28a870abdd7e18dd7b42b0994beb65c36530ae9baba74494b

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:20 GMT
x-content-type-options: nosniff
age: 99247
x-cache: HIT
status: 200
content-length: 4429
x-response-time: 140
surrogate-key: card_img card_img/bucket/5 card_img/1260915470120738818
last-modified: Thu, 14 May 2020 12:48:49 GMT
server: ECS (fcn/40D4)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: ae39201cbd3bcd4a9f2c4d9d9c8b113a
accept-ranges: bytes

GET
H2 200 bOXSAGDp
pbs.twimg.com/card_img/1260880527042777090/ Frame 70B5 2 KB
2 KB 56ms
55ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1260880527042777090/bOXSAGDp?format=png&name=144x144_2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41D7) /

Resource Hash

94ece170ac337a76b357bb486ae6ddb00ef2418e8b00d81cac6942b8ebfb6510

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:20 GMT
x-content-type-options: nosniff
age: 107576
x-cache: MISS
status: 200
content-length: 1638
x-response-time: 142
surrogate-key: card_img card_img/bucket/3 card_img/1260880527042777090
last-modified: Thu, 14 May 2020 10:29:58 GMT
server: ECS (fcn/41D7)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 7d467480b3cee22e40d7be671cd223fc
accept-ranges: bytes

GET
H2 200 / Show response
graph.facebook.com/ 150 B
334 B 49ms
36ms Script
text/javascript 2a03:2880:f01c:800e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=https%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F&fields=og_object%7Bengagement%7D&callback=_ate.cbs.rcb_4jp20

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?ver=5.4.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

188a3d99a26a9b47dfe502273554fd065fc8991e907d9a6c01de19fc2bf35e7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
etag: "e0e4193e8e45d3ea4c2bdf04f2b41dfd8190525c"
status: 200
x-fb-rev: 1002132105
alt-svc: h3-27=":443"; ma=3600
content-length: 150
pragma: no-cache
x-fb-debug: 38OJ6sca9sMCJfDksZfwOQcgwqDh4nAxf5WV4KPQegI3ck1IkzM2wcKwMv5NTh7RP9EnuNYHybUNhdbsrVFVEw==
x-fb-trace-id: AaINGRzQjTo
date: Fri, 15 May 2020 16:25:20 GMT, Fri, 15 May 2020 16:25:20 GMT
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: AoICKuNw9XSj6CYaHK9eec1
cache-control: private, no-cache, no-store, must-revalidate
facebook-api-version: v3.0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 shares.json Show response
api-public.addthis.com/url/ 34 B
342 B 218ms
216ms Script
application/json 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F&callback=_ate.cbs.rcb_48op0

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?ver=5.4.1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

f1d3afb6b5deecb8fca3f28252f634ea36c736003f2f61538968c6d337ad6b9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
surrogate-key: seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
last-modified: Fri, 15 May 2020 16:25:20 GMT
server: nginx/1.15.8
date: Fri, 15 May 2020 16:25:20 GMT
vary: Accept-Encoding
content-type: application/json
status: 200
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length: 54

GET
H2 200 / Show response
graph.facebook.com/ 149 B
556 B 46ms
33ms Script
text/javascript 2a03:2880:f01c:800e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=http%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F&fields=og_object%7Bengagement%7D&callback=_ate.cbs.rcb_3hp20

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?ver=5.4.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

34c24a9f2f3b895fd2ee5a3b26571ed392378304ac6f87d9dcded2529b47ce57

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
etag: "c86d115b78199001195668d4b22d69e5b04545b9"
status: 200
x-fb-rev: 1002132105
alt-svc: h3-27=":443"; ma=3600
content-length: 149
pragma: no-cache
x-fb-debug: QbT6oPN+859qP0+CQs1qYaKI8lHQ4KMQ7C5ViION3GWWNoH5Z9ySAaomUHIKnU6Cz2/yUj1ENz+dWu1Np3pOdQ==
x-fb-trace-id: DZPoxzB24ZE
date: Fri, 15 May 2020 16:25:20 GMT, Fri, 15 May 2020 16:25:20 GMT
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: AcuF2mPQWvn9jNxa-UyQXYl
cache-control: private, no-cache, no-store, must-revalidate
facebook-api-version: v3.0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 shares.json Show response
api-public.addthis.com/url/ 34 B
342 B 230ms
229ms Script
application/json 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://api-public.addthis.com/url/shares.json?url=http%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F&callback=_ate.cbs.rcb_ifn10

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?ver=5.4.1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

e15f5c399a4e19ebe3251495bb1b6734f5691bcb67bfd64c1073a89b37f7591e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
surrogate-key: seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
last-modified: Fri, 15 May 2020 16:25:20 GMT
server: nginx/1.15.8
date: Fri, 15 May 2020 16:25:20 GMT
vary: Accept-Encoding
content-type: application/json
status: 200
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length: 54

GET
DATA 200
OK truncated
/ 443 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 info.json Show response
www.reddit.com/api/ 3 KB
1 KB 263ms
168ms Script
application/javascript 199.232.53.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reddit.com/api/info.json?url=https%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F&jsonp=_ate.cbs.rcb_dzrc0

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?ver=5.4.1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.53.140 Manchester, United Kingdom, ASN54113 (FASTLY, US),

