urlscan.io logo urlscan.io
SecurityTrails logo

mrhacker.co Open in urlscan Pro
172.67.199.92  Public Scan

Go To Rescan Add Verdict Report
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Submission: On September 29 via api from GB — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 63 IPs in 6 countries across 53 domains to perform 231 HTTP transactions. The main IP is 172.67.199.92, located in United States and belongs to CLOUDFLARENET, US. The main domain is mrhacker.co.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 16th 2021. Valid for: a year.
This is the only time mrhacker.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
34 172.67.199.92 13335 (CLOUDFLAR...)
6 142.250.185.226 15169 (GOOGLE)
1 142.250.185.202 15169 (GOOGLE)
2 104.18.11.207 13335 (CLOUDFLAR...)
2 142.250.184.232 15169 (GOOGLE)
1 192.0.73.2 2635 (AUTOMATTIC)
24 78.46.174.169 24940 (HETZNER-AS)
2 142.250.185.163 15169 (GOOGLE)
1 104.26.0.97 13335 (CLOUDFLAR...)
2 199.232.192.134 54113 (FASTLY)
3 172.67.198.237 13335 (CLOUDFLAR...)
3 142.250.185.66 15169 (GOOGLE)
3 142.250.186.78 15169 (GOOGLE)
1 142.250.184.194 15169 (GOOGLE)
1 142.250.185.162 15169 (GOOGLE)
1 142.250.185.130 15169 (GOOGLE)
21 13.225.87.83 16509 (AMAZON-02)
8 151.101.192.134 54113 (FASTLY)
1 172.67.174.93 13335 (CLOUDFLAR...)
5 172.67.132.22 13335 (CLOUDFLAR...)
1 104.21.25.241 13335 (CLOUDFLAR...)
1 172.67.204.82 13335 (CLOUDFLAR...)
1 104.21.235.51 13335 (CLOUDFLAR...)
1 104.21.62.171 13335 (CLOUDFLAR...)
1 104.21.86.13 13335 (CLOUDFLAR...)
1 104.21.3.136 13335 (CLOUDFLAR...)
1 172.67.147.50 13335 (CLOUDFLAR...)
1 172.67.175.114 13335 (CLOUDFLAR...)
1 104.21.50.160 13335 (CLOUDFLAR...)
4 192.243.59.13 39572 (ADVANCEDH...)
4 12 185.94.236.247 42567 (MOJHOST-EU)
20 213.174.135.25 39572 (ADVANCEDH...)
2 199.232.194.49 54113 (FASTLY)
2 157.240.236.1 32934 (FACEBOOK)
2 142.250.185.110 15169 (GOOGLE)
2 104.16.160.13 13335 (CLOUDFLAR...)
1 157.240.236.35 32934 (FACEBOOK)
4 5 162.55.139.130 24940 (HETZNER-AS)
3 3 109.206.175.224 50245 (SERVEREL-AS)
3 94.130.164.161 24940 (HETZNER-AS)
2 142.250.185.141 15169 (GOOGLE)
1 172.217.23.99 15169 (GOOGLE)
5 67.27.233.249 3356 (LEVEL3)
4 136.243.80.153 24940 (HETZNER-AS)
3 199.232.196.64 54113 (FASTLY)
2 216.18.168.166 29789 (REFLECTED)
1 199.232.192.64 54113 (FASTLY)
1 199.232.196.134 54113 (FASTLY)
2 209.197.3.25 20446 (HIGHWINDS3)
2 66.254.122.21 29789 (REFLECTED)
2 152.199.21.187 15133 (EDGECAST)
3 69.16.175.10 33438 (HIGHWINDS2)
1 1 88.208.31.2 39572 (ADVANCEDH...)
1 93.114.135.65 39572 (ADVANCEDH...)
1 4 104.18.100.40 13335 (CLOUDFLAR...)
4 7 35.244.174.68 15169 (GOOGLE)
1 1 142.250.186.98 15169 (GOOGLE)
2 3 13.225.87.94 16509 (AMAZON-02)
1 2 52.17.47.34 16509 (AMAZON-02)
3 3 185.33.220.145 29990 (ASN-APPNEX)
2 2 193.0.160.128 54312 (ROCKETFUEL)
2 2 178.250.2.146 44788 (ASN-CRITE...)
6 104.16.93.42 13335 (CLOUDFLAR...)
1 104.19.241.83 13335 (CLOUDFLAR...)
1 151.101.2.137 54113 (FASTLY)
2 162.247.243.146 13335 (CLOUDFLAR...)
2 142.250.186.161 15169 (GOOGLE)
1 216.58.212.132 15169 (GOOGLE)
231 63
34    172.67.199.92 (United States)

ASN13335 (CLOUDFLARENET, US)
mrhacker.co
6    142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net
pagead2.googlesyndication.com
1    142.250.185.202 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f10.1e100.net
fonts.googleapis.com
2    104.18.11.207 (None, )

ASN13335 (CLOUDFLARENET, US)
netdna.bootstrapcdn.com
2    142.250.184.232 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f8.1e100.net
www.googletagmanager.com
1    192.0.73.2 (United States)

ASN2635 (AUTOMATTIC, US)
secure.gravatar.com
24    78.46.174.169 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.169.174.46.78.clients.your-server.de
ad.a-ads.com
static.a-ads.com
2    142.250.185.163 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f3.1e100.net
fonts.gstatic.com
1    104.26.0.97 (United States)

ASN13335 (CLOUDFLARENET, US)
thehackernews.com
2    199.232.192.134 (United States)

ASN54113 (FASTLY, US)
mrhackerco.disqus.com
3    172.67.198.237 (United States)

ASN13335 (CLOUDFLARENET, US)
adsxyz.com
3    142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net
googleads.g.doubleclick.net
www.googletagservices.com
3    142.250.186.78 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f14.1e100.net
www.google-analytics.com
1    142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net
partner.googleadservices.com
1    142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net
adservice.google.de
1    142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net
adservice.google.com
21    13.225.87.83 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-87-83.fra2.r.cloudfront.net
c.disquscdn.com
8    151.101.192.134 (United States)

ASN54113 (FASTLY, US)
disqus.com
1    172.67.174.93 (United States)

ASN13335 (CLOUDFLARENET, US)
clipsex.online
5    172.67.132.22 (United States)

ASN13335 (CLOUDFLARENET, US)
fappinghd.com
1    104.21.25.241 (None, )

ASN13335 (CLOUDFLARENET, US)
javbest.co
1    172.67.204.82 (United States)

ASN13335 (CLOUDFLARENET, US)
thesexscene.com
1    104.21.235.51 (None, )

ASN13335 (CLOUDFLARENET, US)
jav1080.com
1    104.21.62.171 (None, )

ASN13335 (CLOUDFLARENET, US)
pornbebes.com
1    104.21.86.13 (None, )

ASN13335 (CLOUDFLARENET, US)
sex4viet.com
1    104.21.3.136 (None, )

ASN13335 (CLOUDFLARENET, US)
xdultchannel.com
1    172.67.147.50 (United States)

ASN13335 (CLOUDFLARENET, US)
null88.com
1    172.67.175.114 (United States)

ASN13335 (CLOUDFLARENET, US)
phancongkhanh.com
1    104.21.50.160 (None, )

ASN13335 (CLOUDFLARENET, US)
tongdongkhue.com
4    192.243.59.13 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
www.effectivedisplayformat.com
12    185.94.236.247 (Netherlands)

ASN42567 (MOJHOST-EU, NL)
poweredby.jads.co
20    213.174.135.25 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
js.wpadmngr.com
na.nawpush.com
js.cabnnr.com
2    199.232.194.49 (United States)

ASN54113 (FASTLY, US)
a.disquscdn.com
2    157.240.236.1 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-frx5.fbcdn.net
connect.facebook.net
2    142.250.185.110 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f14.1e100.net
apis.google.com
2    104.16.160.13 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn.viglink.com
1    157.240.236.35 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-frx5.facebook.com
www.facebook.com
5    162.55.139.130 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.130.139.55.162.clients.your-server.de
rtbbnr.com
3    109.206.175.224 (Netherlands)

ASN50245 (SERVEREL-AS, NL)
PTR: 109.206.175.224.serverel.net
btds.zog.link
3    94.130.164.161 (Rheinstetten, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.161.164.130.94.clients.your-server.de
tsyndicate.com
2    142.250.185.141 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f13.1e100.net
accounts.google.com
1    172.217.23.99 (United States)

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f3.1e100.net
ssl.gstatic.com
5    67.27.233.249 (United States)

ASN3356 (LEVEL3, US)
lcdn.tsyndicate.com
4    136.243.80.153 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.153.80.243.136.clients.your-server.de
pxl.tsyndicate.com
3    199.232.196.64 (United States)

ASN54113 (FASTLY, US)
links.services.disqus.com
2    216.18.168.166 (United States)

ASN29789 (REFLECTED, US)
a.adtng.com
1    199.232.192.64 (United States)

ASN54113 (FASTLY, US)
glitter.services.disqus.com
1    199.232.196.134 (United States)

ASN54113 (FASTLY, US)
referrer.disqus.com
2    209.197.3.25 (United States)

ASN20446 (HIGHWINDS3, US)
PTR: vip0x019.map2.ssl.hwcdn.net
hw-cdn2.adtng.com
2    66.254.122.21 (United States)

ASN29789 (REFLECTED, US)
ht-cdn2.adtng.com
2    152.199.21.187 (United States)

ASN15133 (EDGECAST, US)
vz-cdn2.adtng.com
3    69.16.175.10 (United States)

ASN33438 (HIGHWINDS2, US)
PTR: hwcdn.net
i.jads.co
1    88.208.31.2 (Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
vcdn.tsyndicate.com
1    93.114.135.65 (Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
ip174213059.ahcdn.com
4    104.18.100.40 (None, )

ASN13335 (CLOUDFLARENET, US)
chaturbate.com
7    35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
ejp.rlcdn.com
idsync.rlcdn.com
1    142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net
cm.g.doubleclick.net
3    13.225.87.94 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-87-94.fra2.r.cloudfront.net
live.rezync.com
2    52.17.47.34 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-47-34.eu-west-1.compute.amazonaws.com
io.narrative.io
3    185.33.220.145 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
ib.adnxs.com
2    193.0.160.128 (United States)

ASN54312 (ROCKETFUEL, US)
p.rfihub.com
2    178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
6    104.16.93.42 (None, )

ASN13335 (CLOUDFLARENET, US)
static-assets.highwebmedia.com
1    104.19.241.83 (None, )

ASN13335 (CLOUDFLARENET, US)
roomimg.stream.highwebmedia.com
1    151.101.2.137 (United States)

ASN54113 (FASTLY, US)
js-agent.newrelic.com
2    162.247.243.146 (United States)

ASN13335 (CLOUDFLARENET, US)
bam-cell.nr-data.net
2    142.250.186.161 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f1.1e100.net
tpc.googlesyndication.com
1    216.58.212.132 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f132.1e100.net
www.google.com
Apex Domain
Subdomains		 Transfer
34 mrhacker.co
mrhacker.co
804 KB
24 a-ads.com
ad.a-ads.com
static.a-ads.com
3 MB
23 disquscdn.com
c.disquscdn.com
a.disquscdn.com
812 KB
15 jads.co
poweredby.jads.co
i.jads.co
613 KB
15 disqus.com
mrhackerco.disqus.com
disqus.com
links.services.disqus.com
glitter.services.disqus.com
referrer.disqus.com
106 KB
13 tsyndicate.com
tsyndicate.com
lcdn.tsyndicate.com
pxl.tsyndicate.com
vcdn.tsyndicate.com
44 KB
12 wpadmngr.com
js.wpadmngr.com
103 KB
8 adtng.com
a.adtng.com
hw-cdn2.adtng.com
ht-cdn2.adtng.com
vz-cdn2.adtng.com
826 KB
8 googlesyndication.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
177 KB
7 highwebmedia.com
static-assets.highwebmedia.com
roomimg.stream.highwebmedia.com
93 KB
7 rlcdn.com
ejp.rlcdn.com
idsync.rlcdn.com
2 KB
6 google.com
adservice.google.com
apis.google.com
accounts.google.com
www.google.com
43 KB
5 rtbbnr.com
rtbbnr.com
4 KB
5 fappinghd.com
fappinghd.com
3 KB
4 chaturbate.com
chaturbate.com
30 KB
4 cabnnr.com
js.cabnnr.com
66 KB
4 nawpush.com
na.nawpush.com
2 KB
4 effectivedisplayformat.com
www.effectivedisplayformat.com
3 adnxs.com
ib.adnxs.com
3 KB
3 rezync.com
live.rezync.com
3 KB
3 zog.link
btds.zog.link
822 B
3 google-analytics.com
www.google-analytics.com
39 KB
3 doubleclick.net
googleads.g.doubleclick.net
cm.g.doubleclick.net
6 KB
3 adsxyz.com
adsxyz.com
3 KB
3 gstatic.com
fonts.gstatic.com
ssl.gstatic.com
107 KB
2 nr-data.net
bam-cell.nr-data.net
1 KB
2 criteo.com
gum.criteo.com
743 B
2 rfihub.com
p.rfihub.com
2 KB
2 narrative.io
io.narrative.io
810 B
2 viglink.com
cdn.viglink.com
532 B
2 facebook.net
connect.facebook.net
78 KB
2 googletagmanager.com
www.googletagmanager.com
85 KB
2 bootstrapcdn.com
netdna.bootstrapcdn.com
84 KB
1 newrelic.com
js-agent.newrelic.com
16 KB
1 ahcdn.com
ip174213059.ahcdn.com
42 KB
1 facebook.com
www.facebook.com
1 tongdongkhue.com
tongdongkhue.com
914 B
1 phancongkhanh.com
phancongkhanh.com
916 B
1 null88.com
null88.com
926 B
1 xdultchannel.com
xdultchannel.com
1008 B
1 sex4viet.com
sex4viet.com
967 B
1 pornbebes.com
pornbebes.com
977 B
1 jav1080.com
jav1080.com
1008 B
1 thesexscene.com
thesexscene.com
1 KB
1 javbest.co
javbest.co
1 KB
1 clipsex.online
clipsex.online
1 KB
1 googletagservices.com
www.googletagservices.com
27 KB
1 google.de
adservice.google.de
853 B
1 googleadservices.com
partner.googleadservices.com
657 B
1 thehackernews.com
thehackernews.com
60 KB
1 gravatar.com
secure.gravatar.com
3 KB
1 googleapis.com
fonts.googleapis.com
2 KB
0 imrworldwide.com Failed
obgpm76tt0a0sgozk8l.npdredinuid.imrworldwide.com Failed
231 53
Domain Requested by
34 mrhacker.co mrhacker.co
adsxyz.com
21 c.disquscdn.com mrhackerco.disqus.com
disqus.com
c.disquscdn.com
mrhacker.co
16 ad.a-ads.com mrhacker.co
null88.com
phancongkhanh.com
tongdongkhue.com
12 js.wpadmngr.com fappinghd.com
js.wpadmngr.com
12 poweredby.jads.co 4 redirects sex4viet.com
xdultchannel.com
jav1080.com
pornbebes.com
poweredby.jads.co
8 disqus.com mrhackerco.disqus.com
c.disquscdn.com
8 static.a-ads.com ad.a-ads.com
6 static-assets.highwebmedia.com chaturbate.com
static-assets.highwebmedia.com
6 pagead2.googlesyndication.com mrhacker.co
pagead2.googlesyndication.com
tpc.googlesyndication.com
5 idsync.rlcdn.com 2 redirects c.disquscdn.com
live.rezync.com
5 lcdn.tsyndicate.com rtbbnr.com
adsxyz.com
tsyndicate.com
5 rtbbnr.com 4 redirects js.cabnnr.com
5 fappinghd.com adsxyz.com
4 chaturbate.com 1 redirects poweredby.jads.co
chaturbate.com
4 pxl.tsyndicate.com rtbbnr.com
tsyndicate.com
4 js.cabnnr.com js.wpadmngr.com
4 na.nawpush.com js.wpadmngr.com
4 www.effectivedisplayformat.com thesexscene.com
clipsex.online
fappinghd.com
javbest.co
3 ib.adnxs.com 3 redirects
3 live.rezync.com 2 redirects c.disquscdn.com
3 i.jads.co poweredby.jads.co
3 links.services.disqus.com c.disquscdn.com
mrhacker.co
3 tsyndicate.com js.cabnnr.com
3 btds.zog.link 3 redirects
3 www.google-analytics.com www.googletagmanager.com
mrhacker.co
chaturbate.com
3 adsxyz.com mrhacker.co
adsxyz.com
2 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
2 bam-cell.nr-data.net chaturbate.com
2 gum.criteo.com 2 redirects
2 p.rfihub.com 2 redirects
2 io.narrative.io 1 redirects mrhacker.co
2 ejp.rlcdn.com 2 redirects
2 vz-cdn2.adtng.com a.adtng.com
2 ht-cdn2.adtng.com a.adtng.com
2 hw-cdn2.adtng.com a.adtng.com
2 a.adtng.com tsyndicate.com
2 accounts.google.com apis.google.com
ssl.gstatic.com
2 cdn.viglink.com mrhacker.co
2 apis.google.com c.disquscdn.com
apis.google.com
2 connect.facebook.net c.disquscdn.com
connect.facebook.net
2 a.disquscdn.com mrhacker.co
c.disquscdn.com
2 googleads.g.doubleclick.net pagead2.googlesyndication.com
2 mrhackerco.disqus.com mrhacker.co
mrhackerco.disqus.com
2 fonts.gstatic.com fonts.googleapis.com
2 www.googletagmanager.com mrhacker.co
adsxyz.com
2 netdna.bootstrapcdn.com mrhacker.co
netdna.bootstrapcdn.com
1 www.google.com tpc.googlesyndication.com
1 js-agent.newrelic.com chaturbate.com
1 roomimg.stream.highwebmedia.com chaturbate.com
1 cm.g.doubleclick.net 1 redirects
1 ip174213059.ahcdn.com tsyndicate.com
1 vcdn.tsyndicate.com 1 redirects
1 referrer.disqus.com mrhacker.co
1 glitter.services.disqus.com c.disquscdn.com
1 ssl.gstatic.com accounts.google.com
1 www.facebook.com c.disquscdn.com
1 tongdongkhue.com adsxyz.com
1 phancongkhanh.com adsxyz.com
1 null88.com adsxyz.com
1 xdultchannel.com adsxyz.com
1 sex4viet.com adsxyz.com
1 pornbebes.com adsxyz.com
1 jav1080.com adsxyz.com
1 thesexscene.com adsxyz.com
1 javbest.co adsxyz.com
1 clipsex.online adsxyz.com
1 www.googletagservices.com pagead2.googlesyndication.com
1 adservice.google.com pagead2.googlesyndication.com
1 adservice.google.de pagead2.googlesyndication.com
1 partner.googleadservices.com pagead2.googlesyndication.com
1 thehackernews.com mrhacker.co
1 secure.gravatar.com mrhacker.co
1 fonts.googleapis.com mrhacker.co
0 obgpm76tt0a0sgozk8l.npdredinuid.imrworldwide.com Failed mrhacker.co
231 74
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-16 -
2022-07-15		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
*.gravatar.com
Sectigo RSA Domain Validation Secure Server CA		 2020-08-14 -
2022-11-16		 2 years crt.sh
*.a-ads.com
Sectigo ECC Domain Validation Secure Server CA		 2020-12-02 -
2022-01-02		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
thehackernews.com
Cloudflare Inc ECC CA-3		 2021-06-01 -
2022-05-31		 a year crt.sh
*.disqus.com
DigiCert SHA2 Secure Server CA		 2020-04-20 -
2022-05-09		 2 years crt.sh
*.googleadservices.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
*.google.de
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
*.google.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
a.disquscdn.com
Amazon		 2020-11-30 -
2021-12-29		 a year crt.sh
effectivedisplayformat.com
R3		 2021-09-20 -
2021-12-19		 3 months crt.sh
*.jads.co
Sectigo RSA Domain Validation Secure Server CA		 2020-11-27 -
2021-12-28		 a year crt.sh
js.wpadmngr.com
R3		 2021-08-24 -
2021-11-22		 3 months crt.sh
na.nawpush.com
R3		 2021-08-16 -
2021-11-14		 3 months crt.sh
*.disquscdn.com
GlobalSign Atlas R3 DV TLS CA 2020		 2021-03-22 -
2022-04-23		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-07-09 -
2021-10-07		 3 months crt.sh
*.apis.google.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
js.cabnnr.com
R3		 2021-08-30 -
2021-11-28		 3 months crt.sh
ssl1029306.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2021-07-12 -
2022-06-30		 a year crt.sh
tsyndicate.com
R3		 2021-07-22 -
2021-10-20		 3 months crt.sh
rtbbnr.com
R3		 2021-08-17 -
2021-11-15		 3 months crt.sh
accounts.google.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
lcdn.tsyndicate.com
Sectigo RSA Domain Validation Secure Server CA		 2021-02-26 -
2022-03-29		 a year crt.sh
*.services.disqus.com
GlobalSign Atlas R3 DV TLS CA 2020		 2021-04-26 -
2022-05-28		 a year crt.sh
*.adtng.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-08-16 -
2022-09-02		 a year crt.sh
*.ahcdn.com
GoGetSSL RSA DV CA		 2020-02-27 -
2022-05-27		 2 years crt.sh
*.highwebmedia.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-09-21 -
2022-10-05		 a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2021-02-25 -
2022-03-28		 a year crt.sh
*.rezync.com
Amazon		 2021-01-26 -
2022-02-23		 a year crt.sh
*.narrative.io
Amazon		 2021-04-07 -
2022-05-06		 a year crt.sh
*.stream.highwebmedia.com
DigiCert ECC Secure Server CA		 2019-10-07 -
2021-10-14		 2 years crt.sh
*.newrelic.com
R3		 2021-09-17 -
2021-12-16		 3 months crt.sh
*.nr-data.net
DigiCert SHA2 Secure Server CA		 2020-02-05 -
2022-02-08		 2 years crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
www.google.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh

This page contains 58 frames:

Primary Page: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Frame ID: A88B1B75ED09494CEA1C4EB2362D74A2
Requests: 68 HTTP requests in this frame

Frame: https://ad.a-ads.com/1313465?size=728x90
Frame ID: CC5149C6415C5962B8A828389EB0E094
Requests: 3 HTTP requests in this frame

Frame: https://ad.a-ads.com/1313461?size=200x200
Frame ID: 4701919624B0B98A57B676EC71D5D185
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210922/r20190131/zrt_lookup.html
Frame ID: 1EEC365CE9EC98AC87251CF8FD093390
Requests: 1 HTTP requests in this frame

Frame: https://ad.a-ads.com/1313467?size=120x600
Frame ID: 044D3310E2C649F0E4852CEB05BFED06
Requests: 2 HTTP requests in this frame

Frame: https://ad.a-ads.com/1313467?size=120x600
Frame ID: D7CB025498137AF5A93BC0C56B24A26A
Requests: 2 HTTP requests in this frame

Frame: https://adsxyz.com/sponsors/linkxyz/index.html
Frame ID: 57B0A829B5EDEC87DB90CA68AEE39620
Requests: 3 HTTP requests in this frame

Frame: https://ad.a-ads.com/1313466?size=990x90
Frame ID: 4EAB00CA30EE93FA1779930A4FAAB62D
Requests: 2 HTTP requests in this frame

Frame: https://ad.a-ads.com/1313463?size=320x50
Frame ID: 8E6C7E52F38D531402D01E4B24DC0C34
Requests: 2 HTTP requests in this frame

Frame: https://ad.a-ads.com/1313465?size=728x90
Frame ID: 1AA9BFE6E2250E2D3B405CE4879831CF
Requests: 2 HTTP requests in this frame

Frame: https://ad.a-ads.com/1313462?size=300x250
Frame ID: 22087848A6AB00C3B94B6F30B249CDB0
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7952463575870072&output=html&adk=1812271804&adf=3025194257&lmt=1632859408&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1632893350153&bpp=3&bdt=173&idt=219&shv=r20210922&mjsv=m202109220101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5239816377844&frm=20&pv=2&ga_vid=696830200.1632893350&ga_sid=1632893350&ga_hid=467676632&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750345%2C31062422&oid=3&pvsid=1607268127619954&pem=818&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=238
Frame ID: D93E74D3F514EC0CBB9F2206C4F1B966
Requests: 1 HTTP requests in this frame

Frame: https://ad.a-ads.com/1313467?size=120x600
Frame ID: 6988C7036AFCCF2A5C0B992D3C76890D
Requests: 2 HTTP requests in this frame

Frame: https://clipsex.online/banner/adsterra_300x250.html
Frame ID: 612CD5A120D4F880B24DE88A25F123BC
Requests: 2 HTTP requests in this frame

Frame: https://fappinghd.com/banner/adsterra_300x250.html
Frame ID: 58A363B2E9CC5E381880C63EBBEC2741
Requests: 2 HTTP requests in this frame

Frame: https://javbest.co/banner/adsterra_300x250.html
Frame ID: F5A245F84D52740ABDAF536CF00A548A
Requests: 2 HTTP requests in this frame

Frame: https://thesexscene.com/banner/adsterra_300x250.html
Frame ID: 727D08416829A6E9A9BBF0A3C11F8364
Requests: 2 HTTP requests in this frame

Frame: https://jav1080.com/banner/juicyads_300x250.html
Frame ID: A5E9933AEA6ED15B24264F14813BA7DD
Requests: 2 HTTP requests in this frame

Frame: https://pornbebes.com/banner/juicyads_300x250.html
Frame ID: D2B3647E759066A6C103C89908315EB6
Requests: 2 HTTP requests in this frame

Frame: https://sex4viet.com/banner/juicyads_300x250.html
Frame ID: 580A6212F70F2420B21B0AF0D1A22A3A
Requests: 2 HTTP requests in this frame

Frame: https://xdultchannel.com/banner/juicy_300x250.html
Frame ID: 9C52D2A54DB2E7935890170F83195CD4
Requests: 2 HTTP requests in this frame

Frame: https://fappinghd.com/banner/clickadilla_300x250.html
Frame ID: 0E23B2B49B81B78FC9038C8B700D9C07
Requests: 6 HTTP requests in this frame

Frame: https://fappinghd.com/banner/clickadilla_300x100.html
Frame ID: 9B41F22736A74D9CB1130E48B21AF0EC
Requests: 6 HTTP requests in this frame

Frame: https://fappinghd.com/banner/clickadilla_300x100.html
Frame ID: AE3CF89E6CAE325241E47185D292213C
Requests: 6 HTTP requests in this frame

Frame: https://fappinghd.com/banner/clickadilla_300x250.html
Frame ID: 27F541D75E682CE11566569F3CFC00BB
Requests: 6 HTTP requests in this frame

Frame: https://mrhacker.co/banner/aads_300x250.html
Frame ID: 3A82205E10690B1DE33E5C8B56843BBD
Requests: 1 HTTP requests in this frame

Frame: https://null88.com/banner/aads_300x250.html
Frame ID: 2C53C2EDAC683E5B346F5FD37ADB87C3
Requests: 1 HTTP requests in this frame

Frame: https://phancongkhanh.com/banner/aads_300x250.html
Frame ID: 2D2B6EC0D6EB496D451FC4CEAD6BBF7B
Requests: 1 HTTP requests in this frame