Reverse DNS

Software

snooserv /

Resource Hash

82510758e8bab75b00009ace24ca47c55033b49bf0385cf02875fc248fef2670

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
access-control-allow-origin: *
x-cache: MISS
status: 200
vary: accept-encoding
content-length: 1173
x-xss-protection: 1; mode=block
x-served-by: cache-man4128-MAN
x-moose: majestic
expires: -1
server: snooserv
x-timer: S1589559920.315371,VS0,VE122
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript; charset=UTF-8
via: 1.1 varnish
access-control-expose-headers: X-Moose
cache-control: private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate
x-ua-compatible: IE=edge
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 count.json Show response
widgets.pinterest.com/v1/urls/ 156 B
370 B 111ms
37ms Script
application/javascript 151.101.36.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://widgets.pinterest.com/v1/urls/count.json?url=https%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F&callback=window._ate.cbs.rcb_jb680

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?ver=5.4.1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.36.84 Amsterdam, Netherlands, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d9c87649ea0d3887935b585e34bffde896651b69930149b79ec4a574534dd864

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 93
status: 200
vary: accept-encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: must-revalidate, max-age=887
x-envoy-upstream-service-time: 2
accept-ranges: none
x-pinterest-rid: 4509776549106898
expires: Fri, 15 May 2020 16:38:47 GMT

GET
H2 200 info.json Show response
www.reddit.com/api/ 126 B
669 B 248ms
154ms Script
application/javascript 199.232.53.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reddit.com/api/info.json?url=http%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F&jsonp=_ate.cbs.rcb_9aja0

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?ver=5.4.1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.53.140 Manchester, United Kingdom, ASN54113 (FASTLY, US),

Reverse DNS

Software

snooserv /

Resource Hash

8072ecbe362ea60387bfd2a1ef79ca8dd80c8c12ec2645c94ecc9c469c0fc8af

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:20 GMT
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: MISS
status: 200
content-length: 126
x-xss-protection: 1; mode=block
x-served-by: cache-man4128-MAN
x-moose: majestic
expires: -1
server: snooserv
x-timer: S1589559920.315622,VS0,VE108
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: X-Moose
cache-control: private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate
x-ua-compatible: IE=edge
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 count.json Show response
widgets.pinterest.com/v1/urls/ 155 B
193 B 110ms
37ms Script
application/javascript 151.101.36.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://widgets.pinterest.com/v1/urls/count.json?url=http%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F&callback=window._ate.cbs.rcb_3f960

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?ver=5.4.1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.36.84 Amsterdam, Netherlands, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c244902a08449273be5f6922fb634b0b49f279b7919af605fec7a1cd9a0d39ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 93
status: 200
vary: accept-encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: must-revalidate, max-age=887
x-envoy-upstream-service-time: 1
accept-ranges: none
x-pinterest-rid: 9351614163942905
expires: Fri, 15 May 2020 16:38:47 GMT

GET
H2 200 views2.json Show response
q.addthis.com/feeds/1.0/ 34 KB
5 KB 34ms
32ms Script
application/javascript 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://q.addthis.com/feeds/1.0/views2.json?pubid=ra-5a74cca42a90a07e&domain=seguranca-informatica.pt&limit=50&callback=_ate.cbs.fds_ra5a74cca42a90a07eviews2json0

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?ver=5.4.1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

629df1def5e236ed0725d530df2de471a917221677057d58baa8686f4456308c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
surrogate-key: ra-5a74cca42a90a07e
last-modified: Fri, 15 May 2020 16:13:11 GMT
server: nginx/1.15.8
date: Fri, 15 May 2020 16:25:20 GMT
vary: Accept-Encoding
cache-tag: ra-5a74cca42a90a07e
status: 200
cache-control: max-age=0, s-maxage=3600
content-type: application/javascript;charset=UTF-8
content-length: 4803

GET
H2 200 iRaKib4f
pbs.twimg.com/card_img/1260727687439618048/ Frame 70B5 55 KB
55 KB 24ms
23ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1260727687439618048/iRaKib4f?format=jpg&name=600x314

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40D7) /

Resource Hash

46b713ecb8535f31055d6349de02f1051cb87a9433a17ad7e80d8efb065a03e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:20 GMT
x-content-type-options: nosniff
age: 124912
x-cache: MISS
status: 200
content-length: 56026
x-response-time: 149
surrogate-key: card_img card_img/bucket/5 card_img/1260727687439618048
last-modified: Thu, 14 May 2020 00:22:38 GMT
server: ECS (fcn/40D7)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 6c4647d244ff72f7fd01c22cfe1e1709
accept-ranges: bytes

GET
H2 200 Bj3eS0F8
pbs.twimg.com/card_img/1260313571361042433/ Frame 70B5 6 KB
6 KB 22ms
22ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1260313571361042433/Bj3eS0F8?format=png&name=144x144_2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/418B) /

Resource Hash

c90172b5431c9075ab79303e0ce34e304768f6602952a97c14fa0010885b03a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:20 GMT
x-content-type-options: nosniff
age: 240708
x-cache: HIT
status: 200
content-length: 6408
x-response-time: 152
surrogate-key: card_img card_img/bucket/9 card_img/1260313571361042433
last-modified: Tue, 12 May 2020 20:57:05 GMT
server: ECS (fcn/418B)
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 060b725ecae9640d7f5632c45fa259a3
accept-ranges: bytes

GET
H2 200 7uHJC-KV
pbs.twimg.com/card_img/1259974755957997570/ Frame 70B5 4 KB
4 KB 21ms
20ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1259974755957997570/7uHJC-KV?format=jpg&name=144x144_2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40E3) /