Frame: https://tongdongkhue.com/banner/aads_300x250.html
Frame ID: 1B4684E4ACABA7A76A4D826BF597EA1E
Requests: 1 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=mrhackerco&t_i=mrhackerco-51279&t_u=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&t_e=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_d=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_t=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&s_o=default
Frame ID: 61D3C431D7D5C366831109C027C8E58D
Requests: 19 HTTP requests in this frame

Frame: https://ad.a-ads.com/1313462?size=300x250
Frame ID: 6F1B86133FC08B215B293A23C320BCD5
Requests: 3 HTTP requests in this frame

Frame: https://ad.a-ads.com/1331410?size=300x250
Frame ID: D6A5D21C13A994136ED1CA7082CF0CD2
Requests: 3 HTTP requests in this frame

Frame: https://disqus.com/recommendations/?base=default&f=mrhackerco&t_i=mrhackerco-51279&t_u=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&t_e=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_d=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_t=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems
Frame ID: 227DC1CD68BCB807690C080965356EDF
Requests: 14 HTTP requests in this frame

Frame: https://ad.a-ads.com/1687823?size=300x250
Frame ID: B1ED4A6BD20CA038E81033E39A314C7C
Requests: 2 HTTP requests in this frame

Frame: https://ad.a-ads.com/1687802?size=300x250
Frame ID: D4EF1A4C5836555578C88D2F730DA28E
Requests: 2 HTTP requests in this frame

Frame: https://poweredby.jads.co/adshow.php?adzone=929956
Frame ID: 02121DC748E82B836EA75C69550C2F53
Requests: 1 HTTP requests in this frame

Frame: https://poweredby.jads.co/adshow.php?adzone=929956
Frame ID: 9DD2E5C58A1A0EEC219725A0028CE122
Requests: 1 HTTP requests in this frame

Frame: https://poweredby.jads.co/adshow.php?adzone=929973
Frame ID: 5679C009207CF4BC2AAF010FE8DF13A6
Requests: 1 HTTP requests in this frame

Frame: https://poweredby.jads.co/adshow.php?adzone=929973
Frame ID: B94780AA7CEAFDEA4744900167F0606B
Requests: 2 HTTP requests in this frame

Frame: https://poweredby.jads.co/adshow.php?adzone=929967
Frame ID: 41E0C9692E4B9F693F28F51B493F93ED
Requests: 1 HTTP requests in this frame

Frame: https://poweredby.jads.co/adshow.php?adzone=929967
Frame ID: 1559B117634B725CC01C05C42F2E6541
Requests: 2 HTTP requests in this frame

Frame: https://poweredby.jads.co/adshow.php?adzone=929979
Frame ID: 26FB5CC6A8759D14D89A29BFE5EAE60A
Requests: 1 HTTP requests in this frame

Frame: https://poweredby.jads.co/adshow.php?adzone=929979
Frame ID: 5FCC3831FFF23279452766D5C05290D9
Requests: 2 HTTP requests in this frame

Frame: https://tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=718406681&categories={{ad_tags}}
Frame ID: 7B8890113980E21957989DEC8363BEDB
Requests: 5 HTTP requests in this frame

Frame: https://rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjoxNDk2LCJpZHpvbmUiOm51bGwsImFkX3RhZ3MiOiIiLCJsYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiNzE4NDA2NjgxIiwic3BvdF9pZCI6NjE2Nn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjYxNjYiLCJwYWdlIjoiaHR0cHM6Ly9hZHN4eXouY29tLyJ9LCJkZXZpY2UiOnsidyI6MTYwMCwiaCI6MTIwMH0sInVzZXIiOnsiaWQiOiJmMTQ3NGJjYTRjNGMzNjUzZTY0NDNhMTBmMWRiYjFkNCJ9LCJleHQiOnsiZHQiOjE2MzI4OTMzNTE1MDJ9fQ==
Frame ID: 6AF3760B5E3B539781414A2163642CE7
Requests: 3 HTTP requests in this frame

Frame: https://tsyndicate.com/iframes2/ecaaabf53036409d9c39b44bec79a69d.html?subid=1907070936&categories=
Frame ID: D8D080E3ACA6ECE61DF1E2D721E529BB
Requests: 3 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/iframe
Frame ID: AEB51D62168B11C6C98A4A6F5403C52C
Requests: 3 HTTP requests in this frame

Frame: https://tsyndicate.com/iframes2/ecaaabf53036409d9c39b44bec79a69d.html?subid=1907070936&categories=
Frame ID: AF970A1B017F5AEA5A1E9643E7F6D6FD
Requests: 3 HTTP requests in this frame

Frame: https://a.adtng.com/get/10010242?time=1592492288727&atc=265283&apb=dbg_ToUtSX-ci0o7z1OORgAAGzIAAAURADlk2wAAAAAABAxDAB0JwgAAAAJnTngk
Frame ID: F33BB1C7CC89856C62CCBBA665B8CED7
Requests: 4 HTTP requests in this frame

Frame: https://a.adtng.com/get/10010242?time=1592492288727&atc=265283&apb=tUR5OAaGRkuEWUvSod_x-wAAGzIAAAURADlk2wAAAAAABAxDAB0JwgAAAAJaLGzb
Frame ID: DD1EE9DE7B961E4F837CE3BF48D7EB55
Requests: 4 HTTP requests in this frame

Frame: https://chaturbate.com/tours/3/?c=1&campaign=NcAyU&gender=f&disable_sound=0&p=0&tour=x1Rd
Frame ID: 5E90BB8165F1090A7237B481A24CF7F7
Requests: 14 HTTP requests in this frame

Frame: https://idsync.rlcdn.com/362358.gif?google_gid=CAESEOpl3b1AxKcUf_VUry052LM&google_cver=1
Frame ID: E4F0B30C4216977B28464210EBE81BC3
Requests: 1 HTTP requests in this frame

Frame: https://live.rezync.com/pixel.html?c=4656c20ee35215f78e9273796625d90b&cid=c2kph8k114ahs1i&pctry=DE&referrer=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Frame ID: 1E8F8AA4003F75325F375CC18D84EDC3
Requests: 3 HTTP requests in this frame

Frame: https://ad.a-ads.com/1313463?size=320x50
Frame ID: 61A80E4AB92101203F3291E787410EE0
Requests: 2 HTTP requests in this frame

Frame: https://ad.a-ads.com/1313465?size=728x90
Frame ID: 495F9F96BC203217C8567751BA659F6A
Requests: 2 HTTP requests in this frame

Frame: https://ad.a-ads.com/1313462?size=300x250
Frame ID: 9C67AA1BBE79A5E5024DE636EDAD8990
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 7B857BFCD1C5DEE1A5C1DC4D77011C12
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: B069F2163357FB8C9BEEDBB9C358E6EA
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Russian Turla APT Group Deploying New Backdoor on Targeted Systems | MrHacker

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
Overall confidence: 100%
Detected patterns
  • <link rel="amphtml"
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • apis\.google\.com/js/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • <[^>]+gravatar\.com/avatar/
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

231
Requests

98 %
HTTPS

0 %
IPv6

53
Domains

74
Subdomains

63
IPs

6
Countries

7800 kB
Transfer

10400 kB
Size

31
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 100
  • https://poweredby.jads.co/js/jads.js HTTP 301
  • https://poweredby.jads.co/js/jads2.js
Request Chain 105
  • https://poweredby.jads.co/js/jads.js HTTP 301
  • https://poweredby.jads.co/js/jads2.js
Request Chain 110
  • https://poweredby.jads.co/js/jads.js HTTP 301
  • https://poweredby.jads.co/js/jads2.js
Request Chain 116
  • https://poweredby.jads.co/js/jads.js HTTP 301
  • https://poweredby.jads.co/js/jads2.js
Request Chain 168
  • https://rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjoxNDk2LCJpZHpvbmUiOm51bGwsImFkX3RhZ3MiOiIiLCJsYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiNzE4NDA2NjgxIiwic3BvdF9pZCI6NjE2Nn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjYxNjYiLCJwYWdlIjoiaHR0cHM6Ly9hZHN4eXouY29tLyJ9LCJkZXZpY2UiOnsidyI6MTYwMCwiaCI6MTIwMH0sInVzZXIiOnsiaWQiOiJmMTQ3NGJjYTRjNGMzNjUzZTY0NDNhMTBmMWRiYjFkNCJ9LCJleHQiOnsiZHQiOjE2MzI4OTMzNTEzOTN9fQ== HTTP 302
  • https://btds.zog.link/in/912/?sid=6166&source=718406681&idzone=&w=300&h=250&mo=&ve=&site_id=6166&utm1=&utm2=&utm3=&utm4=&ad_tags=&spot_id=6166&p=https%3A%2F%2Fadsxyz.com%2F&tds_labels={} HTTP 302
  • https://tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=718406681&categories={{ad_tags}}
Request Chain 170
  • https://rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk1LCJzcGFjZWlkIjoxNDk1LCJpZHpvbmUiOm51bGwsImFkX3RhZ3MiOiIiLCJsYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiMTkwNzA3MDkzNiIsInNwb3RfaWQiOjYxNjd9LCJiYW5uZXIiOnsidyI6MzAwLCJoIjoxMDB9fV0sInNpdGUiOnsiaWQiOiI2MTY3IiwicGFnZSI6Imh0dHBzOi8vYWRzeHl6LmNvbS8ifSwiZGV2aWNlIjp7InciOjE2MDAsImgiOjEyMDB9LCJ1c2VyIjp7ImlkIjoiZjE0NzRiY2E0YzRjMzY1M2U2NDQzYTEwZjFkYmIxZDQifSwiZXh0Ijp7ImR0IjoxNjMyODkzMzUxNTE1fX0= HTTP 302
  • https://btds.zog.link/in/912/?sid=6167&source=1907070936&idzone=&w=300&h=100&mo=&ve=&site_id=6167&utm1=&utm2=&utm3=&utm4=&ad_tags=&spot_id=6167&p=https%3A%2F%2Fadsxyz.com%2F&tds_labels={} HTTP 302
  • https://tsyndicate.com/iframes2/ecaaabf53036409d9c39b44bec79a69d.html?subid=1907070936&categories=
Request Chain 172
  • https://rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk1LCJzcGFjZWlkIjoxNDk1LCJpZHpvbmUiOm51bGwsImFkX3RhZ3MiOiIiLCJsYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiMTkwNzA3MDkzNiIsInNwb3RfaWQiOjYxNjd9LCJiYW5uZXIiOnsidyI6MzAwLCJoIjoxMDB9fV0sInNpdGUiOnsiaWQiOiI2MTY3IiwicGFnZSI6Imh0dHBzOi8vYWRzeHl6LmNvbS8ifSwiZGV2aWNlIjp7InciOjE2MDAsImgiOjEyMDB9LCJ1c2VyIjp7ImlkIjoiZjE0NzRiY2E0YzRjMzY1M2U2NDQzYTEwZjFkYmIxZDQifSwiZXh0Ijp7ImR0IjoxNjMyODkzMzUxNTQ5fX0= HTTP 302
  • https://btds.zog.link/in/912/?sid=6167&source=1907070936&idzone=&w=300&h=100&mo=&ve=&site_id=6167&utm1=&utm2=&utm3=&utm4=&ad_tags=&spot_id=6167&p=https%3A%2F%2Fadsxyz.com%2F&tds_labels={} HTTP 302
  • https://tsyndicate.com/iframes2/ecaaabf53036409d9c39b44bec79a69d.html?subid=1907070936&categories=
Request Chain 180
  • https://rtbbnr.com/banner/in/show/?mid=1453037432&pid=0&site=6166&sc=DE&subid=718406681&sid=0&cid=10920&price=0&is_cpm=1&cpm=0.0085&ecpm=0.00782&crid=&crtid=eee8f4c3bd8bcaad7852bacce0aa9408&tcid=0&out_id=0&ver=&ver_c=&refdom=adsxyz.com&hostname=auc-banner-hz-1&site_id=-1&spot_id=6166&utm_source=&utm_medium=&utm_campaign=&utm_content=&expirationTimestamp=null&created_at=0000-00-00&auction_queue=0&burl=https%3A%2F%2Fpxl.tsyndicate.com%2Fapi%2Fv1%2Fwin%3Fp%3De0SEGUNHhA4bLETQOXNQhJgwNG7QsBFjRgscYcyUaSGxIsaJOFrAiBGGTBgbM8zQoFHjhgiFc8SkITPn4BYRN2LgoAHDhg0cMUR0UTjGjU0dOVoqDFNnjMMYLWfAmDFxhgyYD2k6TEOnTJsvQpmSsXMwBgwcM2oohFNHzMEaamUwhQPnoIwYOSrGhGNQxwyeU2XAUFgGD50vc_o6NKnnjZsyYWnozTqmjd2_MW7IWDqQjJmDNuY-dOPmrowbOmXgUNjGTUMdNPLGYOsatmYYPhXWkcPmbg0bN2xQ3I1Vhwg0dOjAmaPjxQs6csascZHGjZk3L8xotCHGTAwxLcTkIBOjIwzOLXLAEGM-RkUzN2bkwJFjRtQfZMrYSTMmMp084CijByiG4KKO3GSw4Y05erjCOjLeuGMOEM46MMHu5JBwjjLk6GEINDRso4wL0bNhjDDkkCONDnsoUUEULwsjjTPc-IKmHu7brKUXbZijq8jQYJCOHuiYo4662MgDL71icGGMN9roETs52giDSDeuTMMOEhE00STF3kAsyxF7cEJLLns0qYcgiJjhiyzp2JIjMR5zI48e1ygjjzvekKMmF72EccgeYHCBpB7HYKO_NXCsYw0yjiiCBjlakEKGI5CYIogjllMjhyKsuCOIIJZgowlShaDijTbjUEMPUmNN1YkxcghiiCW-GELWNu2gwo005MgqwjYYqwmPPPR4MsrKrrzpPqJEgEM6sziCYS0R3pj2KR1isBZb7w4yNDdsx4ADrG3FPRQtbOWwA7MYsC3D3GJ1GJc2EeqoIw2HvpOIBjFQpGGMgWewIa4yhqNhhjDO-o4MMdojg4as0sBMBLxscMEiJ2Pw2IXVsqojDIeaeEOPNNhgI4wXajgUBBQedCPCCUFwgooKx90BBJmH2xmP4VIAIYgky7iiDDGW6KrlqlwwGOYlkKCiCSZYAGFRPUE4Yt413hAaRBHLeMG-Q11oKTUXUgJhCo1STIPpG5y2oTJuRSCiiKz8_GKMuu_Oio2-8VZIPzu-kKMM37p1qYZ4ecpNITlqPCiHiQbf7wsxhNWBNREI_6KNN8i4KygaBtfQLIUYPKh0aTVE9q7B8zBNh-jqKAPyMkA7LrnlmnsOTGSVhbKNF7Kaw12HNKTjSj9bqANYOkZymYwxXhq8bv2-oN76hep976r6ZlALXzraMO771ewbvwbUxjK8DMW-cLbblNIXn3GmxPCr89ybYsMgtgBOXEU5V-HkoKU3mKUPCggI%26s%3Db54146b5b5972675e30b53a633780f4b83347d5e43dcb23f58ba88e2830d3b041632893351&ip=216.131.111.28&testab=0&capping=0&min_cpm=0.0035&ttl=0&space_id=1496&url=https%3A%2F%2Flcdn.tsyndicate.com%2Fimages%2F3%2F7%2Fca7655b47673da6dbfdf2eaa89f96c535dd7bd%2F480x360.jpg HTTP 302
  • https://lcdn.tsyndicate.com/images/3/7/ca7655b47673da6dbfdf2eaa89f96c535dd7bd/480x360.jpg
Request Chain 200
  • https://vcdn.tsyndicate.com/images/1/4/4e5eb778d64f6d77d6c3ebeb908dfff874bbf7/main.mp4 HTTP 302
  • https://ip174213059.ahcdn.com/key=kSOl5diF0J+HbDTujkTzaQ,s=,,end=1632896952/state=YVP52INv/reftag=093898225/origin=152108259/images/1/4/4e5eb778d64f6d77d6c3ebeb908dfff874bbf7/main.mp4
Request Chain 201
  • https://chaturbate.com/in/?track=xdultchannel&tour=x1Rd&campaign=NcAyU&c=1&p=0&gender=f HTTP 302
  • https://chaturbate.com/tours/3/?c=1&campaign=NcAyU&gender=f&disable_sound=0&p=0&tour=x1Rd
Request Chain 203
  • https://ejp.rlcdn.com/501709.html HTTP 307
  • https://ejp.rlcdn.com/1000.gif?memo=CM3PHhoNCKjzz4oGEgUI6AcQAEIASgA HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm HTTP 302
  • https://idsync.rlcdn.com/362358.gif?google_gid=CAESEOpl3b1AxKcUf_VUry052LM&google_cver=1
Request Chain 206
  • https://io.narrative.io/?companyId=19&id=disqus_id%3Ac2kph8k114ahs1i&ret=img&ref=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems HTTP 302
  • https://io.narrative.io/?io.narrative.guid.v2=2da66810-20e6-11ec-a9a5-06119d0d8b4f&companyId=19&id=disqus_id%3Ac2kph8k114ahs1i&ret=img&ref=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Request Chain 212
  • https://ib.adnxs.com/getuid?https%3A//live.rezync.com/sync%3Fc%3D4656c20ee35215f78e9273796625d90b%26p%3D093016b0419d19c905c78c859b815219%26pid%3D%24UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%2F%2Flive.rezync.com%2Fsync%253Fc%253D4656c20ee35215f78e9273796625d90b%2526p%253D093016b0419d19c905c78c859b815219%2526pid%253D%2524UID HTTP 302
  • https://live.rezync.com/sync?c=4656c20ee35215f78e9273796625d90b&p=093016b0419d19c905c78c859b815219&pid=3244829569288000608 HTTP 302
  • https://p.rfihub.com/cm?pub=39342&in=1&userid=357b854d-0c8e-4a69-a6f3-b31e122d75e7%3A1632893352.33&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3Dc2kph8k114ahs1i HTTP 302
  • https://idsync.rlcdn.com/501709.gif?partner_uid=c2kph8k114ahs1i HTTP 307
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fidsync.rlcdn.com%2F52154.gif%3Fserved_by%3Devergreen%26partner_uid%3D%24UID HTTP 302
  • https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=3244829569288000608
Request Chain 213
  • https://p.rfihub.com/cm?pub=39342&in=1&userid=357b854d-0c8e-4a69-a6f3-b31e122d75e7%3A1632893352.33&forward=https%3A//live.rezync.com/sync%3Fc%3D4656c20ee35215f78e9273796625d90b%26p%3D260a954059a0ab1986e4ee8c5c88c54c%26pid%3D%7Buserid%7D HTTP 302
  • https://live.rezync.com/sync?c=4656c20ee35215f78e9273796625d90b&p=260a954059a0ab1986e4ee8c5c88c54c&pid=1871316023239078225 HTTP 302
  • https://idsync.rlcdn.com/501709.gif?partner_uid=c2kph8k114ahs1i HTTP 307
  • https://gum.criteo.com/sync?c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397676.gif%3Fserved_by%3Devergreen%26partner_uid%3D%40USERID%40 HTTP 302
  • https://gum.criteo.com/sync?s=1&c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397676.gif%3Fserved_by%3Devergreen%26partner_uid%3D%40USERID%40 HTTP 302
  • https://idsync.rlcdn.com/397676.gif?served_by=evergreen&partner_uid=5ABHRaiPG5B1vAZ1m6RWDH4K0a5uy3KK

231 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
mrhacker.co/malware/ 		87 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9c39061e556a9b345f0756474660bfd346f3a98a3a668ffa9fc4aade55befaa8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
mrhacker.co
:scheme
https
:path
/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Wed, 29 Sep 2021 05:29:09 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
last-modified
Tue, 28 Sep 2021 20:03:28 GMT
strict-transport-security
max-age=31536000
x-frame-options
ALLOWALL
x-content-type-options
nosniff
x-xss-protection
1; mode=block
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tYFl4tO%2FCHF92WiVyHHBy%2F3NNBziDcoix01mqxgU8UoNvfNMe3Iq%2FhAh4%2BcGfoc5X9WxWSSrd0%2Ftc2p4Oi71bQiFTrTFUq2eGxPTACQPqiBUmyyt5cXKyqeFO9VOug%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6962cfe9af0d3a63-CDG
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		139 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
6f46c2b77f2d088d2acf6aca54a9e726b75bae179a3454b577ae5ca45d1fa2f9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
49981
x-xss-protection
0
server
cafe
etag
14750501763638591015
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 29 Sep 2021 05:29:10 GMT
css
fonts.googleapis.com/ 		38 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open%20Sans%3A400%2C700%7COswald%3A400%2C700%7CLato%3A400%2C700%7CWork%20Sans%3A900%7CMontserrat%3A400%2C700%7COpen%20Sans%3A800%7CPlayfair%20Display%3A400%2C700%2C900%7CQuicksand%7CRaleway%3A200%2C400%2C700%7CRoboto%20Slab%3A400%2C700%7COpen%20Sans%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%7COpen%20Sans%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%7COpen%20Sans%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%7COpen%20Sans%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%7COpen%20Sans%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%26amp%3Bsubset%3Dlatin%2Clatin-ext%2Ccyrillic%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Cvietnamese&subset=
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.202 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f10.1e100.net
Software
ESF /
Resource Hash
99654901317893462dd2d3c9a9e19c20bed9ecca4e59e20308ec6d38d284f77e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 29 Sep 2021 05:29:10 GMT
server
ESF
date
Wed, 29 Sep 2021 05:29:10 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 29 Sep 2021 05:29:10 GMT
style.min.css
mrhacker.co/wp-includes/css/dist/block-library/ 		40 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://mrhacker.co/wp-includes/css/dist/block-library/style.min.css
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d9662b4b9ba6c2c3691ce0acd4572e027366eb97d6070550a13429262bb0037f

Request headers

:path
/wp-includes/css/dist/block-library/style.min.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
mrhacker.co
referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1760780
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Sun, 17 Nov 2019 06:06:56 GMT
server
cloudflare
etag
W/"5dd0e380-a1fb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P5k5NLQ7At%2FajFHLmn9qZbbHdm8Uj4LRRRf%2B7YQxXmFcLYbUAf6QsG2P49EOsh9dYRLJRXtgdHNdfmnD%2Btb5SASiguRnXzGGYFdbjJoNtgrztaPCZgVkN1Np8Lroxg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray
6962cfed8abd3a63-CDG
expires
Fri, 08 Oct 2021 20:22:49 GMT
style-6359d5b39ae2d90c6a3abbc02d07e794.css
mrhacker.co/wp-content/cache/min/1/wp-content/plugins/monarch/css/ 		102 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://mrhacker.co/wp-content/cache/min/1/wp-content/plugins/monarch/css/style-6359d5b39ae2d90c6a3abbc02d07e794.css
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e4e39faf7f1a2189448df77d8f21a44396df799e20800869ae83fde5a9b5a3a

Request headers

:path
/wp-content/cache/min/1/wp-content/plugins/monarch/css/style-6359d5b39ae2d90c6a3abbc02d07e794.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
mrhacker.co
referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1270337
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 30 Jun 2021 09:06:24 GMT
server
cloudflare
etag
W/"60dc3410-1963f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SX%2FdKdbhhKGw1bbIiXYGQbGfcDa6X9x2ddFzxE3Kn8YWdA7899eZWJc1ZX%2BOAgqAir5ZpiG73K%2BH0RWuuK8SF9qUN6gAWpgqaRLw5fAs7O883RioyNjCt8mKGOiamQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray
6962cfed8abf3a63-CDG
expires
Thu, 14 Oct 2021 12:36:53 GMT
reset-666dfc16f4a5298d5226fe5da1175949.css
mrhacker.co/wp-content/cache/min/1/wp-content/themes/flex-mag/css/ 		760 B
740 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://mrhacker.co/wp-content/cache/min/1/wp-content/themes/flex-mag/css/reset-666dfc16f4a5298d5226fe5da1175949.css
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
97152508df33871d78e6d8595480ac6c5cf8f2feb1fc1ef7fd2ef7a0517810c7

Request headers

:path
/wp-content/cache/min/1/wp-content/themes/flex-mag/css/reset-666dfc16f4a5298d5226fe5da1175949.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
mrhacker.co
referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
61723
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 30 Jun 2021 09:06:24 GMT
server
cloudflare
etag
W/"60dc3410-2f8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vBH7XHzk6pBzje1z7uQ89%2BShmOTQIZ8d982bqoVIv2U%2Ffmoi4wIqJDhb8o4VT97aS2n64K9BJl1oPzEpztfX2lcTNKHLFhyHBJRhMk4qP6zDl2PZ2b0OAxVPiYAwqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray
6962cfed9ac23a63-CDG
expires
Thu, 28 Oct 2021 12:20:27 GMT
font-awesome.css
netdna.bootstrapcdn.com/font-awesome/4.7.0/css/ 		37 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://netdna.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.css
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.11.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
601, 617
age
13765762
cdn-cachedat
2021-03-10 20:26:31
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:55 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
b77866f2df94d17e00b65b86a2d7f386
cf-ray
6962cfedaac5216f-DUS
cdn-requestcountrycode
DE
cdn-requestpullsuccess
True
style-c469a470552b8b099fdd142bb5d06ffb.css
mrhacker.co/wp-content/cache/min/1/wp-content/themes/flex-mag/ 		74 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://mrhacker.co/wp-content/cache/min/1/wp-content/themes/flex-mag/style-c469a470552b8b099fdd142bb5d06ffb.css
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8255e8a2ab490330fa8ae9c0c9a34e26daa52b7118b72bcdb775156dcc38ef6a

Request headers

:path
/wp-content/cache/min/1/wp-content/themes/flex-mag/style-c469a470552b8b099fdd142bb5d06ffb.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
mrhacker.co
referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1008560
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 30 Jun 2021 09:06:24 GMT
server
cloudflare
etag
W/"60dc3410-128d9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IgCJyET74U4jTiGIir08vFxURVUeX5V730od1hzNDtL22Qe%2F8%2F1QAl5A8nBUpUbidggixNs7EnD6WUaYqqHWEUImXinhOvIIvRhRU1%2FkUnjj4vrpJ%2FmQTtgU6VJ6Hw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray
6962cfed9ac33a63-CDG
expires
Sun, 17 Oct 2021 13:19:49 GMT
style-sports-e92889c183fa5a3b94c6c4ec1e57dd52.css
mrhacker.co/wp-content/cache/min/1/wp-content/themes/flex-mag/css/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://mrhacker.co/wp-content/cache/min/1/wp-content/themes/flex-mag/css/style-sports-e92889c183fa5a3b94c6c4ec1e57dd52.css
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e9c53e491809ea05195e1c724e21985de514fe94d10e63b82293bdd4b2258f05