Resource Hash

079d21515f2c8e93ebb26f1f9f89fa7dd1cc4dd7aeb37a78eb0a5b9e9fc5a64b

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:20 GMT
x-content-type-options: nosniff
age: 323541
x-cache: HIT
status: 200
content-length: 4303
x-response-time: 143
surrogate-key: card_img card_img/bucket/6 card_img/1259974755957997570
last-modified: Mon, 11 May 2020 22:30:45 GMT
server: ECS (fcn/40E3)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 09fefbe59989eaba26df6deb730afe00
accept-ranges: bytes

GET
H2 200 Ut37ZGRp
pbs.twimg.com/card_img/1257322194239025158/ Frame 70B5 5 KB
5 KB 23ms
21ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1257322194239025158/Ut37ZGRp?format=jpg&name=144x144_2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40E2) /

Resource Hash

e918c7a354d2f69cfd44ad24c87b814cf2d86a0d73854f3259cc69f9f3f6a19c

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:20 GMT
x-content-type-options: nosniff
age: 226742
x-cache: HIT
status: 200
content-length: 4867
x-response-time: 143
surrogate-key: card_img card_img/bucket/5 card_img/1257322194239025158
last-modified: Mon, 04 May 2020 14:50:25 GMT
server: ECS (fcn/40E2)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 794e6d1d4d98dc958a6bd2265bf03a85
accept-ranges: bytes

GET
DATA 200
OK truncated
/ 141 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a3f36146f67554b989421cd2be6d58d97fc92f7c6e130d6152a0659a770f8fc2

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 cover_lampion.png
seguranca-informatica.pt/wp-content/uploads/2019/12/ 333 KB
334 KB 18ms
17ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2019/12/cover_lampion.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b7642ee69bfb367b8471fa2ce3c750c0e9a672acb55c268abd5e541ecfe16bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:20 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 729
status: 200
vary: Accept-Encoding
content-length: 341315
cf-request-id: 02bac09e97000097fc1318d200000001
referrer-policy
last-modified: Sat, 28 Dec 2019 02:40:20 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36ddb99397fc-FRA

GET
H2 200 edp_capa-720x417-1.jpg
seguranca-informatica.pt/wp-content/uploads/2020/04/ 89 KB
90 KB 11ms
11ms Image
image/jpeg 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/04/edp_capa-720x417-1.jpg

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b61cfa99526a09cd475d413ab0e20615b78081883a4d64d19b3af025eacea54

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:20 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 729
status: 200
vary: Accept-Encoding
content-length: 91561
cf-request-id: 02bac09e97000097fc1318e200000001
referrer-policy
last-modified: Mon, 13 Apr 2020 21:31:55 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 593e36ddb99597fc-FRA

GET
H2 200 alfie.f51946af45e0b561c60f768335c9eb79.js Show response
c.disquscdn.com/next/embed/ 19 KB
7 KB 42ms
42ms Script
application/javascript 2606:4700::6812:a913
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/alfie.f51946af45e0b561c60f768335c9eb79.js

Requested by

Host: seguranca-informatica.disqus.com
URL: https://seguranca-informatica.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a913 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eda8f00e9255746e7620848227aca122053845c9b4a90f1b3e26b4cd99af9e25

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 25519057
status: 200
strict-transport-security: max-age=300; includeSubdomains
content-length: 6605
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Wed, 15 May 2019 00:01:52 GMT
server: cloudflare
etag: "5cdb56f0-19cd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
cf-request-id: 02bac09ef9000098148d1ea200000001
accept-ranges: bytes
cf-ray: 593e36de5e249814-FRA
expires: Tue, 19 May 2020 02:07:22 GMT

GET
H/1.1 200
OK ping Show response
links.services.disqus.com/api/ 286 B
920 B 151ms
83ms XHR
text/javascript 151.101.112.64
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://links.services.disqus.com/api/ping?format=jsonp&key=cfdfcf52dffd0a702a61bad27507376d&loc=https%3A%2F%2Fseguranca-informatica.pt%2Fbrazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay%2F%23.Xr7Cb9OxX0M&subId=5368311&v=1&jsonp=vglnk_jsonp_15895599204230
Requested by: Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie.f51946af45e0b561c60f768335c9eb79.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.64 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: bfb46525225181ed533855b5d5540eaf0a8b4ab05a5f0413316570e6c8455383

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 15 May 2020 16:25:20 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://seguranca-informatica.pt
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 286
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 7 KB
6 KB 28ms
16ms XHR
application/json 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20200511&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200511/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

043c5ba4d242d978728d879d09ccf4c0de6d9745dc792d30f87407a8106f37f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 15 May 2020 16:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 5516
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 14 KB
5 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200511/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 15 May 2020 16:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1582746470043195"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5456
x-xss-protection: 0
expires: Fri, 15 May 2020 16:25:20 GMT

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/209/ Frame C6BD 0
0 6ms
6ms Document
text/html 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/209/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 5727
date: Fri, 15 May 2020 15:25:23 GMT
expires: Sat, 15 May 2021 15:25:23 GMT
last-modified: Tue, 25 Feb 2020 17:32:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 3597
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1

200
OK

jot.html
platform.twitter.com/ Frame 4B80
Redirect Chain

https://syndication.twitter.com/i/jot
https://platform.twitter.com/jot.html

0
0

6ms
6ms

Document
text/html

2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/jot.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/4199) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
Origin: https://seguranca-informatica.pt
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 79216
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Fri, 15 May 2020 16:25:20 GMT
Etag: "d9592a6c704736fa4da218d4357976dd"
Last-Modified: Tue, 12 May 2020 17:25:54 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/4199)
X-Cache: HIT
Content-Length: 80

Redirect headers

status: 302 302 Found
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-length: 0
content-type: text/html;charset=utf-8
date: Fri, 15 May 2020 16:25:20 GMT
expires: Tue, 31 Mar 1981 05:00:00 GMT
last-modified: Fri, 15 May 2020 16:25:20 GMT
location: https://platform.twitter.com/jot.html
pragma: no-cache
server: tsa_o
strict-transport-security: max-age=631138519
x-connection-hash: 72bea6e80254fbf55cb41480d33a0f8f
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 131
x-transaction: 001cd888002100f7
x-tsa-request-body-time: 5
x-twitter-response-tags: BouncerCompliant
x-xss-protection: 0

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
52 B 16ms
15ms Image
image/gif 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=209&t=2&li=gda_r20200511&jk=593196012584025&bg=!v7ylvKRY5CsSKSMCFyQCAAAATVIAAAANmQGAZfEQvhRGNR3Zx6j2_wURaVbqVjQSvUwfEgrh5tAbWDLIg09zjxr1pvIQeD_YpxmvCj1KD8ceFqZxYvy79XtjrQq4iFtfP-B8qxBccmJuYgTLWSR_HIlA1LOn3BlJ21HKW7Q47XMh1wxmefsoAIkL2JiiJyqwrySvHcZjLuQDGcyrAAtg-MSmwZ_rg0f8cf3iovIKObv0Jbk40-TlZzP5gsRjfnktEUkjmBMf1kii0OTY5VSsYXcNPe3IEi6Hs9ZgC1Qnpw0xdeCUZW93OlkKqAXeRRGyesihLFXKr8Tkfh2fXfq_l5hN1_AYoGrNXNl_I7PnwlMJq6URDGWWXBXP_7_tdwmxSp03NbBmP0vknUFoI0BNU5wvOYQfp525mjwYmZhACmtcqAuv7gI2KzNc3GABKVDCydZ1MdJeyRVkZnuEbwoGkCkoHJCxqRDTZAyRxd8xvNX92bwInPrMgYEjFTi0NV4tfrs35mP4RNhkasVNAHhNo6OMiReOmKzBPU58

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://seguranca-informatica.pt/brazilian-trojan-banker-is-targeting-portuguese-users-using-browser-overlay/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 May 2020 16:25:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: s7.addthis.com
URL: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Verdicts & Comments Add Verdict or Comment

160 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.addthis.com/	1970-01-19 19:02:54	Name: loc Value: MDAwMDBFVUFUMDUyMjc4MTkzMDAwMDAwMDBDSA==
.seguranca-informatica.pt/	1970-01-19 10:15:51	Name: __cfduid Value: d648b7518a36eae8f328d22635ea47ba71589559920
.doubleclick.net/	1970-01-19 09:32:40	Name: test_cookie Value: CheckForPermission
.seguranca-informatica.pt/	1970-01-19 11:42:15	Name: _fbp Value: fb.1.1589559919498.1909490015

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://seguranca-informatica.pt/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2) Message: JQMIGRATE: Migrate is installed, version 1.4.1
console-api	log	URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=5.4.1(Line 1) Message: OneSignal: Using fallback ES5 Stub for backwards compatibility.
console-api	info	URL: https://platform.twitter.com/widgets.js(Line 1) Message: You may have been affected by an update to settings in embedded timelines. See https://twittercommunity.com/t/deprecating-widget-settings/102295. [object HTMLAnchorElement]