Request headers

:path
/wp-content/cache/min/1/wp-content/themes/flex-mag/css/style-sports-e92889c183fa5a3b94c6c4ec1e57dd52.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
mrhacker.co
referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
418036
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 30 Jun 2021 09:06:24 GMT
server
cloudflare
etag
W/"60dc3410-dbb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ezb8bZfYSQ2MPr4wZ6%2BNFLQJScGUIUBVrhDCNJSCUlrATy7abgamolkMGtj9Kf%2BbIfjVeqixSWLJ9Uld5aFqMm2abxXsc2itmiYj2EwYVWh9LRjdeylNQAl3nwSXQA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray
6962cfed9ac43a63-CDG
expires
Sun, 24 Oct 2021 09:21:54 GMT
media-queries-9fb6ca7580d86bf5140dbe620130df64.css
mrhacker.co/wp-content/cache/min/1/wp-content/themes/flex-mag/css/ 		62 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://mrhacker.co/wp-content/cache/min/1/wp-content/themes/flex-mag/css/media-queries-9fb6ca7580d86bf5140dbe620130df64.css
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
13b807f139804c62d4dd702d938f68fffae105e0e87a8656d30143d039ae5029

Request headers

:path
/wp-content/cache/min/1/wp-content/themes/flex-mag/css/media-queries-9fb6ca7580d86bf5140dbe620130df64.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
mrhacker.co
referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
61723
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 30 Jun 2021 09:06:24 GMT
server
cloudflare
etag
W/"60dc3410-f7a1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HY6TQq7I2S6zN72ANBk6Y3Q4czCNgBpAKIzHYnlcxzpNnPmz9S8J93uXlcyCY5kyqYeIAGj4r47pvPwi5GfPJAm%2FGZmFnlWtlyXH2wbe3Dew4LlNehn3B5bpGaLLpA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray
6962cfed9ac53a63-CDG
expires
Thu, 28 Oct 2021 12:20:27 GMT
jquery.fancybox.min.css
mrhacker.co/wp-content/plugins/easy-fancybox/css/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://mrhacker.co/wp-content/plugins/easy-fancybox/css/jquery.fancybox.min.css
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f34bb7d9c8f2db0e78e5d7b226bc169182f8c22e7cd1a3e7b5767519b709c1bc

Request headers

:path
/wp-content/plugins/easy-fancybox/css/jquery.fancybox.min.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
mrhacker.co
referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1303453
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Thu, 19 Sep 2019 16:12:18 GMT
server
cloudflare
etag
W/"5d83a8e2-fda"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jxapynrvdsv%2BdzCANeE7ydcDEHslap4FimYEAVpPcEqjU%2B4ClgBeg1CzxDEnjAGtpckUrwMvki%2FljG%2F0oru2DRSogl9KNvro7TJ88bi6uknrl1RVcadAlw0cgeuuuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray
6962cfed9ac63a63-CDG
expires
Thu, 14 Oct 2021 03:24:56 GMT
jquery-1.12.4-wp.js
mrhacker.co/wp-content/cache/busting/1/wp-includes/js/jquery/ 		95 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mrhacker.co/wp-content/cache/busting/1/wp-includes/js/jquery/jquery-1.12.4-wp.js
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

:path
/wp-content/cache/busting/1/wp-includes/js/jquery/jquery-1.12.4-wp.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
mrhacker.co
referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
418036
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 30 Jun 2021 09:06:24 GMT
server
cloudflare
etag
W/"60dc3410-17a69"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YgmyDgm7lJhc%2BWJkJn%2BvsBO6tbOvoSVZZiTxuscbEyfZizOxSFdm5DnCiR1KDUFKtnOpreLs%2B4F0isivCno0cKo4nyLkodvJJ2cAH8OiiYhx32CYhD1f6FfamWTe%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray
6962cfed9ac83a63-CDG
expires
Sun, 24 Oct 2021 09:21:54 GMT
jquery-migrate.min-1.4.1.js
mrhacker.co/wp-content/cache/busting/1/wp-includes/js/jquery/ 		10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mrhacker.co/wp-content/cache/busting/1/wp-includes/js/jquery/jquery-migrate.min-1.4.1.js
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Request headers

:path
/wp-content/cache/busting/1/wp-includes/js/jquery/jquery-migrate.min-1.4.1.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
mrhacker.co
referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1426194
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 30 Jun 2021 09:06:24 GMT
server
cloudflare
etag
W/"60dc3410-2748"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yMuZG08UGVECwo1ExbPVDaC4DJJ6Gc%2FJVdqMJBZXkQlDCwoeZUDYcWR8oqLvYtd5%2FkaS29e9W4Yq88LpdOpWVB%2F57ae0B3zFMlmO35%2FxXS3rNarymks0Yz9lhuuTpw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray
6962cfee1e5b32b9-CDG
expires
Tue, 12 Oct 2021 17:19:16 GMT
js
www.googletagmanager.com/gtag/ 		96 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-146590598-1
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.232 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
647bd83caba3a4b29c19e2ed0fdb74b2c6f83f4bb2058e143bb4ce161465204d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38987
x-xss-protection
0
last-modified
Wed, 29 Sep 2021 03:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 29 Sep 2021 05:29:10 GMT
logo-7.png
mrhacker.co/wp-content/uploads/2019/08/ 		59 KB
60 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mrhacker.co/wp-content/uploads/2019/08/logo-7.png
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f493c9cdcc3bd4b86124a98a6da5f57a04d38a46fc748116bb744064b001532b

Request headers

:path
/wp-content/uploads/2019/08/logo-7.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
mrhacker.co
referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
272682
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
60307
last-modified
Wed, 21 Aug 2019 17:52:56 GMT
server
cloudflare
etag
"5d5d84f8-eb93"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3W2ZJw%2BdemPz2wqLr6zmlGGRtlGrq%2FYvXKSYaodpV92DU5pscr5U6%2BCyMuGV3912FcxXbf10%2Ftl8AymyYNb9NDuR%2Bb7BgF1GeFP%2BUhT%2BPjDOOr2xrf65TVfDfOPV3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges
bytes
cf-ray
6962cfee2e6b32b9-CDG
expires
Tue, 26 Oct 2021 01:44:28 GMT
3ce722f11a748f0a8912ddbf696f7c6f
secure.gravatar.com/avatar/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.gravatar.com/avatar/3ce722f11a748f0a8912ddbf696f7c6f?s=50&d=mm&r=g
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.73.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
a7733d7cdf5627664c2672c9101d56d3c6e7f5351fe10353a25dea90eb3fd2ca

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Wed, 29 Sep 2021 05:29:10 GMT
last-modified
Sun, 26 May 2019 07:53:07 GMT
server
nginx
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
content-disposition
inline; filename="3ce722f11a748f0a8912ddbf696f7c6f.png"
accept-ranges
bytes
link
<https://www.gravatar.com/avatar/3ce722f11a748f0a8912ddbf696f7c6f?s=50&d=mm&r=g>; rel="canonical"
content-length
2298
expires
Wed, 29 Sep 2021 05:34:10 GMT
hacker-4.jpg
mrhacker.co/wp-content/uploads/2021/09/ 		36 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mrhacker.co/wp-content/uploads/2021/09/hacker-4.jpg
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d3deca09d4349262b3737b8bc8b708838208f2a9f4eae9a099dddfd315cf735f

Request headers

:path
/wp-content/uploads/2021/09/hacker-4.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
mrhacker.co
referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
33576
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
36920
last-modified
Tue, 28 Sep 2021 19:59:08 GMT
server
cloudflare
etag
"6153740c-9038"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oRk%2BandLU2GZF%2FeKUBcDl8ol%2BBQMR83TEfOlSxcmpSVtj2rTKUEl5O%2BrSqU99mW%2B%2F%2BbhxJwq7o7gZGPxA01uyabx8TQNba1EBufNMaIbvwSbQg9YwpjDs2IKCDK%2Bag%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges
bytes
cf-ray
6962cfee2e6c32b9-CDG
expires
Thu, 28 Oct 2021 20:09:34 GMT
1313465
ad.a-ads.com/ Frame CC51 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.a-ads.com/1313465?size=728x90
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
78.46.174.169 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.169.174.46.78.clients.your-server.de
Software
nginx/1.18.0 (Ubuntu) / Phusion Passenger(R)
Resource Hash
53fe53c56c5b1bbfc0e93be0885873cfaa6b27db47e7a9b022b0844dc7072bc9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
ad.a-ads.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://mrhacker.co/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/

Response headers

Server
nginx/1.18.0 (Ubuntu)
Date
Wed, 29 Sep 2021 05:29:10 GMT
Content-Type
text/html;charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding Accept-Encoding
Status
200 OK
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Powered-By
Phusion Passenger(R)
X-Original-Referer
https://mrhacker.co/
Content-Encoding
gzip
fontawesome-webfont.woff2
netdna.bootstrapcdn.com/font-awesome/4.7.0/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://netdna.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: netdna.bootstrapcdn.com
URL: https://netdna.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.11.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://netdna.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.css
Origin
https://mrhacker.co
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
601, 617, 718
age
208255
cdn-cachedat
2021-08-02 20:43:32
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
77160
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:55 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
font/woff2
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
e07447f5e346adf6c8a94af7ea358ae4
accept-ranges
bytes
cf-ray
6962cfee4ecffb5c-DUS
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v26/ 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v26/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open%20Sans%3A400%2C700%7COswald%3A400%2C700%7CLato%3A400%2C700%7CWork%20Sans%3A900%7CMontserrat%3A400%2C700%7COpen%20Sans%3A800%7CPlayfair%20Display%3A400%2C700%2C900%7CQuicksand%7CRaleway%3A200%2C400%2C700%7CRoboto%20Slab%3A400%2C700%7COpen%20Sans%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%7COpen%20Sans%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%7COpen%20Sans%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%7COpen%20Sans%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%7COpen%20Sans%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%26amp%3Bsubset%3Dlatin%2Clatin-ext%2Ccyrillic%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Cvietnamese&subset=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f3.1e100.net
Software
sffe /
Resource Hash
538dd4ff6e384a44155168326ac40a6c20a93cd212b1fbf88ae7b0c44f9ab0bd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://mrhacker.co
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:04:31 GMT
x-content-type-options
nosniff
age
476679
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44760
x-xss-protection
0
last-modified
Thu, 23 Sep 2021 16:50:17 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Fri, 23 Sep 2022 17:04:31 GMT
hacking.jpg
thehackernews.com/images/-gdZgt-_Zs3Y/YVHHHd7-cfI/AAAAAAAAD6Y/EXrVclCBNBgswsP4bi4l3gVe1TnfYbv8wCLcBGAsYHQ/s0/ 		59 KB
60 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://thehackernews.com/images/-gdZgt-_Zs3Y/YVHHHd7-cfI/AAAAAAAAD6Y/EXrVclCBNBgswsP4bi4l3gVe1TnfYbv8wCLcBGAsYHQ/s0/hacking.jpg
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.0.97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd6b4464f392f177e137577093ddc978acd3d80efc1a8128fb973caf6391a6e8
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
140002
cf-polished
origFmt=jpeg, origSize=71845
content-disposition
inline; filename="hacking.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
60268
x-xss-protection
0
expires
Tue, 28 Sep 2021 13:39:29 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"vfa7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t65fxcTEgYsLdQHwlYVsehzD9smWyRHUSvOorMnvp65gWQ7XtskJ6rE5O74RQ6qeEb8jwLgT4Rt8nL%2B1sSKkgH2WolKczyfxbfA9aJ4Gzj%2FuNoDTnoeoci9gJOKbHeoGMkf1"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
vary
Accept, Accept-Encoding
cache-control
public, max-age=8640000, immutable
accept-ranges
bytes
cf-ray
6962cfeecb0c65cb-LHR
access-control-expose-headers
Content-Length
avvxsehj3jtrkafkdnjbg2csejo9eeak4phcpuwsoyc1yc8-mrtn2fwdq14kymz4eitvva_tkoaz34d7gfz2lsnkabvwbyp1ibkyzkxfdmhgnjma1tsd6gffl2dmmgx3veyi5n3wlrhvqgummzgn7ybisqqbhlt_xetcq41gult7prhynq-b2eb8mgaopafds728-...
mrhacker.co/wp-content/uploads/2021/09/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mrhacker.co/wp-content/uploads/2021/09/avvxsehj3jtrkafkdnjbg2csejo9eeak4phcpuwsoyc1yc8-mrtn2fwdq14kymz4eitvva_tkoaz34d7gfz2lsnkabvwbyp1ibkyzkxfdmhgnjma1tsd6gffl2dmmgx3veyi5n3wlrhvqgummzgn7ybisqqbhlt_xetcq41gult7prhynq-b2eb8mgaopafds728-e10.jpeg
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
785098daf6dcf871b7ad4186aba3b8fdc8904e650dc8db4844733fad8e7ceb00

Request headers

:path
/wp-content/uploads/2021/09/avvxsehj3jtrkafkdnjbg2csejo9eeak4phcpuwsoyc1yc8-mrtn2fwdq14kymz4eitvva_tkoaz34d7gfz2lsnkabvwbyp1ibkyzkxfdmhgnjma1tsd6gffl2dmmgx3veyi5n3wlrhvqgummzgn7ybisqqbhlt_xetcq41gult7prhynq-b2eb8mgaopafds728-e10.jpeg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
mrhacker.co
referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
33571
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
11260
last-modified
Tue, 28 Sep 2021 19:59:03 GMT
server
cloudflare
etag
"61537407-2bfc"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wLFH29yLrn5auwoATgv9x0BVczyk7e2f1QT2772Pjw9BxvDEiat%2Bkzksq6fbKLsx6CYRY2jVT8lQfCdLnP%2FjsqUzqJsyxAVFE9dcFLOmafkfzMpoxKxgPUfczjhdHg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges
bytes
cf-ray
6962cfee5e9a32b9-CDG
expires
Thu, 28 Oct 2021 20:09:39 GMT
gaming-malware-1.jpg
mrhacker.co/wp-content/uploads/2021/09/ 		39 KB
39 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mrhacker.co/wp-content/uploads/2021/09/gaming-malware-1.jpg
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c28017db0580858fe7b0e2bdb0518979c2c1aa6348f128f42abb16730e293352

Request headers

:path
/wp-content/uploads/2021/09/gaming-malware-1.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
mrhacker.co
referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
33571
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
39605
last-modified
Tue, 28 Sep 2021 19:59:06 GMT
server
cloudflare
etag
"6153740a-9ab5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jbgTPFpgV0VYAcvYXw5E2qq15VjgMgrDmcCbZzGiNVVr65kL1UzMZRpDbo8e3lHwthAkCQr9ZcR6GGNRPmtf14Sjjno3joPRIyJPrj8ak9xOX300P2NeqWEort9N6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges
bytes
cf-ray
6962cfee5e9e32b9-CDG
expires
Thu, 28 Oct 2021 20:09:39 GMT
hacker-3.jpg
mrhacker.co/wp-content/uploads/2021/09/ 		26 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mrhacker.co/wp-content/uploads/2021/09/hacker-3.jpg
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
58a44d6c770507ec46d86726935ddc8e38cc5770464e9b1eb6246682fd6e5504

Request headers

:path
/wp-content/uploads/2021/09/hacker-3.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
mrhacker.co
referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
33571
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
26198
last-modified
Tue, 28 Sep 2021 19:59:07 GMT
server
cloudflare
etag
"6153740b-6656"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C8Rlks5iHML1GluwO025e%2BpyYy%2FJdgCJOkx7pVqFZCAYapeoph%2B3U0Swwn6uW9aRMe4b2RQwxxXy2xqVFvhqDp%2BipsoV%2FtA7coJF5QHFcGOq1yndE07r1PDRD2BAkg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges
bytes
cf-ray
6962cfee5e9f32b9-CDG
expires
Thu, 28 Oct 2021 20:09:39 GMT
email-decode.min.js
mrhacker.co/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mrhacker.co/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

:path
/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
mrhacker.co
referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 21 Sep 2021 15:51:34 GMT
server
cloudflare
etag
W/"6149ff86-4d7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AxmcTKw35Mb5nS08Y1TsSQgXKkFCtefol4M%2B4eF477uwDK4srkoW3%2BSh7e8mCU%2FZykMpWbBg1oW6favVU327sZr866Sp8lODdBhAmgrsRbV3uDDPp3zYAxFY0ilj%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=172800 public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6962cfee5ea032b9-CDG
vary
Accept-Encoding
expires
Fri, 01 Oct 2021 05:29:10 GMT
android-malware.gif
mrhacker.co/wp-content/uploads/2021/09/ 		429 KB
430 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mrhacker.co/wp-content/uploads/2021/09/android-malware.gif
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
09b81fcb452174dc5423a2e2e6e86beae84ae77aa084dae62b15441bd2e6cc9f

Request headers

:path
/wp-content/uploads/2021/09/android-malware.gif
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
mrhacker.co
referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
33571
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
439047
last-modified
Tue, 28 Sep 2021 19:59:11 GMT
server
cloudflare
etag
"6153740f-6b307"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=THxzdrtyDYL%2FMt0ayevkroHhc5Jjkqc%2BzAuL0sGvGWYmfVXBv4lashQVwftEs%2BUQWQ8whK7Lf9q%2FOrFBLaYBmOBN%2FwXZFq6ntJS67O9vYp8A9jkp9Y5zuSfMpTuxFA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges
bytes
cf-ray
6962cfee5ea232b9-CDG
expires
Thu, 28 Oct 2021 20:09:39 GMT
logo.png
mrhacker.co/wp-content/uploads/2019/08/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mrhacker.co/wp-content/uploads/2019/08/logo.png
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
090b57d2ba8067994e94dadb6fea5c934c4bd4c38f516c9e7fc29dd8387d5d88

Request headers

:path
/wp-content/uploads/2019/08/logo.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
mrhacker.co
referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
409532
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
11497
last-modified
Wed, 07 Aug 2019 10:33:00 GMT
server
cloudflare
etag
"5d4aa8dc-2ce9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=exjsbWkpdfRG%2FXeEa%2BVB2zobub%2BJbijVxcFY%2F1n21T2tlqTJbdp5RoSF%2FtgaO1RDl54e%2F2D2iaLMHttaC4DqUc212SzitNwhowWlXUI93D68sjnvtFg%2BqulHBuCgpA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges
bytes
cf-ray
6962cfee6ea332b9-CDG
expires
Sun, 24 Oct 2021 11:43:38 GMT
comment-reply.min.js
mrhacker.co/wp-includes/js/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mrhacker.co/wp-includes/js/comment-reply.min.js
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
73eb139b1371aed55b1dce74b7258f2d90991c5294d69fce852c3eed1af40068

Request headers

:path
/wp-includes/js/comment-reply.min.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
mrhacker.co
referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1008560
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Sun, 17 Nov 2019 06:06:56 GMT
server
cloudflare
etag
W/"5dd0e380-951"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mEcdcIhfr6I5EUPovrDi%2FegV9Ubp0ordEsifIxRwwYQH0CQyH3f%2BLpbgVL0MLmYcy2O7sND1Lsyl6kg7L2wOTGf9zSDxAeCpS6zK99H%2FQGrjMgh%2FNEdVXlJVlAd8cg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray
6962cfee6ea532b9-CDG
expires
Sun, 17 Oct 2021 13:19:50 GMT
ResizeSensor-ecc12cc90589bfd74207df1410e6a1f1.js
mrhacker.co/wp-content/cache/min/1/wp-content/plugins/theia-sticky-sidebar/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mrhacker.co/wp-content/cache/min/1/wp-content/plugins/theia-sticky-sidebar/js/ResizeSensor-ecc12cc90589bfd74207df1410e6a1f1.js
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f2aa607667861849c6c11cb3fd8737b2a26f2d4fc6fb902475f9f3c01e216192

Request headers

:path
/wp-content/cache/min/1/wp-content/plugins/theia-sticky-sidebar/js/ResizeSensor-ecc12cc90589bfd74207df1410e6a1f1.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
mrhacker.co
referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1262775
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 30 Jun 2021 09:06:24 GMT
server
cloudflare
etag
W/"60dc3410-ca4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p7fdDOAuQn%2BaIbon3J3R3OPfrZdW4gtw%2BOYelE2ZKfBnMjqYLu9N5%2FRDlAJZ5jabD1LoMINbwogJ1sVhLH%2FNUfJvi4a%2BbxD3cx9DJAkfSV9n36L8hK5FI0ktOF5Nug%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray
6962cfee6ea732b9-CDG
expires
Thu, 14 Oct 2021 14:42:55 GMT
theia-sticky-sidebar-fa3c1f41276120634b0a3cce81e19a81.js
mrhacker.co/wp-content/cache/min/1/wp-content/plugins/theia-sticky-sidebar/js/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mrhacker.co/wp-content/cache/min/1/wp-content/plugins/theia-sticky-sidebar/js/theia-sticky-sidebar-fa3c1f41276120634b0a3cce81e19a81.js
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b4701a02867fc115537d39c50cdf7ddafebe452b157396081da80b222a6a679e

Request headers

:path
/wp-content/cache/min/1/wp-content/plugins/theia-sticky-sidebar/js/theia-sticky-sidebar-fa3c1f41276120634b0a3cce81e19a81.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
mrhacker.co
referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1008559
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 30 Jun 2021 09:06:24 GMT
server
cloudflare
etag
W/"60dc3410-1b85"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ysbqkoahDwo%2B0RbOiUJ6IvdH5lN4x3ZeagxXuOFetGNBgYoJgs368PAnO0%2F%2BnCTZpfYqXoCZM29x7aN%2B6IO4HNs15b37xyZK8C8wQ6uA%2FoA6L5FzGHodhyckZ%2B%2F%2BzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray
6962cfee6ea932b9-CDG
expires
Sun, 17 Oct 2021 13:19:51 GMT
main-6842e80d952f15048bc3fdd12315aa1c.js
mrhacker.co/wp-content/cache/min/1/wp-content/plugins/theia-sticky-sidebar/js/ 		337 B
786 B 		Script
General
Check archive.org
Download Go to
Full URL
https://mrhacker.co/wp-content/cache/min/1/wp-content/plugins/theia-sticky-sidebar/js/main-6842e80d952f15048bc3fdd12315aa1c.js
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0596f95d0cbe3e4d4348337b6e375fc7c425fe3e1036467ea68695d4944ac9de

Request headers

:path
/wp-content/cache/min/1/wp-content/plugins/theia-sticky-sidebar/js/main-6842e80d952f15048bc3fdd12315aa1c.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
mrhacker.co
referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
61723
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 30 Jun 2021 09:06:24 GMT
server
cloudflare
etag
W/"60dc3410-151"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5izVuK%2BwFKPrXDY%2BpzUOHcezfttM2eSMgltgzUZDpf1Rss5EBIAG7dyEy44U8Kq4EdWx4humGlU2B8zlWhXJuSBK5vmgRqfuwCEuuGihRvT7DGEaKPW%2FacqP2mcf9w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray
6962cfee6eaa32b9-CDG
expires
Thu, 28 Oct 2021 12:20:27 GMT
idle-timer.min-1.4.12.js
mrhacker.co/wp-content/cache/busting/1/wp-content/plugins/monarch/js/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mrhacker.co/wp-content/cache/busting/1/wp-content/plugins/monarch/js/idle-timer.min-1.4.12.js
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
92c35f839d90ea55730d05ce3ea859cb598cd85eb20be3ed55621bb8baa3aa36

Request headers

:path
/wp-content/cache/busting/1/wp-content/plugins/monarch/js/idle-timer.min-1.4.12.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
mrhacker.co
referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
252978
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 30 Jun 2021 09:06:24 GMT
server
cloudflare
etag
W/"60dc3410-9d6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cP9qM7fDoxhM29ElRjEECPUKWeoXEP3pYpA3snnFUY0xUK7A8GJJHew9E50MKfJ8zBlatvpl6%2BVxuKiYeqqqWtHLkprUGQAKovYfbHzZCoAC9QYJeizkO6RYpPxwkA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray
6962cfee6eac32b9-CDG
expires
Tue, 26 Oct 2021 07:12:52 GMT
custom-97eb0dd7a0e325463c04aa47db7c080f.js
mrhacker.co/wp-content/cache/min/1/wp-content/plugins/monarch/js/ 		20 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mrhacker.co/wp-content/cache/min/1/wp-content/plugins/monarch/js/custom-97eb0dd7a0e325463c04aa47db7c080f.js
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e0455b3df679d8214817d3c23170c0315d5659e8274e6dc718cf459024279e8

Request headers

:path
/wp-content/cache/min/1/wp-content/plugins/monarch/js/custom-97eb0dd7a0e325463c04aa47db7c080f.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
mrhacker.co
referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
403316
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 30 Jun 2021 09:06:24 GMT
server
cloudflare
etag
W/"60dc3410-4e6b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hAKke4ExIuIX9RyHQEMwfPjTk2pZsaaBp7btK5J4zjvkkET98bBFFUOMe7YaH7cHF8XVJoulMBXuo1E%2Bk3PpyOjijSRELg80bmHLmRpUZOGD7SQFMlHkZt6a3Sqt7w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray
6962cfee6ead32b9-CDG
expires
Sun, 24 Oct 2021 13:27:14 GMT
scripts-8b21c64d05cc417a0ce9e17e41b0dfcb.js
mrhacker.co/wp-content/cache/min/1/wp-content/themes/flex-mag/js/ 		100 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mrhacker.co/wp-content/cache/min/1/wp-content/themes/flex-mag/js/scripts-8b21c64d05cc417a0ce9e17e41b0dfcb.js
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
63bda5233506a33c226e040ba3cacc8626427d71352fe910e8095545aa40122e

Request headers

:path
/wp-content/cache/min/1/wp-content/themes/flex-mag/js/scripts-8b21c64d05cc417a0ce9e17e41b0dfcb.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
mrhacker.co
referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
61723
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 30 Jun 2021 09:06:24 GMT
server
cloudflare
etag
W/"60dc3410-190bb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RAEPIbWaCi2LMf7B%2FCRZPNU6zjDJaCdBO0tzCkBWfcnqzAX4jj1GtxRH0twE%2BLOwZQ9UOlZR57Kjh4rCVSOh3%2FvkVDsecvr8bttmGxzSFXzOS6VAcB4IB0lGIzjuZw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray
6962cfee6eae32b9-CDG
expires
Thu, 28 Oct 2021 12:20:27 GMT
jquery.infinitescroll.min.js
mrhacker.co/wp-content/themes/flex-mag/js/ 		21 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mrhacker.co/wp-content/themes/flex-mag/js/jquery.infinitescroll.min.js
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
002d4e61d6efae0d93d62d4c12576e427302f32361e675aaffa3691ecd9ae17d

Request headers

:path
/wp-content/themes/flex-mag/js/jquery.infinitescroll.min.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
mrhacker.co
referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1262775
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Fri, 26 Jul 2019 10:36:36 GMT
server
cloudflare
etag
W/"5d3ad7b4-54c9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PXAkAh4gG8jgTNFBghbh0PWLa3ejBnyHE3bKe5fhsa0Dzm78Zl7WDEbyB40P6I7rtsPJNBUkM8uJsfKfE%2BznqOAosWuXRLjkEHhvfcUFS3q%2FKyetd8JjUv%2Bbw4hijA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray
6962cfee6eb032b9-CDG
expires
Thu, 14 Oct 2021 14:42:55 GMT
retina-4f1ec5d4c5bfa0549a4360c6fe9aa64a.js
mrhacker.co/wp-content/cache/min/1/wp-content/themes/flex-mag/js/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mrhacker.co/wp-content/cache/min/1/wp-content/themes/flex-mag/js/retina-4f1ec5d4c5bfa0549a4360c6fe9aa64a.js
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
49f6a8a3f828ce6e2eeb58b3471946284256d4d9dc5c1a8bbeeb88d9b955e871

Request headers

:path
/wp-content/cache/min/1/wp-content/themes/flex-mag/js/retina-4f1ec5d4c5bfa0549a4360c6fe9aa64a.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
mrhacker.co
referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
61723
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 30 Jun 2021 09:06:24 GMT
server
cloudflare
etag
W/"60dc3410-9db"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zof83bF4iskbiFZV5aiUW%2FruhKx27cbtNYV2zpilqS7sWTtK99FMqS4Te%2Bw5EGLd2CtGv3awsSbAhGtNVM8MFQg3XTxVG4WJQCkPNPGSHqx%2F4S3AzpbyGXbnEo2g0A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray
6962cfee6eb232b9-CDG
expires
Thu, 28 Oct 2021 12:20:27 GMT
jquery.fancybox.min-1.3.24.js
mrhacker.co/wp-content/cache/busting/1/wp-content/plugins/easy-fancybox/js/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mrhacker.co/wp-content/cache/busting/1/wp-content/plugins/easy-fancybox/js/jquery.fancybox.min-1.3.24.js
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
948f0c154ad97428bc1d1dee456f2e20ec4e0e302b0d3189e08a4573cb63cdb3

Request headers

:path
/wp-content/cache/busting/1/wp-content/plugins/easy-fancybox/js/jquery.fancybox.min-1.3.24.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
mrhacker.co
referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1008559
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 30 Jun 2021 09:06:24 GMT
server
cloudflare
etag
W/"60dc3410-4d4f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PWuF%2BpHUq5QkeMJ71Kr7R5R%2F7eAb803ZrxB0nd218dTrNyJdZB%2FFbDxngz4tm6ZgjGYy3Pat8hyWR8gOFXuNFVd0Dwa%2BijQckHFdORog%2BOCKV0HmRc7jZstFbINwHw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray
6962cfee6eb432b9-CDG
expires
Sun, 17 Oct 2021 13:19:51 GMT
jquery.easing.min-1.4.1.js
mrhacker.co/wp-content/cache/busting/1/wp-content/plugins/easy-fancybox/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mrhacker.co/wp-content/cache/busting/1/wp-content/plugins/easy-fancybox/js/jquery.easing.min-1.4.1.js
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ec98adf593ebcc01bec60b1f494dacd47522abfef9038a714101d83f45e165d

Request headers

:path
/wp-content/cache/busting/1/wp-content/plugins/easy-fancybox/js/jquery.easing.min-1.4.1.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
mrhacker.co
referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1426185
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 30 Jun 2021 09:06:24 GMT
server
cloudflare
etag
W/"60dc3410-8fe"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=14hFxJC%2FqeoZoCtZQD%2BwDGvK%2FaENHqQDpyHsylGGb47%2FkcpsQjRVeRjE0iSFzI5Hh8ZeCM9mtv5bFOJ4VWBbROfwdQ6ENNOd6lGQsY%2FcQ0kFSiGaBO7OAb7L%2BJNYgA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray
6962cfee6eb532b9-CDG
expires
Tue, 12 Oct 2021 17:19:25 GMT
jquery.mousewheel.min-3.1.13.js
mrhacker.co/wp-content/cache/busting/1/wp-content/plugins/easy-fancybox/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mrhacker.co/wp-content/cache/busting/1/wp-content/plugins/easy-fancybox/js/jquery.mousewheel.min-3.1.13.js
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd9bfe5f04d4e393463f42b4f503763c36693306dffef16d481e0c071b61ae64

Request headers

:path
/wp-content/cache/busting/1/wp-content/plugins/easy-fancybox/js/jquery.mousewheel.min-3.1.13.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
mrhacker.co
referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1262775
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 30 Jun 2021 09:06:24 GMT
server
cloudflare
etag
W/"60dc3410-a31"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=glevrjnGV3meO22sr6cpxmJukNhN7URHg6HHJ02Tc1dQDPj6ddz%2FQ8ZLvXRmo5UqieRa20FTdVvsBHBs3Z7hEAouOK0fq3CD5LGfctgcx4pVMyOJZ3pQHJklwFAtAg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray
6962cfee6eb632b9-CDG
expires
Thu, 14 Oct 2021 14:42:55 GMT
common-9a8bccb330fdedc9594a15a3a1c7aba4.js
mrhacker.co/wp-content/cache/min/1/wp-content/plugins/monarch/core/admin/js/ 		906 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mrhacker.co/wp-content/cache/min/1/wp-content/plugins/monarch/core/admin/js/common-9a8bccb330fdedc9594a15a3a1c7aba4.js
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
04fb342b42c3c65375bbb55a2271d16fc76159c0246a310baa25ba86f956e139

Request headers

:path
/wp-content/cache/min/1/wp-content/plugins/monarch/core/admin/js/common-9a8bccb330fdedc9594a15a3a1c7aba4.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
mrhacker.co
referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
61723
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 30 Jun 2021 09:06:24 GMT
server
cloudflare
etag
W/"60dc3410-38a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=thzJdxDP3BfG5sEcoGIaqYYZKZvysqrEtlQW5XbBceqy476La%2BsXfKATqNmRocl9PmV%2BM6pSQCo2or0FSDrwgNQCVev1P1V8hxe9%2F%2BbuMqIasD8ONR0D5G5MjBXPaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray
6962cfee6eb732b9-CDG
expires
Thu, 28 Oct 2021 12:20:27 GMT
script.min-3.2.18.js
mrhacker.co/wp-content/cache/busting/1/wp-content/plugins/boxzilla/assets/js/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mrhacker.co/wp-content/cache/busting/1/wp-content/plugins/boxzilla/assets/js/script.min-3.2.18.js
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
52415b65b808c23ba1578c46b4b397fdaa4f979c8ae04dc1bd2b9cd96d4230fb

Request headers

:path
/wp-content/cache/busting/1/wp-content/plugins/boxzilla/assets/js/script.min-3.2.18.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
mrhacker.co
referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1426185
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 30 Jun 2021 09:06:24 GMT
server
cloudflare
etag
W/"60dc3410-4677"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=80yG6LHzBQUdUymvYSn4QXTYrFeNxhzKxTxoovpmlGALZXCpWawFCqWimFvJPnbw%2FdTN%2BTLszwNm6%2FEGcnAppmj36FnfuUklhAqFBhr%2FpjUx60uFo9w3nlrcI%2BFazA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray
6962cfee6eb832b9-CDG
expires
Tue, 12 Oct 2021 17:19:25 GMT
embed.js
mrhackerco.disqus.com/ 		75 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mrhackerco.disqus.com/embed.js?ver=5.3.1
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
039a1b099485ec8984e9a10a5f26fa3849b13c483575ab4d2e55639c39cb1c98
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 29 Sep 2021 05:29:10 GMT
Content-Encoding
gzip
Server
openresty
Age
0
Vary
Accept-Encoding
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Cache-Control
private, max-age=60
X-Service
router
Strict-Transport-Security
max-age=300; includeSubdomains
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length
24737
network.js
adsxyz.com/sponsors/network/ 		827 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://adsxyz.com/sponsors/network/network.js
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.198.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c5b8a61b7114f9131b2c26131527d5ea955e8fc57c3989b92f7ab781473db139

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
35791
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Fri, 24 Jan 2020 05:18:04 GMT
server
cloudflare
etag
W/"5e2a7e0c-33b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7fLqm9S9hiyTt5JC0K%2FW2Uw2yaPEPesv2ssXanM1YZ2z%2BtvU9fnAvkMgvrLr6Y%2FpEZ5Z1%2BYPHRerzmtIaWex7%2FRbaMbJyOt3xLmTDrVqg%2F%2F9THnvkm0Eiyq%2Fnj6j"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray
6962cfeebf2d3a0b-CDG
expires
Thu, 28 Oct 2021 19:32:39 GMT
1313461
ad.a-ads.com/ Frame 4701 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.a-ads.com/1313461?size=200x200
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
78.46.174.169 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.169.174.46.78.clients.your-server.de
Software
nginx/1.18.0 (Ubuntu) / Phusion Passenger(R)
Resource Hash
9edb993f362fcd878c310594fcc08f4271d8ac16469829db3eda62b5e551ce09
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
ad.a-ads.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://mrhacker.co/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/

Response headers

Server
nginx/1.18.0 (Ubuntu)
Date
Wed, 29 Sep 2021 05:29:10 GMT
Content-Type
text/html;charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding Accept-Encoding
Status
200 OK
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Powered-By
Phusion Passenger(R)
X-Original-Referer
https://mrhacker.co/
Content-Encoding
gzip
show_ads_impl_with_ama_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109220101/ 		255 KB
94 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109220101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7952463575870072&plah=mrhacker.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
3ad0ec366281df6e9aeb1a76d38edbf62c2d76dc0acfff428755b085c8d1ebb6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
96614
x-xss-protection
0
server
cafe
etag
11187776091410035689
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Wed, 29 Sep 2021 05:29:10 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20210922/r20190131/ Frame 1EEC 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20210922/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
751dcf9dcab28e7704b6c2b25d6288581f8a45af878fd628135cec03d8112eed
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20210922/r20190131/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://mrhacker.co/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Wed, 29 Sep 2021 05:09:11 GMT
expires
Wed, 13 Oct 2021 05:09:11 GMT
content-type
text/html; charset=UTF-8
etag
14847953055219580247
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4613
x-xss-protection
0
age
1199
cache-control
public, max-age=1209600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
1313467
ad.a-ads.com/ Frame 044D 		7 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.a-ads.com/1313467?size=120x600
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
78.46.174.169 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.169.174.46.78.clients.your-server.de
Software
nginx/1.18.0 (Ubuntu) / Phusion Passenger(R)
Resource Hash
dd724a5daced2d1de5aab5f9707d9c47ac4cebb4a14d437a169d0c51e8b50b66
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
ad.a-ads.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://mrhacker.co/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/

Response headers

Server
nginx/1.18.0 (Ubuntu)
Date
Wed, 29 Sep 2021 05:29:10 GMT
Content-Type
text/html;charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding Accept-Encoding
Status
200 OK
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Powered-By
Phusion Passenger(R)
X-Original-Referer
https://mrhacker.co/
Content-Encoding
gzip
1313467
ad.a-ads.com/ Frame D7CB 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.a-ads.com/1313467?size=120x600
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
78.46.174.169 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.169.174.46.78.clients.your-server.de
Software
nginx/1.18.0 (Ubuntu) / Phusion Passenger(R)
Resource Hash
28e4bf97c04dd85f54eec28480e7ef6264e5d6a39354ca662e795f244e910405
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
ad.a-ads.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://mrhacker.co/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/

Response headers

Server
nginx/1.18.0 (Ubuntu)
Date
Wed, 29 Sep 2021 05:29:10 GMT
Content-Type
text/html;charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding Accept-Encoding
Status
200 OK
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Powered-By
Phusion Passenger(R)
X-Original-Referer
https://mrhacker.co/
Content-Encoding
gzip
index.html
adsxyz.com/sponsors/linkxyz/ Frame 57B0 		4 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://adsxyz.com/sponsors/linkxyz/index.html
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.198.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
00495464ebf2e7d11845a11f8bf98fd71cbd8e26ceb6889c90fafaba1becfdeb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
adsxyz.com
:scheme
https
:path
/sponsors/linkxyz/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://mrhacker.co/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-type
text/html
last-modified
Sun, 26 Sep 2021 07:10:13 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000
x-frame-options
ALLOWALL
x-content-type-options
nosniff
x-xss-protection
1; mode=block
cache-control
max-age=86400
cf-cache-status
HIT
age
39349
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zg2yWqs0P7U2Q%2F5JCSGxKRA2dkyO%2BYyC1jAvMDEaaRiP2JnEauMvvnBEhVtkD1TAtTQfossKGlJyt%2FcNyH4nk%2B%2FDDp6fLnXHS45NThahLmZQnFVVJqA2bAZGvOIh"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6962cfef0fbc0810-CDG
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
1313466
ad.a-ads.com/ Frame 4EAB 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.a-ads.com/1313466?size=990x90
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
78.46.174.169 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.169.174.46.78.clients.your-server.de
Software
nginx/1.18.0 (Ubuntu) / Phusion Passenger(R)
Resource Hash
aac4761a5930acedec45aad4271f9a03ea52052d2450a3d23c73c4ee7d21db91
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
ad.a-ads.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://mrhacker.co/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/

Response headers

Server
nginx/1.18.0 (Ubuntu)
Date
Wed, 29 Sep 2021 05:29:10 GMT
Content-Type
text/html;charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding Accept-Encoding
Status
200 OK
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Powered-By
Phusion Passenger(R)
X-Original-Referer
https://mrhacker.co/
Content-Encoding
gzip
1313463
ad.a-ads.com/ Frame 8E6C 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.a-ads.com/1313463?size=320x50
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
78.46.174.169 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.169.174.46.78.clients.your-server.de
Software
nginx/1.18.0 (Ubuntu) / Phusion Passenger(R)
Resource Hash
b050ef5971f31e140596e6d9e064ce65dfe5135918de2c682228f725f9ae4f2a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
ad.a-ads.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://mrhacker.co/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/

Response headers

Server
nginx/1.18.0 (Ubuntu)
Date
Wed, 29 Sep 2021 05:29:10 GMT
Content-Type
text/html;charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding Accept-Encoding
Status
200 OK
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Powered-By
Phusion Passenger(R)
X-Original-Referer
https://mrhacker.co/
Content-Encoding
gzip
1313465
ad.a-ads.com/ Frame 1AA9 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.a-ads.com/1313465?size=728x90
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
78.46.174.169 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.169.174.46.78.clients.your-server.de
Software
nginx/1.18.0 (Ubuntu) / Phusion Passenger(R)
Resource Hash
a96cd324242c853ce619d31a10cdab2bf7e04c4cfc26ce357a1f8e6839a77576
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
ad.a-ads.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://mrhacker.co/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/

Response headers

Server
nginx/1.18.0 (Ubuntu)
Date
Wed, 29 Sep 2021 05:29:10 GMT
Content-Type
text/html;charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding Accept-Encoding
Status
200 OK
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Powered-By
Phusion Passenger(R)
X-Original-Referer
https://mrhacker.co/
Content-Encoding
gzip
1313462
ad.a-ads.com/ Frame 2208 		0
128 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.a-ads.com/1313462?size=300x250
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
78.46.174.169 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.169.174.46.78.clients.your-server.de
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Host
ad.a-ads.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://mrhacker.co/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/

Response headers

Server
nginx/1.18.0 (Ubuntu)
Date
Wed, 29 Sep 2021 05:29:10 GMT
Content-Length
0
Connection
keep-alive
monarch.ttf
mrhacker.co/wp-content/plugins/monarch/css/fonts/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://mrhacker.co/wp-content/plugins/monarch/css/fonts/monarch.ttf
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/wp-content/cache/min/1/wp-content/plugins/monarch/css/style-6359d5b39ae2d90c6a3abbc02d07e794.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8c102baea959329be23bb8a5d6bc268ce1668484995f0d23c2f88b46d7653c4f

Request headers

:path
/wp-content/plugins/monarch/css/fonts/monarch.ttf
pragma
no-cache
origin
https://mrhacker.co
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
font
:authority
mrhacker.co
referer
https://mrhacker.co/wp-content/cache/min/1/wp-content/plugins/monarch/css/style-6359d5b39ae2d90c6a3abbc02d07e794.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://mrhacker.co/wp-content/cache/min/1/wp-content/plugins/monarch/css/style-6359d5b39ae2d90c6a3abbc02d07e794.css
Origin
https://mrhacker.co
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1206489
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
15096
last-modified
Thu, 05 Sep 2019 11:01:00 GMT
server
cloudflare
etag
"5d70eaec-3af8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hwNKWuwX8uUxiN6IE%2Fdtw2RmJ29m1HWpi7j%2FQPtyk65kc8ZX4S5neHWJWrfAT1Lq1wq5UeCMyFDWXEM%2FKdc%2FXRQifZwW4qZ1lpSfDY5U8JlwNGYZEeCyk9F1HISkvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
accept-ranges
bytes
cf-ray
6962cfeeef1e32b9-CDG
expires
Fri, 15 Oct 2021 06:21:01 GMT
S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v20/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v20/S6uyw4BMUTPHjx4wXg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open%20Sans%3A400%2C700%7COswald%3A400%2C700%7CLato%3A400%2C700%7CWork%20Sans%3A900%7CMontserrat%3A400%2C700%7COpen%20Sans%3A800%7CPlayfair%20Display%3A400%2C700%2C900%7CQuicksand%7CRaleway%3A200%2C400%2C700%7CRoboto%20Slab%3A400%2C700%7COpen%20Sans%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%7COpen%20Sans%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%7COpen%20Sans%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%7COpen%20Sans%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%7COpen%20Sans%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%26amp%3Bsubset%3Dlatin%2Clatin-ext%2Ccyrillic%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Cvietnamese&subset=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f3.1e100.net
Software
sffe /
Resource Hash
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://mrhacker.co
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 26 Sep 2021 06:39:46 GMT
x-content-type-options
nosniff
age
254964
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23484
x-xss-protection
0
last-modified
Tue, 10 Aug 2021 00:19:01 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 26 Sep 2022 06:39:46 GMT
728x90
static.a-ads.com/a-ads-banners/104028/ Frame CC51 		674 KB
675 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.a-ads.com/a-ads-banners/104028/728x90?region=eu-central-1
Requested by
Host: ad.a-ads.com
URL: https://ad.a-ads.com/1313465?size=728x90
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
78.46.174.169 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.169.174.46.78.clients.your-server.de
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
951036f01a969b7b181d7952ee802c9ab4989a447b171dabf959934e9814118a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ad.a-ads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 29 Sep 2021 05:29:10 GMT
Last-Modified
Sun, 29 Dec 2019 17:09:03 GMT
Server
nginx/1.18.0 (Ubuntu)
x-amz-request-id
BS40FE59BQRSRDET
ETag
"74ffa6390dd104c5c534c4f2f266f4d3"
Content-Type
image/gif
Cache-Control
max-age=315360000
Content-Length
690629
Connection
keep-alive
Accept-Ranges
bytes
x-amz-version-id
3TC98TKnrka7oOabxFNTsHEKH4LZcc9h
x-amz-id-2
zhPuQnYLqaL886sJhyBMxJr3K4t3IBVixDjMmOxCfFfbyi2/EHI1uDsGFh1HP0xog8p2hfcDPLs=
Expires
Thu, 31 Dec 2037 23:55:55 GMT
truncated
/ Frame CC51 		305 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
95347f5a02237a0ff92fc87be7ad78f0fb44eebc125ffb61edc17da98a6d23d7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 4701 		305 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
95347f5a02237a0ff92fc87be7ad78f0fb44eebc125ffb61edc17da98a6d23d7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
analytics.js
www.google-analytics.com/ 		48 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-146590598-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 11 Aug 2021 00:32:57 GMT
server
Golfe2
age
2230
date
Wed, 29 Sep 2021 04:52:00 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19747
expires
Wed, 29 Sep 2021 06:52:00 GMT
cookie.js
partner.googleadservices.com/gampad/ 		201 B
657 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=mrhacker.co&callback=_gfp_s_&client=ca-pub-7952463575870072
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109220101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7952463575870072&plah=mrhacker.co
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
cafe /
Resource Hash
8a9ce7cd5160431f151052553126cc3cfac8ab340119f462451e6667c33daa18
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
192
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ 		107 B
853 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=mrhacker.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109220101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7952463575870072&plah=mrhacker.co
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
570 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=mrhacker.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109220101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7952463575870072&plah=mrhacker.co
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame D93E 		603 B
68 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7952463575870072&output=html&adk=1812271804&adf=3025194257&lmt=1632859408&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1632893350153&bpp=3&bdt=173&idt=219&shv=r20210922&mjsv=m202109220101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5239816377844&frm=20&pv=2&ga_vid=696830200.1632893350&ga_sid=1632893350&ga_hid=467676632&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750345%2C31062422&oid=3&pvsid=1607268127619954&pem=818&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=238
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109220101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7952463575870072&plah=mrhacker.co
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-7952463575870072&output=html&adk=1812271804&adf=3025194257&lmt=1632859408&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1632893350153&bpp=3&bdt=173&idt=219&shv=r20210922&mjsv=m202109220101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5239816377844&frm=20&pv=2&ga_vid=696830200.1632893350&ga_sid=1632893350&ga_hid=467676632&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44750345%2C31062422&oid=3&pvsid=1607268127619954&pem=818&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=238
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://mrhacker.co/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 29 Sep 2021 05:29:10 GMT
server
cafe
content-length
46
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Wed, 29-Sep-2021 05:44:10 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 29 Sep 2021 05:29:10 GMT
cache-control
private
osd.js
www.googletagservices.com/activeview/js/current/ 		72 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109220101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7952463575870072&plah=mrhacker.co
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
sffe /
Resource Hash
e5668ad294690c0def710438c8462f2eb7ece9e8ef4b7ab53cb93a45d1f8cd7c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27596
x-xss-protection
0
server
sffe
etag
"1632742284803949"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="active-view-scs-read-write-acl"
expires
Wed, 29 Sep 2021 05:29:10 GMT
truncated
/ Frame 044D 		305 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
95347f5a02237a0ff92fc87be7ad78f0fb44eebc125ffb61edc17da98a6d23d7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
lounge.f586f6de31a54517b5af7f019af2ba8d.css
c.disquscdn.com/next/embed/styles/ 		0
26 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/styles/lounge.f586f6de31a54517b5af7f019af2ba8d.css
Requested by
Host: mrhackerco.disqus.com
URL: https://mrhackerco.disqus.com/embed.js?ver=5.3.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-83.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 19:47:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
553283
x-edge-origin-shield-skipped
0
x-cache
Hit from cloudfront
content-length
25977
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Wed, 22 Sep 2021 19:30:27 GMT
server
nginx
etag
"614b8453-6579"
content-type
text/css; charset=utf-8
via
1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront)
expires
Thu, 22 Sep 2022 19:47:46 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
gwgfk8VchNAzKR8aGpS5cKCbvtgU5e92JD-PoXShO2vVjjgPN7j5nA==
x-cache-hits
0
common.bundle.a0ed109e21af94c55c513d7580d5773c.js
c.disquscdn.com/next/embed/ 		0
93 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/common.bundle.a0ed109e21af94c55c513d7580d5773c.js
Requested by
Host: mrhackerco.disqus.com
URL: https://mrhackerco.disqus.com/embed.js?ver=5.3.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-83.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 19:47:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
553283
x-edge-origin-shield-skipped
0
x-cache
Hit from cloudfront
content-length
94787
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Wed, 22 Sep 2021 19:30:27 GMT
server
nginx
etag
"614b8453-17243"
content-type
application/javascript; charset=utf-8
via
1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront)
expires
Thu, 22 Sep 2022 19:47:46 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
rbD4gB1ZCEWy8pyp17LQDvpSp0-0wVbnn32UkpF5gB-Qw7bc-7B9uw==
x-cache-hits
0
lounge.bundle.96662f29a1f56adcd7ebcd257a3eed8e.js
c.disquscdn.com/next/embed/ 		0
119 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/lounge.bundle.96662f29a1f56adcd7ebcd257a3eed8e.js
Requested by
Host: mrhackerco.disqus.com
URL: https://mrhackerco.disqus.com/embed.js?ver=5.3.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-83.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 19:47:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
553282
x-edge-origin-shield-skipped
0
x-cache
Hit from cloudfront
content-length
120691
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Wed, 22 Sep 2021 19:30:27 GMT
server
nginx
etag
"614b8453-1d773"
content-type
application/javascript; charset=utf-8
via
1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront)
expires
Thu, 22 Sep 2022 19:47:47 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
2Ob9jdn1WGIAeySMYPiajQU_N_B1BAEvwMjN7O8v_KC09KPd6VRh5Q==
x-cache-hits
0
config.js
disqus.com/next/ 		0
12 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://disqus.com/next/config.js
Requested by
Host: mrhackerco.disqus.com
URL: https://mrhackerco.disqus.com/embed.js?ver=5.3.1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 29 Sep 2021 05:29:10 GMT
X-Content-Type-Options
nosniff
Content-Type
application/javascript; charset=UTF-8
Server
nginx
Age
19
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin
*
Cache-Control
public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
12058
X-XSS-Protection
1; mode=block
recommendations.js
mrhackerco.disqus.com/ 		62 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mrhackerco.disqus.com/recommendations.js
Requested by
Host: mrhackerco.disqus.com
URL: https://mrhackerco.disqus.com/embed.js?ver=5.3.1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
4d5107c233a2e0aa5ff4f7cd61b80726dffbe0fe7b31c7917593fc7c83f3cf32
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 29 Sep 2021 05:29:10 GMT
Content-Encoding
gzip
Server
openresty
Age
0
Vary
Accept-Encoding, Accept, Accept-Encoding, X-Forwarded-Proto, X-Disqus-Shortname, X-Disqus-Device, X-Disqus-Experiment, X-Disqus-Is-Private, X-Disqus-Development-Base
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Cache-Control
stale-while-revalidate=60, public, stale-if-error=86400, max-age=60
X-Service
router
Strict-Transport-Security
max-age=300; includeSubdomains
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length
20848
1313467
ad.a-ads.com/ Frame 6988 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.a-ads.com/1313467?size=120x600
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/wp-content/cache/busting/1/wp-includes/js/jquery/jquery-1.12.4-wp.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
78.46.174.169 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.169.174.46.78.clients.your-server.de
Software
nginx/1.18.0 (Ubuntu) / Phusion Passenger(R)
Resource Hash
454d5718d8a2b6216d34004eac916cc7b579c504488ae02dd7e055bc023c0c4b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
ad.a-ads.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://mrhacker.co/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/