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

abs.twimg.com
adservice.google.com
adservice.google.de
api-public.addthis.com
c.disquscdn.com
cdn.onesignal.com
cdn.syndication.twimg.com
connect.facebook.net
disqus.com
feed.seguranca-informatica.pt
fonts.googleapis.com
fonts.gstatic.com
gist.github.com
github.githubassets.com
googleads.g.doubleclick.net
graph.facebook.com
licensebuttons.net
links.services.disqus.com
m.addthis.com
pagead2.googlesyndication.com
pbs.twimg.com
platform.twitter.com
q.addthis.com
s.w.org
s7.addthis.com
seguranca-informatica.disqus.com
seguranca-informatica.pt
syndication.twitter.com
ton.twimg.com
tpc.googlesyndication.com
v1.addthisedge.com
widgets.pinterest.com
www.facebook.com
www.google-analytics.com
www.googletagservices.com
www.paypal.com
www.paypalobjects.com
www.reddit.com
www.youtube.com
z.moatads.com
s7.addthis.com
104.111.228.123
104.244.42.200
140.82.118.4
151.101.112.134
151.101.112.64
151.101.36.84
151.101.64.134
185.199.108.154
192.0.77.48
199.232.53.140
23.210.248.44
2606:2800:134:fa2:1627:1fe:edb:1665
2606:2800:234:59:254c:406:2366:268c
2606:4700:20::681a:4d6
2606:4700:3037::681b:bc6c
2606:4700::6812:a913
2606:4700::6812:e234
2a00:1450:4001:800::2002
2a00:1450:4001:800::200a
2a00:1450:4001:809::2003
2a00:1450:4001:819::2002
2a00:1450:4001:819::200e
2a00:1450:4001:81a::2001
2a00:1450:4001:81a::200e
2a03:2880:f01c:800e:face:b00c:0:2
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
72.247.226.64
013763bcd11aee4296dec2332b0cd4194330e17b1b3785ed23b56ed59a8a2652
01a9f2ee033909141e4b8865aaecf728d74d4b6a1811ca6356a5f1a08387f931
02a8eed49f3f9c8463957eb112a8f7fc681736cabea524c019c7e405ad0c0f24
043c5ba4d242d978728d879d09ccf4c0de6d9745dc792d30f87407a8106f37f3
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
048f480590ec0ca08fc57ba331065bc46fc3c36ac030a2feeb8b407db66f71ef
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
066d6b6d0ac47e197c9816ecc646022123de9bd034a81b4b3efb7b790ff89963
079d21515f2c8e93ebb26f1f9f89fa7dd1cc4dd7aeb37a78eb0a5b9e9fc5a64b
080d2c31f5785db73fbb77cd8b33a3e0be5a9534588eb202b5998587a61a5a9f
0952427c6f4fa6f960b8954afbf10c45ab099876ec25e748b73ade0757e88207
0999fade5a38c3dfbc134a8f2a3733281ed22974b02813f8cc88dc8f12d34c2d
09a743ee0c32ca57c9be64b13b29c396310d1dd309cb4d7d3be722e47db95f27
0a3fb128fef97ba127eda81efa18c16dca145031f3729cb2e58557faf08bc05d
0c6ad7e581d104b86cebc286fdab623582d9c62e3ede04ff60207ce02cbee95f
0c962688ca1fdc38ae8fa9955d146abeb0e504be807bd08009280ca3f14b1fa2
0d6762417b3b91c64f1d9c9689deb17a1120dfaf507b547b6bf5a11fdf0968a8
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
0df85097e94244ca09381822b45b249ba9baa7e59fe1d08d20f9a8e7f9ba27de
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
12bf529a0f4d0a3f10d003a07d5b91e40579a3da18022a9896a9ccd9e5dc1b33
15718a43bc0e65eb765d930a5adb586af8cbf57f26f29f79ce85fd90a31ead3d
174d3edd8918d63b407da0dd216c05ed0f8c7a1844b835825b96d8501c9744b4
18055014f2eafc20d5a83b1af0a659b8ff8aa38e9c4aa2996750e9177588f145
188a3d99a26a9b47dfe502273554fd065fc8991e907d9a6c01de19fc2bf35e7a
18f1e1f4fe5585108349cf029e48ad91a12dae4627be962667fb0b4933c69bba
191e2a2deb0b16b4e6c833685b15ab930c8eaeec228391f6b26bc1fcda208c7b
1b75d3c01b481f0ccd00800a3dd803e9807d3fb1961f66a53fa0d0e091bb3cb7
1f449b6d1dba1bf792d53ca14c3938763dd4b0f7208cddab9eadce5c41d108a3
1fc9e562f67ac01fc3db71ce882b51a1096010a777f2d9f3a87db6a642ad19a2
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
268653524785d611cab68ecbf094a5720b51a8e15828eb2bbedea14bb17c5354
26f43788d6f24ed01133b2a18ee170b4e1ba2af7c81d633840fb8a05bdca6e9b
28f7d67cfa34ceb2c89c3654c49bb1b9c64f3f0bcbd8f42bda3d29eeb1208dc6
2a0114ee843f8e5fcb15026a43365c3455464f43e1ea135b075e49662a9905b9
2a12b82bb4b7e9b29fd41e3f22c394ee3d3737f8f9af9f7ae041d0bb895d8bd1
2a8cadd71f7dc844a929c41d81858be70df79038a44bd25e7e6a3956c7fdf85e
2cf6e3735711cb747ba8bdf53c78cf954bf3579d10d691dfefefd243f1a5dd6e
2d8a628333a76cfe484a2b9c01bca786fccf08d0010d4bffca2b38b29dd4ed0b
2dc6b608f38ecbf65f6942da886e4a746f003ea35da562ef85fcbcd4369dc62b
2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac
30f3b038c341bc4064e2a6591307c99fc2b60105a4c6a45ec511f54137c34d55
31e50406a9f34d791065021db1990af9fc39ad5f4654e28a2b388cfcb17fee05
32c6c8175c556f53109ae8579fcd763478eb74c8b756e98f1f651ccf58732aff
343bde3e98b9503c4aa226f553e1e53a20437cc8a4e3aa84eff40b5e8bd99afc
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
34c24a9f2f3b895fd2ee5a3b26571ed392378304ac6f87d9dcded2529b47ce57
369e456b46d16a544d65269fcaae1c1edc9d75edca11e324cde573943c240072
36db3512ea89976cd734e544a1edd6a0609a824da59b596146f955cb6274040c
3708af56382d5c8ab19f6816ff04b48b15abea4896cfc28decf48d26d4e3c3d2
393be40f33765f8293a512c338e92e31d467d6ce2e5d5a64fa1cfae498e72cc9
39c4be699458b5a63bec979d0bc7fe44c0b152a4c57dac6631b07ee6d4dfdb95
3b61cfa99526a09cd475d413ab0e20615b78081883a4d64d19b3af025eacea54
3dbab26b6050d95f1f5165ebb4114ba93bc15f011f34eca927242cb3d1f0d95f
3dfc92728cb060fb00769ef2d288e623c76b9ee1e7b6d9540b2e37c6aeac5889
3fa475ad9dd9c0bb2328beb67fcf6085332122077f3b535f9f2e3c65a1a26722
3fdc456f04f1fc0810426165c11e0cb1e6c0cdc7e186b25b2be8100a1c69257f
4013815c062a913724b100213570c46fdc0463020d81b5b2ed7ed0b4a56eb727
4124e9739c0a68290bb7c4437b303b57eed7b32ea383ba28936dbb3d98aea1c7
4135944d69b30495fe01a8d8474077055a055c913489125cb52a675841ab2e25
41842b8a7787f30dd7c129b53b921da9705e8420e0926550013d0252822547ec
44f42160647efdb85b129d040beee22d6e3a55998c83febb2f4a03ccb0e4b714
45055babdbc02ea34c7baa53f33fc68389c4c5f73afe0bfafd6c9bc5733399bc
4508ed282e22c46c28e17901b281d40056792ded8d2282eb16617bf6f66dbf9c
46b713ecb8535f31055d6349de02f1051cb87a9433a17ad7e80d8efb065a03e7
48b3b17bf53635986804b63fb97b63fd84d72e6f2d169519f36ba2a3ca6a70a0
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4acd60b107c604bb10e4308dd5aa04d2f8bdb490d5c3a77981617dfa5c2a576d
4cb61e44bf63a9e090e666898cd04d382e4c33b55b62cc5e9ff7dab055fbf787
4d57f3e484049e822c85edf524d5cef778fe769a8c10eec807c3f987009c9548
4e838cf2ce665e2208aa8515065b3c524003a16034b5b759f36a4b982e4c2501
4ed07f590bdfa9aa775dbfdef617d98e1e972d102d4289c7a68d3bd9118c280b
5111a42826ba8b50d8f02fb189cf6c24b1a91710eb639d695437498997a30f69
53056a4566d25ac95d51f9927a5e328358a9726a7800a2c36f05910f710cce85
53e15c9521875f1e3db0552ca297efd73bf3f649125e0467f5301338a345fc91
544ed0eb98a5b7a489c206546fe3155e32508ceda7da3d3d25f6100c0097cd17
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
575593b187efc8e164cf80d79952d18b79ecad5fb42a81b1711dedf7a2af46b9
5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba
5b276423ec475f732888c695bb9e2f852868409cb99ae992200d57b3fde08ba3
5c31698e0cf01f68fe45381e6359de5c5beff2371359e413267729a88b1cca01
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5d5bf22bef8cf97bbeba3a744967690de92394ed356ba77b908f854fd4671422
6087407f28cbfab23e3c6e98e180dec583e1725fb522f414946e08e3c2a6d93d
622bd29e595894b02f5c5ab95628f99d6e6d46483bac342b4fff38bbc64a8a35
629df1def5e236ed0725d530df2de471a917221677057d58baa8686f4456308c
64b0515dac3562cf5137c0775b2a3631cc10ef36a62f96b8590c800f794ce4cd
659e7da9c5f2ea8933af2e78a4d9646b419851e9979dbb38d12e9d43c7711cb3
66a1646024f0fd58b7fbc8f674b9c097d9e9a96ab0dbb11b92bb377a2eccfa4e
67a84a39ba8f7d4a16a477304a3a0a8dd86ffcd75683b3e3222c7a59661f9c6d
6a445412d9169d67973237446c863781e3e661653e36ab7e83ae24a521da5d44
6c2cc4ca2c334a2b67bbc3f9a550682887c8c2831cc338299e01192257645545
6c67afdaf9f3aa20008089c39b35ffce9ae635db7bbe0d53be99792e170adc0a
6c848f8748dcbd3ae9248bd4ef3309e931660b0ebd18b20b7c3989ac54144e5b
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
6f97fb27fc5a2b0b2ef192937aeea30f869e026c98518e154a796755e3d0d864
74bce64b8642ede6c809586769d20a3bb3f69b7cbbf3edd32f81108a7767e1e4
77304452b2274417b8a3476d75f1253e5d144edde5a269455d4d7a4ab5df0ec3
7779b7dc26af3310711148c1acae9e02f631e368239e048597ce7ec6f7e05e98
78f1e4753f574162c7ab58a2ab05779e44cb50b8c53ef59852e4d801597abfaf
7a03a74a92cb2f04b7f3e0338f51a3c4dfc1491a8f046b722f8a951502a7740e
7a20b3be7d4327e93b19c5f9294f18c262e209b1831db3daee58a82baf8f96ff
7a5de508f163596415bb264f8f130f70d18ca0deddfcbc0fd7312de00214f9d3
7b5fc275c98a58b1073a713920cefa54fab60ad9d85a67cf6907aaf8fbb3c474
7b7642ee69bfb367b8471fa2ce3c750c0e9a672acb55c268abd5e541ecfe16bf