Response headers

Server
nginx/1.18.0 (Ubuntu)
Date
Wed, 29 Sep 2021 05:29:10 GMT
Content-Type
text/html;charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding Accept-Encoding
Status
200 OK
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Powered-By
Phusion Passenger(R)
X-Original-Referer
https://mrhacker.co/
Content-Encoding
gzip
728x90
static.a-ads.com/a-ads-banners/117619/ Frame 1AA9 		122 KB
123 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.a-ads.com/a-ads-banners/117619/728x90?region=eu-central-1
Requested by
Host: ad.a-ads.com
URL: https://ad.a-ads.com/1313465?size=728x90
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
78.46.174.169 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.169.174.46.78.clients.your-server.de
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e4503a46dd63eb6398899345e1cf979d0aeb0dedfe051fc6cd213a69d67ddcc9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ad.a-ads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 29 Sep 2021 05:29:10 GMT
Last-Modified
Sun, 19 Apr 2020 16:08:09 GMT
Server
nginx/1.18.0 (Ubuntu)
x-amz-request-id
318RYSRCGCRPFKBH
ETag
"8df22bfbf1b66e4d461cc595236e19c5"
Content-Type
image/gif
Cache-Control
max-age=315360000
Content-Length
125388
Connection
keep-alive
Accept-Ranges
bytes
x-amz-version-id
0fATWmKYpJSZr5TJ6jtiSoqDotlI3uSs
x-amz-id-2
ila+FRrOhImuEgfWowX/eRxFxE9CXGoRs/xZY5sZ1ZlE+yq3Re4MrrYJR/Tv36rMPwmH30tNqnA=
Expires
Thu, 31 Dec 2037 23:55:55 GMT
320x50
static.a-ads.com/a-ads-banners/118226/ Frame 8E6C 		398 KB
398 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.a-ads.com/a-ads-banners/118226/320x50?region=eu-central-1
Requested by
Host: ad.a-ads.com
URL: https://ad.a-ads.com/1313463?size=320x50
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
78.46.174.169 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.169.174.46.78.clients.your-server.de
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
9ad8ceacf5021200f5e0d5c97008d8f856a2fe2280d3fdce044ae205bd69d96c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ad.a-ads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 29 Sep 2021 05:29:10 GMT
Last-Modified
Sun, 26 Apr 2020 07:21:07 GMT
Server
nginx/1.18.0 (Ubuntu)
x-amz-request-id
XB4337GAHJV9SCC5
ETag
"d7fec3a205b1f352278aacb8980577ed"
Content-Type
image/gif
Cache-Control
max-age=315360000
Content-Length
407238
Connection
keep-alive
Accept-Ranges
bytes
x-amz-version-id
mhRRB_FtHZd1saqOLsgEX7B051Cwx1HQ
x-amz-id-2
8XjR0nDN0os6P+0tzQ00noZQ8GJwJqvNz73Yk9J6NVxXTozqGP7kvGVStSNodgY47SS+ca/vYS4=
Expires
Thu, 31 Dec 2037 23:55:55 GMT
random4f.js
adsxyz.com/sponsors/linkxyz/ Frame 57B0 		1 KB
927 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adsxyz.com/sponsors/linkxyz/random4f.js
Requested by
Host: adsxyz.com
URL: https://adsxyz.com/sponsors/linkxyz/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.198.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd819f8eba0b56e52c8583bf1db1b5bbeec52504bef12ef0b325013b68977901

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://adsxyz.com/sponsors/linkxyz/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
39349
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Fri, 06 Jan 2012 14:11:54 GMT
server
cloudflare
etag
W/"4f07012a-568"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wx65R1StJXeN1Z9n64K9NuPt7T6eaIz9MfMr3POvsz%2B%2FbevXAzGg0QFMZUG6GMMYUn4HaZPZA2aZMa8rZe63iZjCnwAIGnHXMukXoiO%2FLdZD6%2Fo56g8hGLGlA6S7"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000, must-revalidate, proxy-revalidate
cf-ray
6962cff058af0810-CDG
expires
Thu, 28 Oct 2021 18:33:21 GMT
js
www.googletagmanager.com/gtag/ Frame 57B0 		117 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-D87R5XW8W4
Requested by
Host: adsxyz.com
URL: https://adsxyz.com/sponsors/linkxyz/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.232 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
a51841ac5a3ccca313c7a0aaeda9c8c928a5769e8f7b8c24c3cf683d523491fa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://adsxyz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47248
x-xss-protection
0
expires
Wed, 29 Sep 2021 05:29:10 GMT
truncated
/ Frame D7CB 		305 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
95347f5a02237a0ff92fc87be7ad78f0fb44eebc125ffb61edc17da98a6d23d7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 4EAB 		305 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
95347f5a02237a0ff92fc87be7ad78f0fb44eebc125ffb61edc17da98a6d23d7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j93&a=467676632&t=pageview&_s=1&dl=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&ul=en-us&de=UTF-8&dt=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems%20%7C%20MrHacker&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAUAB~&cid=696830200.1632893350&tid=UA-146590598-1&_gid=1176372558.1632893350&gtm=2ou9r0&z=819063006
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Sep 2021 14:47:34 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
52896
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
adsterra_300x250.html
clipsex.online/banner/ Frame 612C 		867 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://clipsex.online/banner/adsterra_300x250.html?
Requested by
Host: adsxyz.com
URL: https://adsxyz.com/sponsors/linkxyz/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.174.93 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd110802bfc94a315236b952fc20ee920c1cf886b9526ffad1ee4ff9057d2394
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
clipsex.online
:scheme
https
:path
/banner/adsterra_300x250.html?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://adsxyz.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://adsxyz.com/

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-type
text/html
last-modified
Wed, 25 Aug 2021 09:45:12 GMT
strict-transport-security
max-age=31536000
x-frame-options
ALLOWALL
x-content-type-options
nosniff
x-xss-protection
1; mode=block
cache-control
max-age=2678400
cf-cache-status
HIT
age
340453
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v1faH3FICxwhdoWv8lXZviqe4Yan7cEi8HsI7g%2BjJSd%2BhVGwPWm5frhQtSHS0ZknanAGTG8kqfT%2F0eZJU0R7fiZfRvZopKl%2FS6RMYoOI36puOWBQRVhJasmNt9ZKwFejeA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
server
cloudflare
cf-ray
6962cff11a7b04a3-CDG
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
adsterra_300x250.html
fappinghd.com/banner/ Frame 58A3 		867 B
649 B 		Document
General
Check archive.org
Download Go to
Full URL
https://fappinghd.com/banner/adsterra_300x250.html?
Requested by
Host: adsxyz.com
URL: https://adsxyz.com/sponsors/linkxyz/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.132.22 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e5e71fa614171fdf7f3eee87e6198d233232fe2d73e7cc75cb30722c00000738
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
fappinghd.com
:scheme
https
:path
/banner/adsterra_300x250.html?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://adsxyz.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://adsxyz.com/

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-type
text/html
last-modified
Wed, 25 Aug 2021 09:49:40 GMT
strict-transport-security
max-age=31536000
x-frame-options
ALLOWALL
x-content-type-options
nosniff
x-xss-protection
1; mode=block
cache-control
max-age=2678400
cf-cache-status
HIT
age
1160881
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6chL9RGwVqdx9q43qiuErTIaffvrpgt5AuJMTrtzZRskYivjfk18badQochLfg9T0ixM0r0vx6h%2B58n1PgQvsx0lK2XZcSDLvTZI5tbFbfmNX7TcjW5FbfH00%2BHYGKKC"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
server
cloudflare
cf-ray
6962cff11c1d067e-LHR
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
adsterra_300x250.html
javbest.co/banner/ Frame F5A2 		867 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://javbest.co/banner/adsterra_300x250.html?
Requested by
Host: adsxyz.com
URL: https://adsxyz.com/sponsors/linkxyz/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.25.241 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
676311b41a8a21162d8187ce2b2ecb7c652888635cc52967a9aabff9ef583d2b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
javbest.co
:scheme
https
:path
/banner/adsterra_300x250.html?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://adsxyz.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://adsxyz.com/

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-type
text/html
last-modified
Wed, 25 Aug 2021 09:51:54 GMT
strict-transport-security
max-age=31536000
x-frame-options
ALLOWALL
x-content-type-options
nosniff
x-xss-protection
1; mode=block
cache-control
max-age=2678400
cf-cache-status
HIT
age
145525
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y96YDOvbEKwIPYXtrHDIuxEv7uVofEtjJs%2BLa96GFePClc%2B4Cwpy7x%2BfCGkf4xnnR5SFBgLx%2FIi2LCDQafpJR5sf8dapHfILJ6ZVzhCXpK6eG67qBZNee8YC0EvY"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
server
cloudflare
cf-ray
6962cff11b32ee60-CDG
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
adsterra_300x250.html
thesexscene.com/banner/ Frame 727D 		867 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://thesexscene.com/banner/adsterra_300x250.html?
Requested by
Host: adsxyz.com
URL: https://adsxyz.com/sponsors/linkxyz/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.204.82 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
227365258106f73bc8761237c88b38ffbca65361aa95b865709657406eae1459
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
thesexscene.com
:scheme
https
:path
/banner/adsterra_300x250.html?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://adsxyz.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://adsxyz.com/

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-type
text/html
last-modified
Wed, 25 Aug 2021 09:54:02 GMT
strict-transport-security
max-age=31536000
x-frame-options
ALLOWALL
x-content-type-options
nosniff
x-xss-protection
1; mode=block
cache-control
max-age=2678400
cf-cache-status
HIT
age
340275
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LNFUXwyXNH%2FF2O96SXubZOqkG%2FnJOqv0BOkqYazhX3pSZcUZXnLdvbk6vTnPTVk9iwtjXVmU%2BJ2cKM1Mmk%2FKsoPpEU6ZrQmJHZf2KzpGaV8w9NlWCrkfrl9FxkC0EQ%2Fe64E%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
server
cloudflare
cf-ray
6962cff10b784055-CDG
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
juicyads_300x250.html
jav1080.com/banner/ Frame A5E9 		744 B
1008 B 		Document
General
Check archive.org
Download Go to
Full URL
https://jav1080.com/banner/juicyads_300x250.html
Requested by
Host: adsxyz.com
URL: https://adsxyz.com/sponsors/linkxyz/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.235.51 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bb776e4e7499c2a01783aaeafd98641ea731c2d2da8ed9bb20cef55cd50b863b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
jav1080.com
:scheme
https
:path
/banner/juicyads_300x250.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://adsxyz.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://adsxyz.com/

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-type
text/html
last-modified
Fri, 25 Jun 2021 18:29:27 GMT
strict-transport-security
max-age=31536000
x-frame-options
ALLOWALL
x-content-type-options
nosniff
x-xss-protection
1; mode=block
cache-control
max-age=2678400
cf-cache-status
HIT
age
583775
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TzVhujyhbsJVbzTn84UMNUi%2BP%2FDILHl23oEqrwGb6UYIsWkMRzrEOVMcOvjf%2FpqJFdTrcF%2Ftbw2UWyat9Q%2F47h07HOTilMKKT0i0%2F41J0ocfrDY7qIoWmuizhK6N2g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
server
cloudflare
cf-ray
6962cff12a1dee17-CDG
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
juicyads_300x250.html
pornbebes.com/banner/ Frame D2B3 		744 B
977 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pornbebes.com/banner/juicyads_300x250.html
Requested by
Host: adsxyz.com
URL: https://adsxyz.com/sponsors/linkxyz/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.62.171 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
93e18f2f4e1a2af8839f0ee4900990890090742ac52482ea811f1fe41ef5556c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
pornbebes.com
:scheme
https
:path
/banner/juicyads_300x250.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://adsxyz.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://adsxyz.com/

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-type
text/html
last-modified
Fri, 25 Jun 2021 18:43:21 GMT
strict-transport-security
max-age=31536000
x-frame-options
ALLOWALL
x-content-type-options
nosniff
x-xss-protection
1; mode=block
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L1%2FlDUJZ5JhoEiVT44jWVK5O7d%2BeAXAI9I3EH81YYtJ13qw%2Blyj4PON6SkvnrRqn8dQHCZ1BbLabo7exdxIp2WvjrP95%2FRcqui9AJ4ZjOx71eIvZDpXLNVHGjy%2BuEHy8"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6962cff11c4539c9-CDG
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
juicyads_300x250.html
sex4viet.com/banner/ Frame 580A 		661 B
967 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sex4viet.com/banner/juicyads_300x250.html
Requested by
Host: adsxyz.com
URL: https://adsxyz.com/sponsors/linkxyz/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.86.13 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
07aa1437b73b702e4fd27db55e676455653762882c782440309ba4534050928a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
sex4viet.com
:scheme
https
:path
/banner/juicyads_300x250.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://adsxyz.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://adsxyz.com/

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-type
text/html
last-modified
Fri, 25 Jun 2021 18:14:21 GMT
strict-transport-security
max-age=31536000
x-frame-options
ALLOWALL
x-content-type-options
nosniff
x-xss-protection
1; mode=block
cache-control
max-age=2678400
cf-cache-status
HIT
age
811636
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QRCpUZcHrUXHuGejnW9FcKoom5cnSDOEIQ%2FPZIddfqPKdrHVHkXwVSkzMMVISymoD8%2BjagcViHIgtIbkna7mRaB4TEoA2lM%2Bz%2FhN9b8edv%2Fi1jpFLk%2FCfX6H0m4fWT4%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
server
cloudflare
cf-ray
6962cff11f1c3b2b-CDG
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
juicy_300x250.html
xdultchannel.com/banner/ Frame 9C52 		742 B
1008 B 		Document
General
Check archive.org
Download Go to
Full URL
https://xdultchannel.com/banner/juicy_300x250.html
Requested by
Host: adsxyz.com
URL: https://adsxyz.com/sponsors/linkxyz/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.3.136 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c60dfaf4d68247d23d28f56642945518dc7481ce4fba6b1f908857f497a4c614
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
xdultchannel.com
:scheme
https
:path
/banner/juicy_300x250.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://adsxyz.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://adsxyz.com/

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-type
text/html
last-modified
Fri, 25 Jun 2021 17:05:02 GMT
strict-transport-security
max-age=31536000
x-frame-options
ALLOWALL
x-content-type-options
nosniff
x-xss-protection
1; mode=block
cache-control
max-age=2678400
cf-cache-status
HIT
age
1919817
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rZDrD6SFYhDE3859KOsqyMBZ9v4lQDotxT4FwV%2BWCsUXPw%2Fq5%2FizhoSTQvEoxLJVMIm2iz1AIQc5Y80ip0%2BZKx9wKWWVw7AZjiMiPBMOKqjuDsHG0VfAAuosS95A8cTg1WFu"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
server
cloudflare
cf-ray
6962cff11c4439c9-CDG
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
clickadilla_300x250.html
fappinghd.com/banner/ Frame 0E23 		508 B
511 B 		Document
General
Check archive.org
Download Go to
Full URL
https://fappinghd.com/banner/clickadilla_300x250.html
Requested by
Host: adsxyz.com
URL: https://adsxyz.com/sponsors/linkxyz/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.132.22 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f48986bbd3c0fa2325dd32fc09cd1d3cc9a0063762964feff8bde2d58d5ce7f4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
fappinghd.com
:scheme
https
:path
/banner/clickadilla_300x250.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://adsxyz.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://adsxyz.com/

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-type
text/html
last-modified
Thu, 23 Sep 2021 06:11:01 GMT
strict-transport-security
max-age=31536000
x-frame-options
ALLOWALL
x-content-type-options
nosniff
x-xss-protection
1; mode=block
cache-control
max-age=2678400
cf-cache-status
HIT
age
512744
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f5LcmXuxZdt5KSiL6lwNNl%2BtEBghOfPv3xwY8OoozUtoMeTCY9KP3jSplYnQYpRXatUovRjCzfGITISaWxdkNnjPnnexI7zZ8bWZQXwHAj18WJP%2BYN8ZCT8RmHo09Lgx"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
server
cloudflare
cf-ray
6962cff11c21067e-LHR
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
clickadilla_300x100.html
fappinghd.com/banner/ Frame 9B41 		504 B
509 B 		Document
General
Check archive.org
Download Go to
Full URL
https://fappinghd.com/banner/clickadilla_300x100.html
Requested by
Host: adsxyz.com
URL: https://adsxyz.com/sponsors/linkxyz/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.132.22 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0656c75c4917096eb8be23bc78c8c3fee7b8d059779519cb30dccc9f296c54ce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
fappinghd.com
:scheme
https
:path
/banner/clickadilla_300x100.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://adsxyz.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://adsxyz.com/

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-type
text/html
last-modified
Thu, 23 Sep 2021 06:11:07 GMT
strict-transport-security
max-age=31536000
x-frame-options
ALLOWALL
x-content-type-options
nosniff
x-xss-protection
1; mode=block
cache-control
max-age=2678400
cf-cache-status
HIT
age
513074
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PX1byeDYVb15uLMPj%2BXKbBf1804mQw5vPFkl7elED63rX0BAYDaeFpOkRRHWZDHI5GydLQKnMWjkthHhwgJVOUxMOIjWFSb6xHd0cVpkgK%2BAfoPxh8UYbEQ7HBaj9MmT"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
server
cloudflare
cf-ray
6962cff11c23067e-LHR
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
clickadilla_300x100.html
fappinghd.com/banner/ Frame AE3C 		504 B
918 B 		Document
General
Check archive.org
Download Go to
Full URL
https://fappinghd.com/banner/clickadilla_300x100.html
Requested by
Host: adsxyz.com
URL: https://adsxyz.com/sponsors/linkxyz/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.132.22 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0656c75c4917096eb8be23bc78c8c3fee7b8d059779519cb30dccc9f296c54ce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
fappinghd.com
:scheme
https
:path
/banner/clickadilla_300x100.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://adsxyz.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://adsxyz.com/

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-type
text/html
last-modified
Thu, 23 Sep 2021 06:11:07 GMT
strict-transport-security
max-age=31536000
x-frame-options
ALLOWALL
x-content-type-options
nosniff
x-xss-protection
1; mode=block
cache-control
max-age=2678400
cf-cache-status
HIT
age
513074
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wmlIiOL359lRTCFdKf4KLtOASVoX2z8ppOcYrpVXGpKXcEJbwkANPwK7ugj7561opIEWQjkYp9Piq6S4W3EmWhYArrPqlC0zF4D8%2BRFwBvkEHacuXj6FkB9I4k5XNpEw"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
server
cloudflare
cf-ray
6962cff11c25067e-LHR
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
clickadilla_300x250.html
fappinghd.com/banner/ Frame 27F5 		508 B
540 B 		Document
General
Check archive.org
Download Go to
Full URL
https://fappinghd.com/banner/clickadilla_300x250.html
Requested by
Host: adsxyz.com
URL: https://adsxyz.com/sponsors/linkxyz/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.132.22 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f48986bbd3c0fa2325dd32fc09cd1d3cc9a0063762964feff8bde2d58d5ce7f4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
fappinghd.com
:scheme
https
:path
/banner/clickadilla_300x250.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://adsxyz.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://adsxyz.com/

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-type
text/html
last-modified
Thu, 23 Sep 2021 06:11:01 GMT
strict-transport-security
max-age=31536000
x-frame-options
ALLOWALL
x-content-type-options
nosniff
x-xss-protection
1; mode=block
cache-control
max-age=2678400
cf-cache-status
HIT
age
512744
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ekO0MdMFuKHFImA2KtmpPrurEiQ3GToDT9GAwpZqEt%2FyDMqdoR5nVhGbZ%2FTGzp%2F94YGS1Ra2bnsqqGhLo7QdaLdAbbiigpuyAZ5X4%2FBxzQwo6kMg1vBfvAzcEr65x79a"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
server
cloudflare
cf-ray
6962cff11c26067e-LHR
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
aads_300x250.html
mrhacker.co/banner/ Frame 3A82 		558 B
833 B 		Document
General
Check archive.org
Download Go to
Full URL
https://mrhacker.co/banner/aads_300x250.html
Requested by
Host: adsxyz.com
URL: https://adsxyz.com/sponsors/linkxyz/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.199.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
45458c5cfa0ae1e6992b40d920661a7107510f24e5c96f4b2f160d9939d946d0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
mrhacker.co
:scheme
https
:path
/banner/aads_300x250.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://adsxyz.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://adsxyz.com/

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-type
text/html
last-modified
Sun, 19 Jan 2020 08:10:22 GMT
strict-transport-security
max-age=31536000
x-frame-options
ALLOWALL
x-content-type-options
nosniff
x-xss-protection
1; mode=block
cache-control
max-age=2678400
cf-cache-status
HIT
age
583639
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PRCH6E9sbcEoPHjTO3Kk1zCCzNt%2BMr10cp%2Fvwty61ZI5rM2BEjx4WE1hCKTi6JtJyNKtyYEyRB8ygzWDa2k1YtfFDrmj2eaHot%2FfjkdwqliA9EKup%2FZehfCYwk6Jbw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
server
cloudflare
cf-ray
6962cff0c84f32b9-CDG
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
aads_300x250.html
null88.com/banner/ Frame 2C53 		558 B
926 B 		Document
General
Check archive.org
Download Go to
Full URL
https://null88.com/banner/aads_300x250.html
Requested by
Host: adsxyz.com
URL: https://adsxyz.com/sponsors/linkxyz/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.147.50 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8ff3c131212b8c54e4fef81437dd815acba30e979a4e811a5a1174250e548bcb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
null88.com
:scheme
https
:path
/banner/aads_300x250.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://adsxyz.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://adsxyz.com/

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-type
text/html
last-modified
Sat, 22 Feb 2020 06:34:19 GMT
strict-transport-security
max-age=31536000
x-frame-options
ALLOWALL
x-content-type-options
nosniff
x-xss-protection
1; mode=block
cache-control
max-age=2678400
cf-cache-status
HIT
age
139846
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2d1TV4Ex6Eli5noCNWs9rvRhOw3xv3zcc8CoZN8EUW0Ed5YkJOjVwcHKmjdF4V1oFfO5ygPSGuR4jKzTWhrVwp5jY4AR0ZTGunkLXKHQXAohLGmN4mQ5DPPMisOF"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
server
cloudflare
cf-ray
6962cff1299a40f9-CDG
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
aads_300x250.html
phancongkhanh.com/banner/ Frame 2D2B 		558 B
916 B 		Document
General
Check archive.org
Download Go to
Full URL
https://phancongkhanh.com/banner/aads_300x250.html
Requested by
Host: adsxyz.com
URL: https://adsxyz.com/sponsors/linkxyz/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.175.114 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c953490be90a1e661e731eed1b5b5b07d20a3d23806cc81d641c383e99422c2d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
phancongkhanh.com
:scheme
https
:path
/banner/aads_300x250.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://adsxyz.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://adsxyz.com/

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-type
text/html
last-modified
Wed, 30 Jun 2021 09:30:59 GMT
strict-transport-security
max-age=31536000
x-frame-options
ALLOWALL
x-content-type-options
nosniff
x-xss-protection
1; mode=block
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BYnCFxqWxh3%2FiHoMxV%2FEp%2Ba0DPLQKL6NXu1MYZa4fYTk40E5pWnfUrvs61HUq8GMA7S30UkUGrNgYmvJ4%2F3D4DkrgX9W4j36fwwJKfeUpPns1333hZHsu6vIab8nXM4uVicyNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6962cff1195d39d5-CDG
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
aads_300x250.html
tongdongkhue.com/banner/ Frame 1B46 		558 B
914 B 		Document
General
Check archive.org
Download Go to
Full URL
https://tongdongkhue.com/banner/aads_300x250.html
Requested by
Host: adsxyz.com
URL: https://adsxyz.com/sponsors/linkxyz/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.50.160 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e2e1b64507c8e03581b958717b74ea4f9df546187e1477ff33f2ad65dbdfcb16
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
tongdongkhue.com
:scheme
https
:path
/banner/aads_300x250.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://adsxyz.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://adsxyz.com/

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-type
text/html
last-modified
Wed, 30 Jun 2021 09:14:18 GMT
strict-transport-security
max-age=31536000
x-frame-options
ALLOWALL
x-content-type-options
nosniff
x-xss-protection
1; mode=block
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xOimPSU8g1jHYfqAa9irgFLvWKZZk%2F6iXS10Ajm1J%2BCZrr5zTgENn3t7DYbmwAZr3v1NVrIUcRkvzjI%2Bx1BSde8Tlj2sVG%2B80zM%2Bafb9VIwns6ZyE%2BlYvEFZBp%2FY5wDHel7p"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6962cff12e93048f-CDG
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
/
disqus.com/embed/comments/ Frame 61D3 		7 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://disqus.com/embed/comments/?base=default&f=mrhackerco&t_i=mrhackerco-51279&t_u=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&t_e=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_d=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_t=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&s_o=default
Requested by
Host: mrhackerco.disqus.com
URL: https://mrhackerco.disqus.com/embed.js?ver=5.3.1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7822b26e3bd8cb2acd74876d4ca3e73a21c4155ec40cc93e81d1c498b81d5ce5
Security Headers
Name Value
Content-Security-Policy script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
disqus.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://mrhacker.co/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/

Response headers

Connection
keep-alive
Content-Length
2867
Server
nginx
Content-Type
text/html; charset=utf-8
Content-Security-Policy
script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Last-Modified
Mon, 13 Jul 2020 23:47:40 GMT
ETag
W/"lounge:view:7980492607.ccd1824ba7dce2ed5ce24e6f9dd8d7d7.2"
Link
<https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control
stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Referrer-Policy
no-referrer-when-downgrade
Timing-Allow-Origin
*
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Content-Encoding
gzip
Date
Wed, 29 Sep 2021 05:29:10 GMT
Age
0
Vary
Accept-Encoding
Strict-Transport-Security
max-age=300; includeSubdomains
truncated
/ Frame 6988 		305 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
95347f5a02237a0ff92fc87be7ad78f0fb44eebc125ffb61edc17da98a6d23d7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
recommendations.eff219b98b7c4167b4b289065f36f391.css
c.disquscdn.com/next/recommendations/styles/ 		0
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/styles/recommendations.eff219b98b7c4167b4b289065f36f391.css
Requested by
Host: mrhackerco.disqus.com
URL: https://mrhackerco.disqus.com/recommendations.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-83.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 06 May 2021 10:11:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
12597475
x-cache
Hit from cloudfront
content-length
3748
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Wed, 28 Apr 2021 21:48:08 GMT
server
nginx
etag
"6089d818-ea4"
content-type
text/css; charset=utf-8
via
1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront)
expires
Fri, 06 May 2022 10:11:15 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
BD9jAzEv3x6BdU-IhdJbFNLobMbwd6SoAgRjm3AD9MjF5fjkmoe6sA==
x-cache-hits
0
common.bundle.3599f83da3e37f2d8675b56e0b4f87a4.js
c.disquscdn.com/next/recommendations/ 		0
87 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/common.bundle.3599f83da3e37f2d8675b56e0b4f87a4.js
Requested by
Host: mrhackerco.disqus.com
URL: https://mrhackerco.disqus.com/recommendations.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-83.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 19:47:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
553289
x-edge-origin-shield-skipped
0
x-cache
Hit from cloudfront
content-length
88862
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Wed, 22 Sep 2021 19:30:27 GMT
server
nginx
etag
"614b8453-15b1e"
content-type
application/javascript; charset=utf-8
via
1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront)
expires
Thu, 22 Sep 2022 19:47:41 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
L3oWsZPMRJxgCS8hjYZfGjmpoMIGHUEj3QW0XdsSk3Ki1lupZ3lVmw==
x-cache-hits
0
recommendations.bundle.4e863665d1a7f5fe148423ae719c9df7.js
c.disquscdn.com/next/recommendations/ 		0
20 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/recommendations.bundle.4e863665d1a7f5fe148423ae719c9df7.js
Requested by
Host: mrhackerco.disqus.com
URL: https://mrhackerco.disqus.com/recommendations.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-83.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 02 Sep 2021 18:15:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2286795
x-cache
Hit from cloudfront
content-length
20099
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Thu, 02 Sep 2021 17:40:39 GMT
server
nginx
etag
"61310c97-4e83"
content-type
application/javascript; charset=utf-8
via
1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront)
expires
Fri, 02 Sep 2022 18:15:55 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
wCx-cNPvE2d14CwEK-NYWgKk7M8T0em20eEUjjh0dwNf8mNcx05r3A==
x-cache-hits
0
1313462
ad.a-ads.com/ Frame 6F1B 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.a-ads.com/1313462?size=300x250
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/banner/aads_300x250.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
78.46.174.169 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.169.174.46.78.clients.your-server.de
Software
nginx/1.18.0 (Ubuntu) / Phusion Passenger(R)
Resource Hash
7d873711d6fd0790210612da76716c15fa865a6e078a1786f0ff0df4764e1aea
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
ad.a-ads.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://mrhacker.co/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/

Response headers

Server
nginx/1.18.0 (Ubuntu)
Date
Wed, 29 Sep 2021 05:29:10 GMT
Content-Type
text/html;charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding Accept-Encoding
Status
200 OK
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Powered-By
Phusion Passenger(R)
X-Original-Referer
https://mrhacker.co/
Content-Encoding
gzip
invoke.js
www.effectivedisplayformat.com/e3f31de3ba73aad193bc6d6123925a0d/ Frame 727D 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.effectivedisplayformat.com/e3f31de3ba73aad193bc6d6123925a0d/invoke.js
Requested by
Host: thesexscene.com
URL: https://thesexscene.com/banner/adsterra_300x250.html?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.59.13 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.17.6 /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://thesexscene.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 29 Sep 2021 05:29:10 GMT
server
nginx/1.17.6
content-type
application/javascript
content-length
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
jads2.js
poweredby.jads.co/js/ Frame 580A
Redirect Chain
  • https://poweredby.jads.co/js/jads.js
  • https://poweredby.jads.co/js/jads2.js
4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://poweredby.jads.co/js/jads2.js
Requested by
Host: sex4viet.com
URL: https://sex4viet.com/banner/juicyads_300x250.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.94.236.247 , Netherlands, ASN42567 (MOJHOST-EU, NL),
Reverse DNS
Software
nginx /
Resource Hash
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sex4viet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 29 Sep 2021 05:29:10 GMT
Content-Encoding
gzip
Last-Modified
Tue, 24 Dec 2019 19:10:29 GMT
Server
nginx
ETag
W/"5e0262a5-eae"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Connection
close

Redirect headers

Location
jads2.js
Date
Wed, 29 Sep 2021 05:29:10 GMT
Server
nginx
Connection
keep-alive
Content-Length
178
Content-Type
text/html
adManager.js
js.wpadmngr.com/static/ Frame 9B41 		217 B
429 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.wpadmngr.com/static/adManager.js
Requested by
Host: fappinghd.com
URL: https://fappinghd.com/banner/clickadilla_300x100.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.25 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
80de47821654fdda2f463506ec525ef1e5f3788e5aa8638793034fe79162935e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fappinghd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
gzip
last-modified
Thu, 02 Sep 2021 08:45:08 GMT
server
nginx/1.18.0
etag
W/"61308f14-d9"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Wed, 29 Sep 2021 06:29:10 GMT
cache-control
max-age=3600
x-proxy-cache
HIT
adManager.js
js.wpadmngr.com/static/ Frame AE3C 		217 B
428 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.wpadmngr.com/static/adManager.js
Requested by
Host: fappinghd.com
URL: https://fappinghd.com/banner/clickadilla_300x100.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.25 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
80de47821654fdda2f463506ec525ef1e5f3788e5aa8638793034fe79162935e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fappinghd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
gzip
last-modified
Thu, 02 Sep 2021 08:45:08 GMT
server
nginx/1.18.0
etag
W/"61308f14-d9"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Wed, 29 Sep 2021 06:29:10 GMT
cache-control
max-age=3600
x-proxy-cache
HIT
invoke.js
www.effectivedisplayformat.com/5443e680fc84477d90d46ca506b1db43/ Frame 612C 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.effectivedisplayformat.com/5443e680fc84477d90d46ca506b1db43/invoke.js
Requested by
Host: clipsex.online
URL: https://clipsex.online/banner/adsterra_300x250.html?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.59.13 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.17.6 /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://clipsex.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 29 Sep 2021 05:29:10 GMT
server
nginx/1.17.6
content-type
application/javascript
content-length
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
invoke.js
www.effectivedisplayformat.com/6cc0003302752de793ff29e3ffcd55ae/ Frame 58A3 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.effectivedisplayformat.com/6cc0003302752de793ff29e3ffcd55ae/invoke.js
Requested by
Host: fappinghd.com
URL: https://fappinghd.com/banner/adsterra_300x250.html?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.59.13 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.17.6 /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fappinghd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 29 Sep 2021 05:29:10 GMT
server
nginx/1.17.6
content-type
application/javascript
content-length
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
jads2.js
poweredby.jads.co/js/ Frame 9C52
Redirect Chain
  • https://poweredby.jads.co/js/jads.js
  • https://poweredby.jads.co/js/jads2.js
4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://poweredby.jads.co/js/jads2.js
Requested by
Host: xdultchannel.com
URL: https://xdultchannel.com/banner/juicy_300x250.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.94.236.247 , Netherlands, ASN42567 (MOJHOST-EU, NL),
Reverse DNS
Software
nginx /
Resource Hash
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xdultchannel.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 29 Sep 2021 05:29:10 GMT
Content-Encoding
gzip
Last-Modified
Tue, 24 Dec 2019 19:10:29 GMT
Server
nginx
ETag
W/"5e0262a5-eae"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Connection
close

Redirect headers

Location
jads2.js
Date
Wed, 29 Sep 2021 05:29:10 GMT
Server
nginx
Connection
keep-alive
Content-Length
178
Content-Type
text/html
adManager.js
js.wpadmngr.com/static/ Frame 27F5 		217 B
428 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.wpadmngr.com/static/adManager.js
Requested by
Host: fappinghd.com
URL: https://fappinghd.com/banner/clickadilla_300x250.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.25 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
80de47821654fdda2f463506ec525ef1e5f3788e5aa8638793034fe79162935e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fappinghd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
gzip
last-modified
Thu, 02 Sep 2021 08:45:08 GMT
server
nginx/1.18.0
etag
W/"61308f14-d9"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Wed, 29 Sep 2021 06:29:10 GMT
cache-control
max-age=3600
x-proxy-cache
HIT
adManager.js
js.wpadmngr.com/static/ Frame 0E23 		217 B
428 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.wpadmngr.com/static/adManager.js
Requested by
Host: fappinghd.com
URL: https://fappinghd.com/banner/clickadilla_300x250.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.25 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
80de47821654fdda2f463506ec525ef1e5f3788e5aa8638793034fe79162935e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fappinghd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
gzip
last-modified
Thu, 02 Sep 2021 08:45:08 GMT
server
nginx/1.18.0
etag
W/"61308f14-d9"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Wed, 29 Sep 2021 06:29:10 GMT
cache-control
max-age=3600
x-proxy-cache
HIT
invoke.js
www.effectivedisplayformat.com/09b4c663c359aa4550e8776a006e591a/ Frame F5A2 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.effectivedisplayformat.com/09b4c663c359aa4550e8776a006e591a/invoke.js
Requested by
Host: javbest.co
URL: https://javbest.co/banner/adsterra_300x250.html?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.59.13 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.17.6 /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://javbest.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 29 Sep 2021 05:29:10 GMT
server
nginx/1.17.6
content-type
application/javascript
content-length
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
1331410
ad.a-ads.com/ Frame D6A5 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.a-ads.com/1331410?size=300x250
Requested by
Host: null88.com
URL: https://null88.com/banner/aads_300x250.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
78.46.174.169 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.169.174.46.78.clients.your-server.de
Software
nginx/1.18.0 (Ubuntu) / Phusion Passenger(R)
Resource Hash
1fccfb19edcba5a92a7afccf2ce377eda3f6e2e0eca54288de5ef889316ea8fa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
ad.a-ads.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://null88.com/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://null88.com/

Response headers

Server
nginx/1.18.0 (Ubuntu)
Date
Wed, 29 Sep 2021 05:29:10 GMT
Content-Type
text/html;charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding Accept-Encoding
Status
200 OK
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Powered-By
Phusion Passenger(R)
X-Original-Referer
https://null88.com/
Content-Encoding
gzip
jads2.js
poweredby.jads.co/js/ Frame A5E9
Redirect Chain
  • https://poweredby.jads.co/js/jads.js
  • https://poweredby.jads.co/js/jads2.js
4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://poweredby.jads.co/js/jads2.js
Requested by
Host: jav1080.com
URL: https://jav1080.com/banner/juicyads_300x250.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.94.236.247 , Netherlands, ASN42567 (MOJHOST-EU, NL),
Reverse DNS
Software
nginx /
Resource Hash
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jav1080.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 29 Sep 2021 05:29:10 GMT
Content-Encoding
gzip
Last-Modified
Tue, 24 Dec 2019 19:10:29 GMT
Server
nginx
ETag
W/"5e0262a5-eae"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Connection
close

Redirect headers

Location
jads2.js
Date
Wed, 29 Sep 2021 05:29:10 GMT
Server
nginx
Connection
keep-alive
Content-Length
178
Content-Type
text/html
300x250
static.a-ads.com/a-ads-banners/118229/ Frame 6F1B 		682 KB
683 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.a-ads.com/a-ads-banners/118229/300x250?region=eu-central-1
Requested by
Host: ad.a-ads.com
URL: https://ad.a-ads.com/1313462?size=300x250
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
78.46.174.169 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.169.174.46.78.clients.your-server.de
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
b81d1d6dc8129dde051254463257a664dfe1bb49b78f0f4cd37dafbb3f960f93

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ad.a-ads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 29 Sep 2021 05:29:10 GMT
Last-Modified
Sun, 26 Apr 2020 07:21:07 GMT
Server
nginx/1.18.0 (Ubuntu)
x-amz-request-id
317MHF803EYWKP04
ETag
"ce8c5673a039ad9769d3265284d8f5f4"
Content-Type
image/gif
Cache-Control
max-age=315360000
Content-Length
698412
Connection
keep-alive
Accept-Ranges
bytes
x-amz-version-id
UQkZBCfcjGWdsi6lCz_51AvW3yIHMTsf
x-amz-id-2
KRHUGvEiP/4i5C2g1U3vFNqY+eN2dZv+VLKdMwFUGqXHNQBg0WtoTDKmmMEBgogBWhUdlpOpygk=
Expires
Thu, 31 Dec 2037 23:55:55 GMT
lounge.load.33fd930adde1d4970f3f907d75eb8409.js
c.disquscdn.com/next/embed/ Frame 61D3 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/lounge.load.33fd930adde1d4970f3f907d75eb8409.js
Requested by
Host: disqus.com
URL: https://disqus.com/embed/comments/?base=default&f=mrhackerco&t_i=mrhackerco-51279&t_u=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&t_e=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_d=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_t=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&s_o=default
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-83.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
c18c7bd2947e12105e9a5fe5c317987bd0fb915bf9c985de41277f2411f5a8be
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://disqus.com/embed/comments/?base=default&f=mrhackerco&t_i=mrhackerco-51279&t_u=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&t_e=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_d=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_t=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&s_o=default
Origin
https://disqus.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 19:47:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
553283
x-edge-origin-shield-skipped
0
x-cache
Hit from cloudfront
content-length
532
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Wed, 22 Sep 2021 19:30:27 GMT
server
nginx
etag
"614b8453-214"
content-type
application/javascript; charset=utf-8
via
1.1 21a3da42c823b5a4a2d9c4c63248bbd6.cloudfront.net (CloudFront)
expires
Thu, 22 Sep 2022 19:47:47 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
czmaoCqmjCA9I6bx7HeQk-lq_v1MPpnJmIzG4NZXv4lyfDxG5-SucA==
x-cache-hits
0
truncated
/ Frame 6F1B 		305 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
95347f5a02237a0ff92fc87be7ad78f0fb44eebc125ffb61edc17da98a6d23d7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
/
disqus.com/recommendations/ Frame 227D 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://disqus.com/recommendations/?base=default&f=mrhackerco&t_i=mrhackerco-51279&t_u=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&t_e=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_d=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_t=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems
Requested by
Host: mrhackerco.disqus.com
URL: https://mrhackerco.disqus.com/recommendations.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
22b8e0d3e840d946a55b0bd55b53398a7eba6d15dd03943719c9cc0192ed8680
Security Headers
Name Value
Content-Security-Policy script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
disqus.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://mrhacker.co/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/

Response headers

Connection
keep-alive
Content-Length
2402
Server
nginx
Content-Type
text/html; charset=utf-8
Content-Security-Policy
script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Last-Modified
Mon, 13 Jul 2020 23:47:40 GMT
Link
<https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control
stale-while-revalidate=30, no-cache, must-revalidate, stale-if-error=3600, public
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Timing-Allow-Origin
*
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Content-Encoding
gzip
Date
Wed, 29 Sep 2021 05:29:10 GMT
Age
0
Vary
Accept-Encoding
Strict-Transport-Security
max-age=300; includeSubdomains
common.bundle.a0ed109e21af94c55c513d7580d5773c.js
c.disquscdn.com/next/embed/ Frame 61D3 		282 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/common.bundle.a0ed109e21af94c55c513d7580d5773c.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.load.33fd930adde1d4970f3f907d75eb8409.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-83.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
30ebe86ee66f181317d9669e0530fc4fcb459005996595c73993c1e7fb0022e4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=mrhackerco&t_i=mrhackerco-51279&t_u=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&t_e=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_d=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_t=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 19:47:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
553283
x-edge-origin-shield-skipped
0
x-cache
Hit from cloudfront
content-length
94787
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Wed, 22 Sep 2021 19:30:27 GMT
server
nginx
etag
"614b8453-17243"
content-type
application/javascript; charset=utf-8
via
1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront)
expires
Thu, 22 Sep 2022 19:47:46 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
RiuZD1ntDgbUwqkYEYTiOLXQQePaCnQg_HU4kHEnlE6STLyQ3u4TNw==
x-cache-hits
0
jads2.js
poweredby.jads.co/js/ Frame D2B3
Redirect Chain
  • https://poweredby.jads.co/js/jads.js
  • https://poweredby.jads.co/js/jads2.js
4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://poweredby.jads.co/js/jads2.js
Requested by
Host: pornbebes.com
URL: https://pornbebes.com/banner/juicyads_300x250.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.94.236.247 , Netherlands, ASN42567 (MOJHOST-EU, NL),
Reverse DNS
Software
nginx /
Resource Hash
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pornbebes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 29 Sep 2021 05:29:10 GMT
Content-Encoding
gzip
Last-Modified
Tue, 24 Dec 2019 19:10:29 GMT
Server
nginx
ETag
W/"5e0262a5-eae"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Connection
close

Redirect headers

Location
jads2.js
Date
Wed, 29 Sep 2021 05:29:10 GMT
Server
nginx
Connection
keep-alive
Content-Length
178
Content-Type
text/html
300x250
static.a-ads.com/a-ads-banners/118229/ Frame D6A5 		682 KB
683 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.a-ads.com/a-ads-banners/118229/300x250?region=eu-central-1
Requested by
Host: ad.a-ads.com
URL: https://ad.a-ads.com/1331410?size=300x250
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
78.46.174.169 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.169.174.46.78.clients.your-server.de
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
b81d1d6dc8129dde051254463257a664dfe1bb49b78f0f4cd37dafbb3f960f93

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ad.a-ads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 29 Sep 2021 05:29:10 GMT
Last-Modified
Sun, 26 Apr 2020 07:21:07 GMT
Server
nginx/1.18.0 (Ubuntu)
x-amz-request-id
317MHF803EYWKP04
ETag
"ce8c5673a039ad9769d3265284d8f5f4"
Content-Type
image/gif
Cache-Control
max-age=315360000
Content-Length
698412
Connection
keep-alive
Accept-Ranges
bytes
x-amz-version-id
UQkZBCfcjGWdsi6lCz_51AvW3yIHMTsf
x-amz-id-2
KRHUGvEiP/4i5C2g1U3vFNqY+eN2dZv+VLKdMwFUGqXHNQBg0WtoTDKmmMEBgogBWhUdlpOpygk=
Expires
Thu, 31 Dec 2037 23:55:55 GMT
truncated
/ Frame D6A5 		305 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
95347f5a02237a0ff92fc87be7ad78f0fb44eebc125ffb61edc17da98a6d23d7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
adManager.m.js
js.wpadmngr.com/static/ Frame 9B41 		63 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.wpadmngr.com/static/adManager.m.js
Requested by
Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.25 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
fc2d7e2e227883c1ad3ab84d15f45e22d8a0bb7760ff0b9867e94bf7a3cb640f

Request headers

Referer
https://fappinghd.com/
Origin
https://fappinghd.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
gzip
last-modified
Thu, 23 Sep 2021 20:32:39 GMT
server
nginx/1.18.0
etag
W/"614ce467-fd96"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Wed, 29 Sep 2021 06:29:10 GMT
cache-control
max-age=3600
x-proxy-cache
HIT
adManager.m.js
js.wpadmngr.com/static/ Frame 27F5 		63 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.wpadmngr.com/static/adManager.m.js
Requested by
Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.25 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
fc2d7e2e227883c1ad3ab84d15f45e22d8a0bb7760ff0b9867e94bf7a3cb640f

Request headers

Referer
https://fappinghd.com/
Origin
https://fappinghd.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
gzip
last-modified
Thu, 23 Sep 2021 20:32:39 GMT
server
nginx/1.18.0
etag
W/"614ce467-fd96"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Wed, 29 Sep 2021 06:29:10 GMT
cache-control
max-age=3600
x-proxy-cache
HIT
adManager.m.js
js.wpadmngr.com/static/ Frame AE3C 		63 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.wpadmngr.com/static/adManager.m.js
Requested by
Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.25 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
fc2d7e2e227883c1ad3ab84d15f45e22d8a0bb7760ff0b9867e94bf7a3cb640f

Request headers

Referer
https://fappinghd.com/
Origin
https://fappinghd.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
gzip
last-modified
Thu, 23 Sep 2021 20:32:39 GMT
server
nginx/1.18.0
etag
W/"614ce467-fd96"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Wed, 29 Sep 2021 06:29:10 GMT
cache-control
max-age=3600
x-proxy-cache
HIT
adManager.m.js
js.wpadmngr.com/static/ Frame 0E23 		63 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.wpadmngr.com/static/adManager.m.js
Requested by
Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.25 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
fc2d7e2e227883c1ad3ab84d15f45e22d8a0bb7760ff0b9867e94bf7a3cb640f

Request headers

Referer
https://fappinghd.com/
Origin
https://fappinghd.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
content-encoding
gzip
last-modified
Thu, 23 Sep 2021 20:32:39 GMT
server
nginx/1.18.0
etag
W/"614ce467-fd96"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Wed, 29 Sep 2021 06:29:10 GMT
cache-control
max-age=3600
x-proxy-cache
HIT
1687823
ad.a-ads.com/ Frame B1ED 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.a-ads.com/1687823?size=300x250
Requested by
Host: phancongkhanh.com
URL: https://phancongkhanh.com/banner/aads_300x250.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
78.46.174.169 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.169.174.46.78.clients.your-server.de
Software
nginx/1.18.0 (Ubuntu) / Phusion Passenger(R)
Resource Hash
3e5518c1f6b2575f6147a680f6feaf3958b5c26fd189713bc53c24bf4edc5d19
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
ad.a-ads.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://phancongkhanh.com/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://phancongkhanh.com/

Response headers

Server
nginx/1.18.0 (Ubuntu)
Date
Wed, 29 Sep 2021 05:29:10 GMT
Content-Type
text/html;charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding Accept-Encoding
Status
200 OK
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Powered-By
Phusion Passenger(R)
X-Original-Referer
https://phancongkhanh.com/
Content-Encoding
gzip
1687802
ad.a-ads.com/ Frame D4EF 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.a-ads.com/1687802?size=300x250
Requested by
Host: tongdongkhue.com
URL: https://tongdongkhue.com/banner/aads_300x250.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
78.46.174.169 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.169.174.46.78.clients.your-server.de
Software
nginx/1.18.0 (Ubuntu) / Phusion Passenger(R)
Resource Hash
f17838965e70a81ceda4ed6c773e1566ba25dafc3977c424e032d6fb27056911
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
ad.a-ads.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://tongdongkhue.com/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://tongdongkhue.com/

Response headers

Server
nginx/1.18.0 (Ubuntu)
Date
Wed, 29 Sep 2021 05:29:10 GMT
Content-Type
text/html;charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding Accept-Encoding
Status
200 OK
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Powered-By
Phusion Passenger(R)
X-Original-Referer
https://tongdongkhue.com/
Content-Encoding
gzip
lounge.f586f6de31a54517b5af7f019af2ba8d.css
c.disquscdn.com/next/embed/styles/ Frame 61D3 		163 KB
26 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/styles/lounge.f586f6de31a54517b5af7f019af2ba8d.css
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.a0ed109e21af94c55c513d7580d5773c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-83.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
4028750e7b37de9ff30e9359b4bcd6b64159656332dd056677121f3cfe022cc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=mrhackerco&t_i=mrhackerco-51279&t_u=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&t_e=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_d=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_t=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 19:47:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
553283
x-edge-origin-shield-skipped
0
x-cache
Hit from cloudfront
content-length
25977
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Wed, 22 Sep 2021 19:30:27 GMT
server
nginx
etag
"614b8453-6579"
content-type
text/css; charset=utf-8
via
1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront)
expires
Thu, 22 Sep 2022 19:47:46 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
B4YmuKQe65cxC4tEtOvA2ZMNG4up6ue4nPV9AM-mNCP-u5VaQqp2eQ==
x-cache-hits
0
lounge.bundle.96662f29a1f56adcd7ebcd257a3eed8e.js
c.disquscdn.com/next/embed/ Frame 61D3 		468 KB
119 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/lounge.bundle.96662f29a1f56adcd7ebcd257a3eed8e.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.a0ed109e21af94c55c513d7580d5773c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-83.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
478823b79d2f830725e8e69079313a3dde42a265ba96e4cfb3a9dd562cbc6318
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=mrhackerco&t_i=mrhackerco-51279&t_u=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&t_e=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_d=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_t=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 19:47:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
553282
x-edge-origin-shield-skipped
0
x-cache
Hit from cloudfront
content-length
120691
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Wed, 22 Sep 2021 19:30:27 GMT
server
nginx
etag
"614b8453-1d773"
content-type
application/javascript; charset=utf-8
via
1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront)
expires
Thu, 22 Sep 2022 19:47:47 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
cURo05UZLwA8o9PlueD4FNy1E5QHBdyUXIsLBh74ZRBmYyeLOALWmA==
x-cache-hits
0
config.js
disqus.com/next/ Frame 61D3 		12 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://disqus.com/next/config.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.a0ed109e21af94c55c513d7580d5773c.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
a2ac7d27583731c7b8390949ca3884a647f16f7e499fef291bc73881ac4400b9
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=mrhackerco&t_i=mrhackerco-51279&t_u=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&t_e=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_d=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_t=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 29 Sep 2021 05:29:10 GMT
X-Content-Type-Options
nosniff
Content-Type
application/javascript; charset=UTF-8
Server
nginx
Age
19
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin
*
Cache-Control
public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
12058
X-XSS-Protection
1; mode=block
adshow.php
poweredby.jads.co/ Frame 0212 		0
0
Cookie set adshow.php
poweredby.jads.co/ Frame 9DD2 		5 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://poweredby.jads.co/adshow.php?adzone=929956
Requested by
Host: poweredby.jads.co
URL: https://poweredby.jads.co/js/jads.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.94.236.247 , Netherlands, ASN42567 (MOJHOST-EU, NL),
Reverse DNS
Software
nginx / PHP/5.6.40
Resource Hash
331477a89d7bb7078d3f93d2b0589ff5d99a09ab64b60797694dfe8f591b26ea

Request headers

Host
poweredby.jads.co
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://xdultchannel.com/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://xdultchannel.com/

Response headers

Server
nginx
Date
Wed, 29 Sep 2021 05:29:12 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
close
X-Powered-By
PHP/5.6.40
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie
surferid=d6f4d923845efaded69b1d6cf421a640; expires=Thu, 29-Sep-2022 05:29:10 GMT; Max-Age=31536000; path=/; domain=.jads.co juicy_data_1=YTowOnt9; expires=Sat, 02-Oct-2021 05:29:10 GMT; Max-Age=259198; domain=jads.co juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sat, 02-Oct-2021 05:29:10 GMT; Max-Age=259198; domain=jads.co
Content-Encoding
gzip
adshow.php
poweredby.jads.co/ Frame 5679 		0
0
Cookie set adshow.php
poweredby.jads.co/ Frame B947 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://poweredby.jads.co/adshow.php?adzone=929973
Requested by
Host: poweredby.jads.co
URL: https://poweredby.jads.co/js/jads.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.94.236.247 , Netherlands, ASN42567 (MOJHOST-EU, NL),
Reverse DNS
Software
nginx / PHP/5.6.40
Resource Hash
76552adae5607fac34408495c778731ee6e211032fc0bb99c6489c7b78098911

Request headers

Host
poweredby.jads.co
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://jav1080.com/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://jav1080.com/

Response headers

Server
nginx
Date
Wed, 29 Sep 2021 05:29:12 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
close
X-Powered-By
PHP/5.6.40
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie
surferid=d6f4d923845efaded69b1d6cf421a640; expires=Thu, 29-Sep-2022 05:29:10 GMT; Max-Age=31536000; path=/; domain=.jads.co imps37399=1; expires=Thu, 30-Sep-2021 05:29:12 GMT; Max-Age=86400; path=/; domain=.jads.co juicy_data_1=YToxOntpOjEyMDA0ODk7aToxNjMzMTUyNTUwO30%3D; expires=Sat, 02-Oct-2021 05:29:10 GMT; Max-Age=259198; domain=jads.co juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sat, 02-Oct-2021 05:29:10 GMT; Max-Age=259198; domain=jads.co
Content-Encoding
gzip
adshow.php
poweredby.jads.co/ Frame 41E0 		0
0
Cookie set adshow.php
poweredby.jads.co/ Frame 1559 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://poweredby.jads.co/adshow.php?adzone=929967
Requested by
Host: poweredby.jads.co
URL: https://poweredby.jads.co/js/jads.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.94.236.247 , Netherlands, ASN42567 (MOJHOST-EU, NL),
Reverse DNS
Software
nginx / PHP/5.6.40
Resource Hash
29d9b3f1416ee995532dbf3cd486342447ab2ab627b989854751ee7c9ae1f48c

Request headers

Host
poweredby.jads.co
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://sex4viet.com/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://sex4viet.com/