7c372b7c48b31724a9536ee4ba3fda2ba092916acb6c6be3c6b445d91597bd87
7c4d72e2d472e7e06026bb5d0015364bf5592cce84d6e747af34f90227b15821
7c7399d32456ccf860fbaee43cbfb0b746f6efcffc5537851eab271e73b5b7a6
7cd9e72894580d70b0cc6a28b3836d34eb7f907eb97a152c310bfebafb65a2f7
7d0f4f7cdf67f0adb696aac5b9bfc64d4f83ce63300eaeff781e8da2529f5a93
7d29213064fdf8bfceb38f5266f178f36fee29ef00140c7c6c3c0c086b00d307
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
7daf3f5acd448e33c96a746407198ccbe6eff0402f20bbf1164a1129205c13bd
8072ecbe362ea60387bfd2a1ef79ca8dd80c8c12ec2645c94ecc9c469c0fc8af
8220596e6a32feeaa3c95078f2a72efb6a01025245097384816d26c2a3f38c3a
82510758e8bab75b00009ace24ca47c55033b49bf0385cf02875fc248fef2670
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8394fa4c884becaf16b858b07351f347291befcbc43bf61bd472e1a132aeccef
84fdb44da06c6f70548aa4b4f73b439515775dc211d85b3f55721954e2329049
85b8a0e5bf5a3a99353f90240d550078fee29d6df74fd47cc139f3bac73d865b
85d11a34cf5ae0738a3f2a2e0f463484c9b7371b46c9e5bc991f57d44f58400f
8742843c9c346c419f6a487e08a8f6d6c5f3200d4f7a7c0e15dab4a4a7c0c65d
88731bd32d2242a6918772bd11e6e16f46c2e3c05c7bbd4ed47d162cff9683f3
8995e173fbc28814420648e43c723f859473e3ee823575b0b32af64796620cab
8c7ee0238fa5cd80a02ef9870a7fff498ef52097181cb73edb9219dc022fd919
8db469b90b8d9e2a0675931132266a305d0f080fc5ef4e7bd0f841f161b78b5f
91d4207e7c66e4f58b75db09d4bf19e44186e48913d9f9fb8a15823019ea143b
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
94ece170ac337a76b357bb486ae6ddb00ef2418e8b00d81cac6942b8ebfb6510
96d33f532112177ede6bf262dcf6d0140dbe29f05a4595d17b0be4743205b5ea
978bbde57b292c60c62b0d2c26d51be6460dd1b1cc7afbeab4b8810cc9fb8f05
9840e5261564d2b2575ef0c31e248f448397153cd846edea4810be60efeafc52
9a44ab6217570448889e9e625c86288f47692343285d48fd2642e9f9e46c3158
9bd8c19f3d4f5fdd60b123818f5df4fc1d4fc3bb7f18a23faa50a7ee0278b909
9be7537f55bde87db7acf7c9aa482e56e3c8891f09710e19113637cdbb8143ea
9c677df6c0eccea7dfe6231398ee68e1e1fcd0061912fb23275f631d8c1c8bae
9f29c510c4b21638d69fb6e6513fcb03ded2d50e2347644ddb214fd760a9372c
a3391a9fa68a12cce5d9736593e3b24f78698c5f7f6a6a3a1a6644f813875403
a3622c7c6c64b493c982f365e01b5eaa59f48da664e98025c383d4f8c57c4396
a37ca4608218cccdfb8b6d4edbdfbf375d0e1368b46397e3b7049e0cbf5bc1f6
a3f36146f67554b989421cd2be6d58d97fc92f7c6e130d6152a0659a770f8fc2
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c
a549034009f79ead18a2154a8b730d8acb61e2f36c0434c0f9cff0f73df5d8cf
a71906f87b3603ad144c94d721618e87bd868fefbabf53743730c6aa0f1b1343
a7467c2e03239b2990273b1f57ba654dc7211e9244d3a86f838cc09790104193
a87f4fd815fc95288f2da6efc536c950ef940bd9eb52176fd9e8e56107cc65e2
aa014d32cb2f0fed10084c403e677c10b0e7b77898f2bd790af112330ecc78d1
aa06051b1c939145f22a163564c3b9d5a3e5b95151c11d675fee25a5ac272a18
abd2a457215e60ab60b2a6b4f25a17583c5d80e13935f76e097236f729c5dcd6
ac5c0cb194d016a5b86c0ebf341b176a9ea948b1d5c0b35074696039bdc9aba4
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
adef2af3bc521b5d2171f199574fdfc7421d81323511fb82c60d89ae0ae6fcd0
b385fd0614f2927f0e7fdc03ccdb2428e3a93de0c7fe467149b34213cc32c0f6
b6bad8fb5327a87ba126a50844529fa2d207b42b7df8e31e104c5d48c5092d87
b6fa87c387d5db09c4ca0b7a5b9c22c064787488c8eec63a7f173101cbbbbc58
b8410a075bea6718f549c25b3da4d714b8c262d8c029849748193f614b383631
b8aafe0abf8b20593244ec20b5239f72a3d239abeaa943ee04bf4f32e9b8dc2e
b8cb27788844e455b92854743ee7ecab79e95c50735dc7e23b064b92e359bbf6
b9065ce3b15006e2211ffa09108571baf48e21db653a8098d53a0a828f10cd4d
b9382c1ac33e60533971224071a03c61bd2a759689a41085dbc757872e40ec5b
b9fb5b0f85d85712c484371fdbfecd018e2cbf9c627670b601a502fa4577a129
ba0250e71d8796cbd2f3310cdac52c8c1723c611df9a0f5b747934945d49140c
ba23d13ab9eb27eb4933ae12135dc7f2775699d06d8628f73b9ff9b9f01aeef4
bab527bcf0232ad28a870abdd7e18dd7b42b0994beb65c36530ae9baba74494b
bc9739d0d7392121fdc9d51cee01553a500980a5ce417343483982c68e3e2625
be73c16f766dc7c7a8c08a6ba72cdd7645f553ec28ca32640022b6d7355f590a
bedbdc5e01fd1749ece5ad222243e3a27c2dfa5b8871328289d89aebd013ea7e
beec1a102eeef34452d715d74e9e76d9bf3ac64171d98f301345c0780578f96e