Response headers

Server
nginx
Date
Wed, 29 Sep 2021 05:29:11 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
close
X-Powered-By
PHP/5.6.40
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie
surferid=d6f4d923845efaded69b1d6cf421a640; expires=Thu, 29-Sep-2022 05:29:10 GMT; Max-Age=31536000; path=/; domain=.jads.co imps43403=1; expires=Thu, 30-Sep-2021 05:29:11 GMT; Max-Age=86400; path=/; domain=.jads.co juicy_data_1=YToxOntpOjExOTgzMjY7aToxNjMzMTUyNTUwO30%3D; expires=Sat, 02-Oct-2021 05:29:10 GMT; Max-Age=259199; domain=jads.co juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sat, 02-Oct-2021 05:29:10 GMT; Max-Age=259199; domain=jads.co
Content-Encoding
gzip
recommendations.load.468b97d62a371c49ae174c537bd78912.js
c.disquscdn.com/next/recommendations/ Frame 227D 		923 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/recommendations.load.468b97d62a371c49ae174c537bd78912.js
Requested by
Host: disqus.com
URL: https://disqus.com/recommendations/?base=default&f=mrhackerco&t_i=mrhackerco-51279&t_u=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&t_e=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_d=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_t=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-83.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
d8fd8f477b9e6eeabdb8a7a82c5d4ad22ef274c40c75edfa74c74cbaad7beec4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://disqus.com/
Origin
https://disqus.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 19:47:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
553288
x-edge-origin-shield-skipped
0
x-cache
Hit from cloudfront
content-length
448
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Wed, 22 Sep 2021 19:30:27 GMT
server
nginx
etag
"614b8453-1c0"
content-type
application/javascript; charset=utf-8
via
1.1 21a3da42c823b5a4a2d9c4c63248bbd6.cloudfront.net (CloudFront)
expires
Thu, 22 Sep 2022 19:47:42 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
zjrLwi-xWcN58nCtLGKx36wl2MPCHyg2CovQbQlmLbyLIfabZaHB7Q==
x-cache-hits
0
9284
na.nawpush.com/tags/ Frame 9B41 		606 B
451 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://na.nawpush.com/tags/9284
Requested by
Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.m.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.25 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
983fdbe3bd9e7d78e285457cf2dc06291a6c61db64fafcfbdba83e3698b59178

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fappinghd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 29 Sep 2021 05:29:10 GMT
cache-control
max-age=300, public
content-type
text/plain; charset=utf-8
server
nginx/1.18.0
content-encoding
gzip
x-proxy-cache
HIT
wp-banners.js
js.wpadmngr.com/npc/sdk/ Frame 9B41 		0
238 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.wpadmngr.com/npc/sdk/wp-banners.js
Requested by
Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.m.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.25 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fappinghd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
last-modified
Fri, 20 Aug 2021 15:14:31 GMT
server
nginx/1.18.0
etag
"611fc6d7-0"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Wed, 29 Sep 2021 06:29:10 GMT
cache-control
max-age=3600
accept-ranges
bytes
content-length
0
x-proxy-cache
HIT
9284
na.nawpush.com/tags/ Frame AE3C 		606 B
450 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://na.nawpush.com/tags/9284
Requested by
Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.m.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.25 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
983fdbe3bd9e7d78e285457cf2dc06291a6c61db64fafcfbdba83e3698b59178

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fappinghd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 29 Sep 2021 05:29:10 GMT
cache-control
max-age=300, public
content-type
text/plain; charset=utf-8
server
nginx/1.18.0
content-encoding
gzip
x-proxy-cache
HIT
wp-banners.js
js.wpadmngr.com/npc/sdk/ Frame AE3C 		0
238 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.wpadmngr.com/npc/sdk/wp-banners.js
Requested by
Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.m.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.25 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fappinghd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
last-modified
Fri, 20 Aug 2021 15:14:31 GMT
server
nginx/1.18.0
etag
"611fc6d7-0"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Wed, 29 Sep 2021 06:29:10 GMT
cache-control
max-age=3600
accept-ranges
bytes
content-length
0
x-proxy-cache
HIT
9284
na.nawpush.com/tags/ Frame 27F5 		606 B
450 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://na.nawpush.com/tags/9284
Requested by
Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.m.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.25 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
983fdbe3bd9e7d78e285457cf2dc06291a6c61db64fafcfbdba83e3698b59178

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fappinghd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 29 Sep 2021 05:29:10 GMT
cache-control
max-age=300, public
content-type
text/plain; charset=utf-8
server
nginx/1.18.0
content-encoding
gzip
x-proxy-cache
HIT
wp-banners.js
js.wpadmngr.com/npc/sdk/ Frame 27F5 		0
238 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.wpadmngr.com/npc/sdk/wp-banners.js
Requested by
Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.m.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.25 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fappinghd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
last-modified
Fri, 20 Aug 2021 15:14:31 GMT
server
nginx/1.18.0
etag
"611fc6d7-0"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Wed, 29 Sep 2021 06:29:10 GMT
cache-control
max-age=3600
accept-ranges
bytes
content-length
0
x-proxy-cache
HIT
9284
na.nawpush.com/tags/ Frame 0E23 		606 B
450 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://na.nawpush.com/tags/9284
Requested by
Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.m.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.25 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
983fdbe3bd9e7d78e285457cf2dc06291a6c61db64fafcfbdba83e3698b59178

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fappinghd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 29 Sep 2021 05:29:10 GMT
cache-control
max-age=300, public
content-type
text/plain; charset=utf-8
server
nginx/1.18.0
content-encoding
gzip
x-proxy-cache
HIT
wp-banners.js
js.wpadmngr.com/npc/sdk/ Frame 0E23 		0
238 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.wpadmngr.com/npc/sdk/wp-banners.js
Requested by
Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.m.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.25 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fappinghd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:10 GMT
last-modified
Fri, 20 Aug 2021 15:14:31 GMT
server
nginx/1.18.0
etag
"611fc6d7-0"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Wed, 29 Sep 2021 06:29:10 GMT
cache-control
max-age=3600
accept-ranges
bytes
content-length
0
x-proxy-cache
HIT
adshow.php
poweredby.jads.co/ Frame 26FB 		0
0
Cookie set adshow.php
poweredby.jads.co/ Frame 5FCC 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://poweredby.jads.co/adshow.php?adzone=929979
Requested by
Host: poweredby.jads.co
URL: https://poweredby.jads.co/js/jads.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.94.236.247 , Netherlands, ASN42567 (MOJHOST-EU, NL),
Reverse DNS
Software
nginx / PHP/5.6.40
Resource Hash
e56c7d55014ea7a44e772d84f66a29ecb78684227f234addfd06e7ad0c688eae

Request headers

Host
poweredby.jads.co
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://pornbebes.com/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://pornbebes.com/

Response headers

Server
nginx
Date
Wed, 29 Sep 2021 05:29:12 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
close
X-Powered-By
PHP/5.6.40
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie
surferid=d6f4d923845efaded69b1d6cf421a640; expires=Thu, 29-Sep-2022 05:29:10 GMT; Max-Age=31536000; path=/; domain=.jads.co imps44055=1; expires=Thu, 30-Sep-2021 05:29:12 GMT; Max-Age=86400; path=/; domain=.jads.co juicy_data_1=YToxOntpOjEyMTE5MjA7aToxNjMzMTUyNTUwO30%3D; expires=Sat, 02-Oct-2021 05:29:10 GMT; Max-Age=259198; domain=jads.co juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sat, 02-Oct-2021 05:29:10 GMT; Max-Age=259198; domain=jads.co
Content-Encoding
gzip
truncated
/ Frame B1ED 		305 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
95347f5a02237a0ff92fc87be7ad78f0fb44eebc125ffb61edc17da98a6d23d7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame D4EF 		305 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
95347f5a02237a0ff92fc87be7ad78f0fb44eebc125ffb61edc17da98a6d23d7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
details
disqus.com/api/3.0/forums/ Frame 61D3 		3 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://disqus.com/api/3.0/forums/details?forum=mrhackerco&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.a0ed109e21af94c55c513d7580d5773c.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4d1e19ec512d63c76f67e817ed30ae50ae25af95cbffa205c85f283471eba1b9
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://disqus.com/embed/comments/?base=default&f=mrhackerco&t_i=mrhackerco-51279&t_u=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&t_e=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_d=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_t=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&s_o=default
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 29 Sep 2021 05:29:11 GMT
X-Content-Type-Options
nosniff
Server
nginx
Age
0
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection
keep-alive
Content-Type
application/json
Vary
Origin, Cookie
Content-Length
3349
X-XSS-Protection
1; mode=block
common.bundle.3599f83da3e37f2d8675b56e0b4f87a4.js
c.disquscdn.com/next/recommendations/ Frame 227D 		262 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/common.bundle.3599f83da3e37f2d8675b56e0b4f87a4.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/recommendations.load.468b97d62a371c49ae174c537bd78912.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-83.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
5fae79754e7af92e6afadc3060797e3d35188221e60d63d0625f66cf921e7ebb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 19:47:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
553289
x-edge-origin-shield-skipped
0
x-cache
Hit from cloudfront
content-length
88862
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Wed, 22 Sep 2021 19:30:27 GMT
server
nginx
etag
"614b8453-15b1e"
content-type
application/javascript; charset=utf-8
via
1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront)
expires
Thu, 22 Sep 2022 19:47:41 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
HR46sWEEuHEVkIt3hmTDZtNeXr9kXQ45KsLy21ftX-bsGViBEQpJmg==
x-cache-hits
0
noavatar92.png
a.disquscdn.com/1631826434/images/ Frame 61D3 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.disquscdn.com/1631826434/images/noavatar92.png
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=mrhackerco&t_i=mrhackerco-51279&t_u=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&t_e=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_d=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_t=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:11 GMT
x-content-type-options
nosniff
last-modified
Fri, 26 Feb 2021 20:50:09 GMT
server
nginx
age
1006448
etag
"60395f01-66c"
strict-transport-security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-xss-protection
1; mode=block
cache-control
max-age=2592000
x-amz-cf-pop
FRA56-C2
content-type
image/png
content-length
1644
x-amz-cf-id
ae8w-uPgwsEVtGRKicDs3hMl_c3U1sdmHCDVijA98QpEHqPpKSRWcQ==
expires
Sun, 17 Oct 2021 13:55:02 GMT
truncated
/ Frame 61D3 		37 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/gif
alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
c.disquscdn.com/next/embed/ 		78 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
Requested by
Host: mrhackerco.disqus.com
URL: https://mrhackerco.disqus.com/embed.js?ver=5.3.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-83.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
9efb3d5e1b082a66bd94908b42afb4cf6fe0e8eb8f50b8d2a18f6a5da03e6a18
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 05 May 2021 15:25:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
12665021
x-cache
Hit from cloudfront
content-length
26578
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Wed, 28 Apr 2021 21:48:08 GMT
server
nginx
etag
"6089d818-67d2"
content-type
application/javascript; charset=utf-8
via
1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront)
expires
Thu, 05 May 2022 15:25:30 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
yOp67TYYMnAJMlDSW3Ysi68LxhdPT13sCFKZBw2e5yKMC-D4TpdAOg==
x-cache-hits
0
sdk.js
connect.facebook.net/en_US/ Frame 61D3 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.a0ed109e21af94c55c513d7580d5773c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
157.240.236.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-frx5.fbcdn.net
Software
/
Resource Hash
949fd0ad4963742c2a0141cc2affe757d708568e9f00008d1a4a53caf5d0415f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=mrhackerco&t_i=mrhackerco-51279&t_u=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&t_e=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_d=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_t=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
50wqC0Grq40iSCNHHWINjA==
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1688
x-fb-rlafr
0
x-fb-debug
gaRSgSb95SJg5br+NfNMcQ1w6U7hMuBcMpous1fTbos4EEnbZ3MvNYbM8i7qFjbGNljYNHFid9CbxhKNyjyrqg==
x-fb-trip-id
917726464
x-fb-content-md5
cc165064b0021e2c01f8f721528a7f7d
x-frame-options
DENY
date
Wed, 29 Sep 2021 05:29:11 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"773ba9d20432e7f94c112e0322e9b4ae"
timing-allow-origin
*
priority
u=3,i
expires
Wed, 29 Sep 2021 05:32:24 GMT
api.js
apis.google.com/js/ Frame 61D3 		12 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/api.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.a0ed109e21af94c55c513d7580d5773c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.110 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f14.1e100.net
Software
ESF /
Resource Hash
cd6fc870cdb3257ef57d431bec0c36302f6ebf108508b90516aee9678f8be6be
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-VAlN7QYpb1SkEZ7KNyvPXg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=mrhackerco&t_i=mrhackerco-51279&t_u=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&t_e=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_d=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_t=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
x-ua-compatible
IE=edge, chrome=1
server
ESF
etag
"2166c10732b0739d47bb7146e4459365"
x-frame-options
SAMEORIGIN
report-to
{"group":"AZM8iraZH88pL4jQdjcWpuaSZEaZk6SzMEy_nItKJ7e9QFtt","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraZH88pL4jQdjcWpuaSZEaZk6SzMEy_nItKJ7e9QFtt"}]}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
content-security-policy
script-src 'report-sample' 'nonce-VAlN7QYpb1SkEZ7KNyvPXg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="AZM8iraZH88pL4jQdjcWpuaSZEaZk6SzMEy_nItKJ7e9QFtt"
expires
Wed, 29 Sep 2021 05:29:11 GMT
build.js
js.cabnnr.com/banner-admanager/ Frame 27F5 		43 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.cabnnr.com/banner-admanager/build.js
Requested by
Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.m.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.25 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
716fbed432779a3d7f8d44cf45511b4787a1b15c5841d204e01ed86a2f70f72c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fappinghd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:11 GMT
content-encoding
gzip
last-modified
Tue, 31 Aug 2021 13:11:24 GMT
server
nginx/1.18.0
etag
W/"612e2a7c-ada5"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Wed, 29 Sep 2021 06:29:11 GMT
cache-control
max-age=3600
x-proxy-cache
HIT
build.js
js.cabnnr.com/banner-admanager/ Frame 0E23 		43 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.cabnnr.com/banner-admanager/build.js
Requested by
Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.m.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.25 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
716fbed432779a3d7f8d44cf45511b4787a1b15c5841d204e01ed86a2f70f72c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fappinghd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:11 GMT
content-encoding
gzip
last-modified
Tue, 31 Aug 2021 13:11:24 GMT
server
nginx/1.18.0
etag
W/"612e2a7c-ada5"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Wed, 29 Sep 2021 06:29:11 GMT
cache-control
max-age=3600
x-proxy-cache
HIT
recommendations.eff219b98b7c4167b4b289065f36f391.css
c.disquscdn.com/next/recommendations/styles/ Frame 227D 		17 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/styles/recommendations.eff219b98b7c4167b4b289065f36f391.css
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.3599f83da3e37f2d8675b56e0b4f87a4.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-83.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
7964d033f829ae2809f61810c4efa9adf6aff915ded111a9c346bca2b1302b62
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 06 May 2021 10:11:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
12597476
x-cache
Hit from cloudfront
content-length
3748
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Wed, 28 Apr 2021 21:48:08 GMT
server
nginx
etag
"6089d818-ea4"
content-type
text/css; charset=utf-8
via
1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront)
expires
Fri, 06 May 2022 10:11:15 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
dh2xA7KDDAqqk5qg-YyVgxmWQ3yqKG6aGO8j-nLRhEel06Yv-PSOtA==
x-cache-hits
0
pixel.gif
cdn.viglink.com/images/ 		43 B
430 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.viglink.com/images/pixel.gif?ch=1&rn=4.807441627838721
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.160.13 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:11 GMT
cf-cache-status
HIT
last-modified
Tue, 10 Feb 2015 03:29:39 GMT
server
cloudflare
age
11
etag
"221d8352905f2c38b3cb2bd191d630b0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=15, must-revalidate
content-length
43
accept-ranges
bytes
cf-ray
6962cff5ad69c4db-DUS
x-amz-request-id
HT8J1EQ9Q5RMYV9Y
x-amz-id-2
mDLIYDMTSOt8CIGwf13XtR1FOEJNXlzjjgyOe8DlzpHEbia86mldHPOc9Lqjev7ZgyJrVC7HsLI=
pixel.gif
cdn.viglink.com/images/ 		43 B
102 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.viglink.com/images/pixel.gif?ch=2&rn=4.807441627838721
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.160.13 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:11 GMT
cf-cache-status
HIT
last-modified
Tue, 10 Feb 2015 03:29:39 GMT
server
cloudflare
age
11
etag
"221d8352905f2c38b3cb2bd191d630b0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=15, must-revalidate
content-length
43
accept-ranges
bytes
cf-ray
6962cff5ad6dc4db-DUS
x-amz-request-id
HT8J1EQ9Q5RMYV9Y
x-amz-id-2
mDLIYDMTSOt8CIGwf13XtR1FOEJNXlzjjgyOe8DlzpHEbia86mldHPOc9Lqjev7ZgyJrVC7HsLI=
build.js
js.cabnnr.com/banner-admanager/ Frame 9B41 		43 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.cabnnr.com/banner-admanager/build.js
Requested by
Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.m.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.25 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
716fbed432779a3d7f8d44cf45511b4787a1b15c5841d204e01ed86a2f70f72c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fappinghd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:11 GMT
content-encoding
gzip
last-modified
Tue, 31 Aug 2021 13:11:24 GMT
server
nginx/1.18.0
etag
W/"612e2a7c-ada5"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Wed, 29 Sep 2021 06:29:11 GMT
cache-control
max-age=3600
x-proxy-cache
HIT
recommendations.bundle.4e863665d1a7f5fe148423ae719c9df7.js
c.disquscdn.com/next/recommendations/ Frame 227D 		65 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/recommendations.bundle.4e863665d1a7f5fe148423ae719c9df7.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.3599f83da3e37f2d8675b56e0b4f87a4.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-83.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
f154ad0a779cdcbfe1cb4e5df7f12695b16ed0839247ae9622663c3859e20ec8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 02 Sep 2021 18:15:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2286796
x-cache
Hit from cloudfront
content-length
20099
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Thu, 02 Sep 2021 17:40:39 GMT
server
nginx
etag
"61310c97-4e83"
content-type
application/javascript; charset=utf-8
via
1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront)
expires
Fri, 02 Sep 2022 18:15:55 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
tS9gaww9lJGLwsnYsyIo-vOp1hU4ZHNefmisUyx43cXnBB41VdvAUA==
x-cache-hits
0
config.js
disqus.com/next/ Frame 227D 		12 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://disqus.com/next/config.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.3599f83da3e37f2d8675b56e0b4f87a4.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
a2ac7d27583731c7b8390949ca3884a647f16f7e499fef291bc73881ac4400b9
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/recommendations/?base=default&f=mrhackerco&t_i=mrhackerco-51279&t_u=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&t_e=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_d=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_t=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 29 Sep 2021 05:29:11 GMT
X-Content-Type-Options
nosniff
Content-Type
application/javascript; charset=UTF-8
Server
nginx
Age
20
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin
*
Cache-Control
public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
12058
X-XSS-Protection
1; mode=block
sdk.js
connect.facebook.net/en_US/ Frame 61D3 		269 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=24a5bb855eb830e9082562d5de268198
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.236.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-frx5.fbcdn.net
Software
/
Resource Hash
a474a8cbc88dcc5235e10c79292e916ee9e62db462ab931a725ef13e65130c93
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://disqus.com/embed/comments/?base=default&f=mrhackerco&t_i=mrhackerco-51279&t_u=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&t_e=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_d=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_t=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&s_o=default
Origin
https://disqus.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
fGMoZQjtXKPqUVDacqPSHQ==
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
77725
x-fb-rlafr
0
x-fb-debug
iv9cQ4QX3mum+K/zPgKXkfHKuLTmaqBCDBVlW+S0nIkhxPi6sLC0fDizwW8gq7k+nYdycufIMFPAufZ9yw/f3A==
x-fb-content-md5
fe634cf4a3236a6af17b007bc674c38c
x-frame-options
DENY
date
Wed, 29 Sep 2021 05:29:11 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"89174ec2b4cd2ede25b752a0008f0c79"
timing-allow-origin
*
priority
u=3,i
expires
Thu, 29 Sep 2022 05:02:33 GMT
build.js
js.cabnnr.com/banner-admanager/ Frame AE3C 		43 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.cabnnr.com/banner-admanager/build.js
Requested by
Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.m.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.25 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
716fbed432779a3d7f8d44cf45511b4787a1b15c5841d204e01ed86a2f70f72c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fappinghd.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:11 GMT
content-encoding
gzip
last-modified
Tue, 31 Aug 2021 13:11:24 GMT
server
nginx/1.18.0
etag
W/"612e2a7c-ada5"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Wed, 29 Sep 2021 06:29:11 GMT
cache-control
max-age=3600
x-proxy-cache
HIT
details
disqus.com/api/3.0/forums/ Frame 227D 		3 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://disqus.com/api/3.0/forums/details?forum=mrhackerco&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.3599f83da3e37f2d8675b56e0b4f87a4.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4d1e19ec512d63c76f67e817ed30ae50ae25af95cbffa205c85f283471eba1b9
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://disqus.com/recommendations/?base=default&f=mrhackerco&t_i=mrhackerco-51279&t_u=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&t_e=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_d=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_t=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 29 Sep 2021 05:29:11 GMT
X-Content-Type-Options
nosniff
Server
nginx
Age
0
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection
keep-alive
Content-Type
application/json
Vary
Origin, Cookie
Content-Length
3349
X-XSS-Protection
1; mode=block
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.yUoUa-d8e1E.O/m=auth2/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMxrycmnC1khz2ORddaX90UOzgNPA/ Frame 61D3 		103 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.yUoUa-d8e1E.O/m=auth2/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMxrycmnC1khz2ORddaX90UOzgNPA/cb=gapi.loaded_0
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/api.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.110 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f14.1e100.net
Software
sffe /
Resource Hash
51809bc55f512c21a3829627405dfec8796820392303908a9e011691de6f79f7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=mrhackerco&t_i=mrhackerco-51279&t_u=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&t_e=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_d=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_t=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 28 Sep 2021 19:26:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
36170
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34990
x-xss-protection
0
last-modified
Fri, 10 Sep 2021 23:24:10 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="social-frontend-mpm-access"
expires
Wed, 28 Sep 2022 19:26:21 GMT
status
www.facebook.com/x/oauth/ Frame 61D3 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/x/oauth/status?ancestor_origins=https%3A%2F%2Fmrhacker.co&client_id=52254943976&input_token&origin=1&redirect_uri=https%3A%2F%2Fdisqus.com%2Fembed%2Fcomments%2F%3Fbase%3Ddefault%26f%3Dmrhackerco%26t_i%3Dmrhackerco-51279%26t_u%3Dhttps%253A%252F%252Fmrhacker.co%252Fmalware%252Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems%26t_e%3DRussian%2520Turla%2520APT%2520Group%2520Deploying%2520New%2520Backdoor%2520on%2520Targeted%2520Systems%26t_d%3DRussian%2520Turla%2520APT%2520Group%2520Deploying%2520New%2520Backdoor%2520on%2520Targeted%2520Systems%26t_t%3DRussian%2520Turla%2520APT%2520Group%2520Deploying%2520New%2520Backdoor%2520on%2520Targeted%2520Systems%26s_o%3Ddefault%23version%3D33fd930adde1d4970f3f907d75eb8409&sdk=joey&wants_cookie_data=false
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.a0ed109e21af94c55c513d7580d5773c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
157.240.236.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-frx5.facebook.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
x-content-type-options
nosniff
content-security-policy-report-only
default-src 'self' data: blob: https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src connect.facebook.net static.xx.fbcdn.net 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net data:;connect-src wss://gateway.facebook.com wss://edge-chat.facebook.com *.facebook.com *.fbcdn.net wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ wss://*.whatsapp.com:* v.whatsapp.net *.fbsbx.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com;worker-src blob: *.facebook.com;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
0
x-fb-rlafr
0
pragma
no-cache
x-fb-debug
+lDXK/fvxEWogToOYIzUjk797HEAJZsxQEHLvfvjXpnmwwvfjVidkf7d4TFXT3cDaIfM5+7rq7PJUSe6fKZBGQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
fb-s
unknown
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 29 Sep 2021 05:29:11 GMT
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://disqus.com
access-control-expose-headers
fb-s
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
expires
Sat, 01 Jan 2000 00:00:00 GMT
listRecommendations.json
disqus.com/api/3.0/discovery/ Frame 227D 		6 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://disqus.com/api/3.0/discovery/listRecommendations.json?forum=mrhackerco&thread=ident%3Amrhackerco-51279&limit=8&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.3599f83da3e37f2d8675b56e0b4f87a4.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b9e1a882c53094365b04f77c9fb1a34eb6e68842cc1c39569b2628c71157e113
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://disqus.com/recommendations/?base=default&f=mrhackerco&t_i=mrhackerco-51279&t_u=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&t_e=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_d=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_t=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 29 Sep 2021 05:29:11 GMT
X-Content-Type-Options
nosniff
Server
nginx
Age
0
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cache-Control
stale-while-revalidate=450, public, max-age=1800
Connection
keep-alive
Content-Type
application/json
Vary
Origin
Content-Length
6128
X-XSS-Protection
1; mode=block
00394b71264946e5bf58746cefe5435f.html
tsyndicate.com/iframes2/ Frame 7B88
Redirect Chain
  • https://rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjoxNDk2LCJpZHpvbmUiOm51bGwsImFkX3RhZ3MiOiIiLCJsYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiNzE4NDA2NjgxIiw...
  • https://btds.zog.link/in/912/?sid=6166&source=718406681&idzone=&w=300&h=250&mo=&ve=&site_id=6166&utm1=&utm2=&utm3=&utm4=&ad_tags=&spot_id=6166&p=https%3A%2F%2Fadsxyz.com%2F&tds_labels={}
  • https://tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=718406681&categories={{ad_tags}}
8 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=718406681&categories={{ad_tags}}
Requested by
Host: js.cabnnr.com
URL: https://js.cabnnr.com/banner-admanager/build.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
94.130.164.161 Rheinstetten, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.161.164.130.94.clients.your-server.de
Software
nginx /
Resource Hash
4733f238ec3a12b30e5d920ea6486829a55c642ef23b13195284a47e6fcc77e9

Request headers

:method
GET
:authority
tsyndicate.com
:scheme
https
:path
/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=718406681&categories={{ad_tags}}
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://fappinghd.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://fappinghd.com/

Response headers

server
nginx
date
Wed, 29 Sep 2021 05:29:12 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding *
cache-control
no-cache, no-store, no-transform, must-revalidate no-transform
pragma
no-cache
expires
0
x-api-version
2
link
<https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
x-request-id
b2796f8651d11098
set-cookie
ts_uid=2ce790e9-f4cb-4269-88a0-6ab5e4b21604; expires=Tue, 29 Mar 2022 05:29:12 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
x-robots-tag
none noindex, nofollow
report-to
{ "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding
gzip

Redirect headers

server
nginx/1.17.2
date
Wed, 29 Sep 2021 05:29:11 GMT
content-type
text/html; charset=UTF-8
content-length
0
location
https://tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=718406681&categories={{ad_tags}}
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
vary
*
set-cookie
912.0=1; expires=Thu, 30 Sep 2021 05:29:11 GMT; path=/; secure; SameSite=None
/
rtbbnr.com/get/ Frame 6AF3 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjoxNDk2LCJpZHpvbmUiOm51bGwsImFkX3RhZ3MiOiIiLCJsYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiNzE4NDA2NjgxIiwic3BvdF9pZCI6NjE2Nn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjYxNjYiLCJwYWdlIjoiaHR0cHM6Ly9hZHN4eXouY29tLyJ9LCJkZXZpY2UiOnsidyI6MTYwMCwiaCI6MTIwMH0sInVzZXIiOnsiaWQiOiJmMTQ3NGJjYTRjNGMzNjUzZTY0NDNhMTBmMWRiYjFkNCJ9LCJleHQiOnsiZHQiOjE2MzI4OTMzNTE1MDJ9fQ==
Requested by
Host: js.cabnnr.com
URL: https://js.cabnnr.com/banner-admanager/build.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.55.139.130 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.130.139.55.162.clients.your-server.de
Software
nginx/1.16.0 /
Resource Hash
5fb819190480f377caafc83eb8a5f7963d95bbae69649c3001b75816ef9e9b90