bfb46525225181ed533855b5d5540eaf0a8b4ab05a5f0413316570e6c8455383
c244902a08449273be5f6922fb634b0b49f279b7919af605fec7a1cd9a0d39ae
c347a51497091ee71f5a8e9edda0eb728ebee53336051447c66838997e8aa734
c36d0094cb3d176360c91599d13da78f0c77df004bc076aadd883f189fa1767e
c6a75664bb6f5dad258104bb7c11dba4eeebad12aa673fe9f93c199a7e04133c
c8d20f2ec4e0562596cd22bc91b00586d7fe77152cbfeb81db48b38274fdaf18
c90172b5431c9075ab79303e0ce34e304768f6602952a97c14fa0010885b03a1
caace78c6f887ecbf780bdf5b71e57a02776d7ef5a0e54e797e3e007130262e2
cb88bf7a67ba917b5ee7b4a1cc593d8bfe94cf2670cb24df338308ec8a573ec3
ccc0c1397db71720dc6565ce306e033eba13f61a175e3e14ca3b5093204e1172
ce043667908d00d8e98d74e8a805b8a6cbf6aacdfcc5f44879d52a5eaff6930e
ce4cb34807330a0b7afe401877ad09ecc7f930f9706cac7994716bcc1b3fd886
ce90d978164af230185a56b2420acc4439027772953d6b9a3079d4e8bebe9d94
cfc86c5d7acfe015875d9893737f5a243d8ba8c0cafef01b2b5ffa46cabb9e0e
d0154bc5c5f57538a82d600332062423bc61361a127b27cb1be7077c07e34fdf
d09e163a3868a47d1c51be0b013497ce6975c036fcc5d7b65bba70419c74b7ad
d5b7288f327425755badd771bd9807addb77d9a752890906f95eddfed131b627
d7f837ecf8426cc760739e8a17218b3b501156f43a7bd03afb7207949b12ab0b
d9c87649ea0d3887935b585e34bffde896651b69930149b79ec4a574534dd864
dab98b1d5558dd15c7db5ada4438fe03a424a7c1f5e0f29567d39a0a892bcc41
db0de0d4de1311eb99b9327550146b23da220725b6739baa3158eb12f12d358a
df4b376fc112266e6f1854609311b809452d452ecead88a1689693f8c2af84e7
e02a28e995334093dff6f19238e59aba7b5ba434ea2c84ef78f6a70ce260b49d
e0b867e89571d23202e9a1cf026372048737c930c3e0c6002231ef5729297e4f
e15f5c399a4e19ebe3251495bb1b6734f5691bcb67bfd64c1073a89b37f7591e
e20b68778dd2f83aea8f4c96b03c1fecf5d255ae53c86cd293968de3a6475568
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3cc2f7251c41ff1f4b2e07a3ccd074d21288160fbd9893f0f0e4fc62d2c63c5
e60d58e3602f1b85a212115e4d7300e09234e89eeec8df6065c2568c43e3f056
e69c8d33258983d26a64c123163df7cccdccffc8178e8c4365ae5c58e48040d3
e6dc579ac077f2e0bd24a04b3d2b0c88a2d977cd22a5170d2851644e5f25ec68
e7ac9409eaf87e270f1860f0aea0dfb7f74c31e18a0679a9d2ec44acade354cc
e7f5a831ead8920451598097754bb1d4fbf16fff1fd90794b950724867345794
e918c7a354d2f69cfd44ad24c87b814cf2d86a0d73854f3259cc69f9f3f6a19c
ea3906631ed3ac3f02664bb801434732b02ec1b79ca261909136c5b4ef663de9
eb2717f24569d4ff3b4ab9000a0e36ef758c2764baac864e6bb4167eeae08728
ec6bb89fc1e8890c4c5ed5585f056c095c71b19cb32b9f4a67cba6c34adf70b1
ecb531bdf231039081a7a6879d73bca91d8b8c7fc671615063746454c0daaa8c
ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235
eda8f00e9255746e7620848227aca122053845c9b4a90f1b3e26b4cd99af9e25
eddfb285df91d818926b2f8ec64c71be82e0ea4f21ca9f63f5b0bc5dbcd75b0b
ee855adef8d74ff58e90a1c1c1efcf2550e3ba6d0db5a80a417b0dc22a3efb94
ef1605fb5d18e00bb446a2009a75eb5c44486fdddbef8d64acfdfe2b8d9ecd83
efd9885e28a8bab88f38cc1d62a3b5aae4f3508420abe3242ac4bbed30e5204d
f1615095a9e662d58ed44a7fc6c80c04b642ee9122a037e620680008463b3e68
f1d3afb6b5deecb8fca3f28252f634ea36c736003f2f61538968c6d337ad6b9a
f2401623ae567bc1ee575b6702e3a178c8b4f6a58d29cdfa3caae48e03ff9b2e
f2a31a2e0e6b043951d06351175ae4ba898dcaf54f7046f01718cf992f2c1907
f403b8185a2a6777d3ca85a914289b03522d148b1f12d4087b564a35417a1f47
f8262dd29fd6d3274eab1dc2c06a77a0cb803358ef1512416b5497239ee09cbb
fb9c61f90626f09bdeed4fb101e70f3303096693a89670958cd13edd3db22b16
fdf3003543c3572ba8dfc6a87a9289ebadde2db18f09a36657301eaccd157866
ffcde34efda55a63cb66dbec4bf10acb531014d581e2d8e511836b84e08c2305

seguranca-informatica.pt Open in urlscan Pro 2606:4700:3037::681b:bc6c Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

253 Requests

100 %HTTPS

57 %IPv6

28 Domains

40 Subdomains

29 IPs

5 Countries

8686 kBTransfer

11036 kBSize

4 Cookies

43 Outgoing links

Page URL History

Redirected requests

253 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

seguranca-informatica.pt Open in urlscan Pro
2606:4700:3037::681b:bc6c Public Scan

Screenshot
Live screenshot

Full Image

253
Requests

100 %
HTTPS

57 %
IPv6

28
Domains

40
Subdomains

29
IPs

5
Countries

8686 kB
Transfer

11036 kB
Size

4
Cookies

253 HTTP transactions
8 data transactions