Request headers

:method
GET
:authority
rtbbnr.com
:scheme
https
:path
/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjoxNDk2LCJpZHpvbmUiOm51bGwsImFkX3RhZ3MiOiIiLCJsYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiNzE4NDA2NjgxIiwic3BvdF9pZCI6NjE2Nn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjYxNjYiLCJwYWdlIjoiaHR0cHM6Ly9hZHN4eXouY29tLyJ9LCJkZXZpY2UiOnsidyI6MTYwMCwiaCI6MTIwMH0sInVzZXIiOnsiaWQiOiJmMTQ3NGJjYTRjNGMzNjUzZTY0NDNhMTBmMWRiYjFkNCJ9LCJleHQiOnsiZHQiOjE2MzI4OTMzNTE1MDJ9fQ==
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://fappinghd.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://fappinghd.com/

Response headers

server
nginx/1.16.0
date
Wed, 29 Sep 2021 05:29:11 GMT
content-type
text/html
vary
Origin
access-control-allow-origin
*
pragma
no-cache
cache-control
no-transform, no-cache, no-store, must-revalidate
content-encoding
gzip
ecaaabf53036409d9c39b44bec79a69d.html
tsyndicate.com/iframes2/ Frame D8D0
Redirect Chain
  • https://rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk1LCJzcGFjZWlkIjoxNDk1LCJpZHpvbmUiOm51bGwsImFkX3RhZ3MiOiIiLCJsYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiMTkwNzA3MDkzNiI...
  • https://btds.zog.link/in/912/?sid=6167&source=1907070936&idzone=&w=300&h=100&mo=&ve=&site_id=6167&utm1=&utm2=&utm3=&utm4=&ad_tags=&spot_id=6167&p=https%3A%2F%2Fadsxyz.com%2F&tds_labels={}
  • https://tsyndicate.com/iframes2/ecaaabf53036409d9c39b44bec79a69d.html?subid=1907070936&categories=
6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tsyndicate.com/iframes2/ecaaabf53036409d9c39b44bec79a69d.html?subid=1907070936&categories=
Requested by
Host: js.cabnnr.com
URL: https://js.cabnnr.com/banner-admanager/build.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
94.130.164.161 Rheinstetten, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.161.164.130.94.clients.your-server.de
Software
nginx /
Resource Hash
ca6b4ff24aa7b8641869bb4744a0e1bd0bc0247c962e05df4cb0cde2c61b98f8

Request headers

:method
GET
:authority
tsyndicate.com
:scheme
https
:path
/iframes2/ecaaabf53036409d9c39b44bec79a69d.html?subid=1907070936&categories=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://fappinghd.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://fappinghd.com/

Response headers

server
nginx
date
Wed, 29 Sep 2021 05:29:11 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding *
cache-control
no-cache, no-store, no-transform, must-revalidate no-transform
pragma
no-cache
expires
0
x-api-version
2
link
<https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
x-request-id
161265e5c5d04eda
set-cookie
ts_uid=7f6b01ae-3a3f-4382-9cd7-a3d4b92e8861; expires=Tue, 29 Mar 2022 05:29:11 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
x-robots-tag
none noindex, nofollow
report-to
{ "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding
gzip

Redirect headers

server
nginx/1.17.2
date
Wed, 29 Sep 2021 05:29:11 GMT
content-type
text/html; charset=UTF-8
content-length
0
location
https://tsyndicate.com/iframes2/ecaaabf53036409d9c39b44bec79a69d.html?subid=1907070936&categories=
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
vary
*
set-cookie
912.0=1; expires=Thu, 30 Sep 2021 05:29:11 GMT; path=/; secure; SameSite=None
iframe
accounts.google.com/o/oauth2/ Frame AEB5 		513 B
921 B 		Document
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/o/oauth2/iframe
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.yUoUa-d8e1E.O/m=auth2/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMxrycmnC1khz2ORddaX90UOzgNPA/cb=gapi.loaded_0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.141 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f13.1e100.net
Software
ESF /
Resource Hash
8282288043770e0f117c91af4dbf076e0d7bdff4338014570222118ad0d44a10
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-kYaiOtjJ5PHmnao5a9y1ZQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
accounts.google.com
:scheme
https
:path
/o/oauth2/iframe
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://disqus.com/embed/comments/?base=default&f=mrhackerco&t_i=mrhackerco-51279&t_u=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&t_e=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_d=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_t=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&s_o=default
accept-encoding
gzip, deflate, br
cookie
NID=511=NtnLl_r7ueBbJwdiH-HQIaZYPXNgJI0DCiDiYHE5spX7VLxcN6_7_RSq8Z9pMPB9pAJgOrWcr07pjOma73gib4L3NXnZjuyEJfeRyThjXu7HlvAmYP3D0FJgjAbgYY7yosHOykGj057d9_PiBi16oebQrB4g25d2ZHx_U90xG_8
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=mrhackerco&t_i=mrhackerco-51279&t_u=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&t_e=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_d=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_t=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&s_o=default

Response headers

content-type
text/html; charset=utf-8
cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Wed, 29 Sep 2021 05:29:11 GMT
content-language
en-US
content-security-policy
script-src 'report-sample' 'nonce-kYaiOtjJ5PHmnao5a9y1ZQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding
gzip
server
ESF
x-xss-protection
0
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ecaaabf53036409d9c39b44bec79a69d.html
tsyndicate.com/iframes2/ Frame AF97
Redirect Chain
  • https://rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk1LCJzcGFjZWlkIjoxNDk1LCJpZHpvbmUiOm51bGwsImFkX3RhZ3MiOiIiLCJsYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiMTkwNzA3MDkzNiI...
  • https://btds.zog.link/in/912/?sid=6167&source=1907070936&idzone=&w=300&h=100&mo=&ve=&site_id=6167&utm1=&utm2=&utm3=&utm4=&ad_tags=&spot_id=6167&p=https%3A%2F%2Fadsxyz.com%2F&tds_labels={}
  • https://tsyndicate.com/iframes2/ecaaabf53036409d9c39b44bec79a69d.html?subid=1907070936&categories=
6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tsyndicate.com/iframes2/ecaaabf53036409d9c39b44bec79a69d.html?subid=1907070936&categories=
Requested by
Host: js.cabnnr.com
URL: https://js.cabnnr.com/banner-admanager/build.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
94.130.164.161 Rheinstetten, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.161.164.130.94.clients.your-server.de
Software
nginx /
Resource Hash
795630a67e6d00e72b01172b0b9941769e885762b79862c657089eb506d5a61b

Request headers

:method
GET
:authority
tsyndicate.com
:scheme
https
:path
/iframes2/ecaaabf53036409d9c39b44bec79a69d.html?subid=1907070936&categories=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://fappinghd.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://fappinghd.com/

Response headers

server
nginx
date
Wed, 29 Sep 2021 05:29:11 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding *
cache-control
no-cache, no-store, no-transform, must-revalidate no-transform
pragma
no-cache
expires
0
x-api-version
2
link
<https://lcdn.tsyndicate.com/sdk/v1/b.b.js>; rel=preload; as=script
x-request-id
18e5a7474e0ca13b
set-cookie
ts_uid=d937415c-dc34-4ec0-b31f-bb5254d31a7e; expires=Tue, 29 Mar 2022 05:29:11 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
x-robots-tag
none noindex, nofollow
report-to
{ "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding
gzip

Redirect headers

server
nginx/1.17.2
date
Wed, 29 Sep 2021 05:29:11 GMT
content-type
text/html; charset=UTF-8
content-length
0
location
https://tsyndicate.com/iframes2/ecaaabf53036409d9c39b44bec79a69d.html?subid=1907070936&categories=
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
vary
*
set-cookie
912.0=1; expires=Thu, 30 Sep 2021 05:29:11 GMT; path=/; secure; SameSite=None
get
c.disquscdn.com/ Frame 227D 		32 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.disquscdn.com/get?url=https%3A%2F%2Fmrhacker.co%2Fwp-content%2Fuploads%2F2019%2F08%2Fremote-access-trojan.png&key=IidVFmgt_ZPrbq5XbCNarw&h=200
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-83.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
6ea5ae441130287eb5d58aebb3425bd80c9836d3c51e5e04e293cae2188b1bae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 13:42:01 GMT
via
1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront)
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
575230
x-edge-origin-shield-skipped
0
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-cache-hits
0
x-cache
Hit from cloudfront
content-length
32515
x-xss-protection
1; mode=block
x-served-by
static-web-1
server
nginx
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e0f9BVuzZShrFuCoivhr7Oj%2BgzpPyxXbmR0FqMo5gHjS2LK6B%2Bn4thnNGbXtnCNNMxD2smM8C6L6Sz7QdPNd%2BJTTfpADPWlELq2AxUrEA1kiGyuFEg3ubTOOEvt%2Bmg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=2592000
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
x-amz-cf-id
tMMCC-JAT5nz8G8t61C-sWAix3Yz2tjP80QlZeO6mkRFAR-jpJO4Jw==
expires
Fri, 22 Oct 2021 13:42:01 GMT
get
c.disquscdn.com/ Frame 227D 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.disquscdn.com/get?url=https%3A%2F%2Fmrhacker.co%2Fwp-content%2Fuploads%2F2019%2F08%2Fatm2bmalware.jpg&key=RW9S4XLIDRfebY7mlx4nnQ&h=200
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-83.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
189f9e055dd25823d14b06678036d41865d143d8ca4813fe97c08db4eb21e851
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 05 Sep 2021 15:50:08 GMT
via
1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront)
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2037672
x-cache
Hit from cloudfront
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-cache-hits
0
content-length
10800
x-xss-protection
1; mode=block
x-served-by
static-web-2
server
nginx
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R8gVY8DpfKVuKpAPG9RslRrisEbfxlXquER9kG%2BQR%2BAY8rW9eiyQmQ4nSLXf%2BuV4QDuYDmBVgkxEGEqP7hHsp0%2B6PkhmSLMpAPAIoeCMuAxP11I6k2f9IBTWg5pXuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=2592000
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
x-amz-cf-id
0g89VCaVL-gCGGhdtJQ3CQKqYvPDzkfBjG7Ot10jkNnLFlE_CSPdFg==
expires
Tue, 05 Oct 2021 15:50:08 GMT
get
c.disquscdn.com/ Frame 227D 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.disquscdn.com/get?url=https%3A%2F%2Fmrhacker.co%2Fwp-content%2Fuploads%2F2019%2F10%2Fnordvpn-server-was-hacked.jpg&key=d49R8v6RMTrdU6oMr2_OJg&h=200
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-83.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
fb81d4108d1a485047b260bd9736c2c8ef105b1f56ead03c7d7f2a8811b3a6bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 01:20:36 GMT
via
1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront)
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1051715
x-cache
Hit from cloudfront
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-cache-hits
0
content-length
3532
x-xss-protection
1; mode=block
x-served-by
static-web-1
server
nginx
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xnptoRh%2BInjBHcsjS87dUamJpanl%2BJ4XGv23K3zUM%2BVV9Jsw4Wd4KM7EQfzUyEnZ04SZbEFsIX4l6IU1RYQd6FF20gUz7K8TcmuVUvWmonqM5Mf4fLue1Py34JoRXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=2592000
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
x-amz-cf-id
KN_Vblu58-mpGWl7jBnbUvYwtERTRIuUA9gZfERkJjKI7wAvs4ms7w==
expires
Sun, 17 Oct 2021 01:20:36 GMT
get
c.disquscdn.com/ Frame 227D 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.disquscdn.com/get?url=https%3A%2F%2Fmrhacker.co%2Fwp-content%2Fuploads%2F2020%2F04%2Fhow-to-get-windows-10-2004-release-preview.jpg&key=VkcfeckCrYChI1IL-3gBzQ&h=200
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-83.fra2.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers
get
c.disquscdn.com/ Frame 227D 		20 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.disquscdn.com/get?url=https%3A%2F%2Fmrhacker.co%2Fwp-content%2Fuploads%2F2019%2F08%2Fzameen-com-hacked.jpg&key=eE1u6TVhx6ZRYzTOq33RaQ&h=200
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-83.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
d14249854f89bfc3d438d887833ac7ec8f86f7070a683454e325d3b54810ce11
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 01:20:35 GMT
via
1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront)
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1051716
x-cache
Hit from cloudfront
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-cache-hits
0
content-length
20678
x-xss-protection
1; mode=block
x-served-by
static-web-1
server
nginx
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0vQabjMqYbfta5ri2Pq8a%2B%2B%2BSZyzCVKNocGeke%2FEwI1i2PeGL6VDHmlKSlzhollit%2BaRXKcH2oZmFlHzzC5DnE90t1PmpQH%2FDBy47YAnSdfLtDu73CZlFxugG5cleQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=2592000
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
x-amz-cf-id
KU1wMzezvlnoNfcYbSZ3bbbPA6sX_GB-Nubq59aOS8GO7PYf7b01Ig==
expires
Sun, 17 Oct 2021 01:20:35 GMT
get
c.disquscdn.com/ Frame 227D 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.disquscdn.com/get?url=https%3A%2F%2Fmrhacker.co%2Fwp-content%2Fuploads%2F2019%2F10%2Fnginx-php-fpm-hacking-exploit.jpg&key=FmmPpxDtKf3-7Od2A_FxeQ&h=200
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-83.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
a68091c3a89ef3d42bdf172776721fade92cbc1bf09821205f1a2370a3f7c3a9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 17 Sep 2021 00:29:20 GMT
via
1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront)
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1054791
x-cache
Hit from cloudfront
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-cache-hits
0
content-length
11150
x-xss-protection
1; mode=block
x-served-by
static-web-2
server
nginx
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=idBX%2FhOclGd5GPQeuZi%2Bn0HJ8%2F%2FIEp9nn3Om95p3wUwcmjcyLQwtQCRK8%2F75BvWB03p6dBqqqSsOIkZrrYQPytnkTSN22qo8dKbA9%2Fdw7MkmyYZVJmz8D9zr%2FE5LUw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=2592000
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
x-amz-cf-id
8WZkdyg2To815JPr_55GmUv8eoeXBJKS2KvvLhHN_c9cKWeUqUi9qw==
expires
Sun, 17 Oct 2021 00:29:20 GMT
1751795023-idpiframe.js
ssl.gstatic.com/accounts/o/ Frame AEB5 		115 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.gstatic.com/accounts/o/1751795023-idpiframe.js
Requested by
Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/iframe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f3.1e100.net
Software
sffe /
Resource Hash
387e8b5019922c28cdc230b2cb4eb495b498aa0457bba42eb16d690e36773942
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 28 Sep 2021 15:29:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
50383
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40255
x-xss-protection
0
last-modified
Fri, 17 Sep 2021 04:14:11 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="federated-signon-mpm-access"
expires
Wed, 28 Sep 2022 15:29:28 GMT
480x360.jpg
lcdn.tsyndicate.com/images/3/7/ca7655b47673da6dbfdf2eaa89f96c535dd7bd/ Frame 6AF3
Redirect Chain
  • https://rtbbnr.com/banner/in/show/?mid=1453037432&pid=0&site=6166&sc=DE&subid=718406681&sid=0&cid=10920&price=0&is_cpm=1&cpm=0.0085&ecpm=0.00782&crid=&crtid=eee8f4c3bd8bcaad7852bacce0aa9408&tcid=0&...
  • https://lcdn.tsyndicate.com/images/3/7/ca7655b47673da6dbfdf2eaa89f96c535dd7bd/480x360.jpg
11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lcdn.tsyndicate.com/images/3/7/ca7655b47673da6dbfdf2eaa89f96c535dd7bd/480x360.jpg
Requested by
Host: rtbbnr.com
URL: https://rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjoxNDk2LCJpZHpvbmUiOm51bGwsImFkX3RhZ3MiOiIiLCJsYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiNzE4NDA2NjgxIiwic3BvdF9pZCI6NjE2Nn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjYxNjYiLCJwYWdlIjoiaHR0cHM6Ly9hZHN4eXouY29tLyJ9LCJkZXZpY2UiOnsidyI6MTYwMCwiaCI6MTIwMH0sInVzZXIiOnsiaWQiOiJmMTQ3NGJjYTRjNGMzNjUzZTY0NDNhMTBmMWRiYjFkNCJ9LCJleHQiOnsiZHQiOjE2MzI4OTMzNTE1MDJ9fQ==
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.27.233.249 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software
nginx /
Resource Hash
38602ce85e992baf3c0146bc94d7494ac31ebb9bb17b655edcd062b268b8137f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjoxNDk2LCJpZHpvbmUiOm51bGwsImFkX3RhZ3MiOiIiLCJsYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiNzE4NDA2NjgxIiwic3BvdF9pZCI6NjE2Nn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjYxNjYiLCJwYWdlIjoiaHR0cHM6Ly9hZHN4eXouY29tLyJ9LCJkZXZpY2UiOnsidyI6MTYwMCwiaCI6MTIwMH0sInVzZXIiOnsiaWQiOiJmMTQ3NGJjYTRjNGMzNjUzZTY0NDNhMTBmMWRiYjFkNCJ9LCJleHQiOnsiZHQiOjE2MzI4OTMzNTE1MDJ9fQ==
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:11 GMT
content-encoding
gzip
last-modified
Tue, 13 Oct 2020 14:39:04 GMT
server
nginx
age
16807041
etag
W/"5f85bc08-2afd"
vary
Accept-Encoding
content-type
image/jpeg
x-robots-tag
noindex, nofollow

Redirect headers

pragma
no-cache
date
Wed, 29 Sep 2021 05:29:11 GMT
server
nginx/1.16.0
access-control-allow-origin
*
vary
Origin
location
https://lcdn.tsyndicate.com/images/3/7/ca7655b47673da6dbfdf2eaa89f96c535dd7bd/480x360.jpg
cache-control
no-transform, no-cache, no-store, must-revalidate
content-length
0
p.gif
pxl.tsyndicate.com/api/v1/p/ Frame 6AF3 		35 B
133 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pxl.tsyndicate.com/api/v1/p/p.gif?p=e0SEGUNHhI4YLETQOXNQhJgwNG7QsBFjRgscYcyUaSGxIsaJOFrAiBGGTBgbM8zQoFHjhgiFc8SkITPn4BYRN2LgoAHDhg0cMUR0UTjGjU0dOVoqDFNnjMMYLWfAmDFxhgyYD2k6TEOnTJsvQpmSsXMwBgwcM2oohFNHzMEaamUwhQPnoIwYOSrGhGNQxwyeU2XAUFgGD50vc_o6NKnnjZsyYWnozTqmjd2_MW7IWDqQjJmDNuY-dOPmrowbOmXgUNjGTUMdNPImFAHHNWzNMHwqrCOHzd0aNm7YoMgbqw4RaOjQgTNHx4sXdOSMWeMijRszb16Y0WhDjJkYYlqIyUEmRkcYnFvkgCHmfIyKZm7MyIEjx4yoP8iUsZNmTGQ68oCjjB6gGIKLOnSTwYY35ujhiuvIeOOOOUA4C0EFvZNjwjnKkKOHIdDYsI0yMEzPhjHCkEOONDzswcQFU7wsjDTOcOMLmnrAb7OWYLRhjq4iQ6NBOnqgY4466mIjD7z0isGFMd5ow8fs5GgjjCLdwDINO0pM8ESTFHsDMS1J7MGJLbv00aQegiBihi-0pINLjsR4zI08fFyjjDzueEOOml78MkYie4DBBZJ8HIMN_9bIsY41yDiiCBrkaEEKGY5AYoogjmBOjRyKsOKOIIJYgo0mShWCijfcjEMNPUqVVVUnxsghiCGW-GKIWd20gwo30pAjKwnbYKwmPPLQA0opK8PyJvyIqm06sziCYS0R3oCDWoSsxfa7gw7VDdsxbPti26d0EBctbOWwA7MYsC2jXGPVRZS2OupIwyHwJKJBjBRpGEPgGWyIqwziaJghjLPAI0MM98igIas0MBMBLxtcsOjJGDp2YbWs6gjDoSbe0CMNNtgI44UaEAUBBQjdkJBCEJygwkJxdwAhZuJ0xoO4FEAIQskyrihDjCW6YrkqFwp-eQkkqGiCCRZAYHRPEI6Yd403gg5xxDJeuA9RF1pKzYWUQJhCIxXTWPqGpm2oLF0RiCgiqz-_GINuu7Nig--7FdrPji_kKOM3hFyqIV6edFNIDhsPymEiwfn7QoxhdWBNhMG_aOMNMu4KigbBNzRLoQYPIn3aN5K9S_A8TNNBujrKeLwM0JBTjjnnoAsz2WWjbOOFrOZw16EN6cDyzxbqCJaOkVomY4yXBKd7vy-mr36heuG7yr4Z1KKNjjaO8361-8SvYcGxCi9DsS-eRSgl9MNfnCkx_OIc96bYMIitv4WrKLYhnBy29Aaz9EEBAQE%3D&r=1&s=b16b7f813b253d18711dbc6fbe2ec970fa3a83367c6737228050b2f5c1771dec1632893351&w=t
Requested by
Host: rtbbnr.com
URL: https://rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjoxNDk2LCJpZHpvbmUiOm51bGwsImFkX3RhZ3MiOiIiLCJsYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiNzE4NDA2NjgxIiwic3BvdF9pZCI6NjE2Nn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjYxNjYiLCJwYWdlIjoiaHR0cHM6Ly9hZHN4eXouY29tLyJ9LCJkZXZpY2UiOnsidyI6MTYwMCwiaCI6MTIwMH0sInVzZXIiOnsiaWQiOiJmMTQ3NGJjYTRjNGMzNjUzZTY0NDNhMTBmMWRiYjFkNCJ9LCJleHQiOnsiZHQiOjE2MzI4OTMzNTE1MDJ9fQ==
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
136.243.80.153 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.153.80.243.136.clients.your-server.de
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjoxNDk2LCJpZHpvbmUiOm51bGwsImFkX3RhZ3MiOiIiLCJsYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiNzE4NDA2NjgxIiwic3BvdF9pZCI6NjE2Nn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjYxNjYiLCJwYWdlIjoiaHR0cHM6Ly9hZHN4eXouY29tLyJ9LCJkZXZpY2UiOnsidyI6MTYwMCwiaCI6MTIwMH0sInVzZXIiOnsiaWQiOiJmMTQ3NGJjYTRjNGMzNjUzZTY0NDNhMTBmMWRiYjFkNCJ9LCJleHQiOnsiZHQiOjE2MzI4OTMzNTE1MDJ9fQ==
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:11 GMT
server
nginx
x-robots-tag
noindex, nofollow
content-length
35
content-type
image/gif; charset=utf-8
iframerpc
accounts.google.com/o/oauth2/ Frame AEB5 		14 B
58 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/o/oauth2/iframerpc?action=checkOrigin&origin=https%3A%2F%2Fdisqus.com&client_id=508198334196-bgmagrg0a2rub674g0shidj8fnd50dji.apps.googleusercontent.com
Requested by
Host: ssl.gstatic.com
URL: https://ssl.gstatic.com/accounts/o/1751795023-idpiframe.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.141 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f13.1e100.net
Software
ESF /
Resource Hash
8daf09a6fc31937457dd77e9c25ce4b21349d605b561a8c5d557841bf964c9a0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://accounts.google.com/o/oauth2/iframe
X-Requested-With
XmlHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
content-type
application/json; charset=utf-8
cache-control
public, max-age=3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
expires
Wed, 29 Sep 2021 06:29:11 GMT
ping
links.services.disqus.com/api/ 		316 B
745 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://links.services.disqus.com/api/ping
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.196.64 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
46997ea7053f258497fc6c7f6f6cc27e95f2c6fcc0d71ce40e2d4b09d3c41229

Request headers

Referer
https://mrhacker.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Wed, 29 Sep 2021 05:29:11 GMT
Server
Apache-Coyote/1.1
P3P
CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin
https://mrhacker.co
Cache-Control
no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/javascript;charset=UTF-8
Content-Length
316
Expires
Thu, 01 Jan 1970 00:00:00 GMT
b.b.js
lcdn.tsyndicate.com/sdk/v1/ Frame AF97 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lcdn.tsyndicate.com/sdk/v1/b.b.js
Requested by
Host: adsxyz.com
URL: https://adsxyz.com/sponsors/linkxyz/index.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.27.233.249 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software
nginx /
Resource Hash
cece7c5413247ee86d32c4fcfa2ff0440955b192c3f44cfc469a6094ea4b39f2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tsyndicate.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:11 GMT
content-encoding
gzip
last-modified
Wed, 14 Jul 2021 13:43:18 GMT
server
nginx
age
6393590
etag
W/"60eee9f6-1e8b"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
x-robots-tag
noindex, nofollow
content-length
2819
b.b.js
lcdn.tsyndicate.com/sdk/v1/ Frame D8D0 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lcdn.tsyndicate.com/sdk/v1/b.b.js
Requested by
Host: adsxyz.com
URL: https://adsxyz.com/sponsors/linkxyz/index.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.27.233.249 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software
nginx /
Resource Hash
cece7c5413247ee86d32c4fcfa2ff0440955b192c3f44cfc469a6094ea4b39f2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tsyndicate.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:11 GMT
content-encoding
gzip
last-modified
Wed, 14 Jul 2021 13:43:18 GMT
server
nginx
age
6393590
etag
W/"60eee9f6-1e8b"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
x-robots-tag
noindex, nofollow
content-length
2819
Cookie set 10010242
a.adtng.com/get/ Frame F33B 		20 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://a.adtng.com/get/10010242?time=1592492288727&atc=265283&apb=dbg_ToUtSX-ci0o7z1OORgAAGzIAAAURADlk2wAAAAAABAxDAB0JwgAAAAJnTngk
Requested by
Host: tsyndicate.com
URL: https://tsyndicate.com/iframes2/ecaaabf53036409d9c39b44bec79a69d.html?subid=1907070936&categories=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.18.168.166 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software
openresty /
Resource Hash
6ec96ff2d718b49c1d890f2e22b8bdb653a55a13d0878efb56b44d4f571303a6

Request headers

Host
a.adtng.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://tsyndicate.com/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://tsyndicate.com/

Response headers

Server
openresty
Date
Wed, 29 Sep 2021 05:29:11 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
GET
Access-Control-Allow-Headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
Set-Cookie
adtool_guid=Ch5KBmFT+acVmFWbvf17Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/; Secure; HTTPOnly; SameSite=None; RNLBSERVERID=ded6974; path=/; HttpOnly; Secure; SameSite=None
Content-Encoding
gzip
/
glitter.services.disqus.com/urls/ Frame 61D3 		708 B
862 B 		Script
General
Check archive.org
Download Go to
Full URL
https://glitter.services.disqus.com/urls/?callback=dsqGlitterResponseHandler&forum_shortname=mrhackerco&thread_id=7980492607&referer=
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.a0ed109e21af94c55c513d7580d5773c.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.64 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
c2fdc3b13928223d29af3f7bd80b57d2bd680a8b229ce5948eadcf8fa5ccef42
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=mrhackerco&t_i=mrhackerco-51279&t_u=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&t_e=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_d=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_t=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 29 Sep 2021 05:29:12 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
openresty
X-Frame-Options
DENY
Connection
keep-alive
Content-Type
application/javascript
Cache-Control
no-cache
transfer-encoding
chunked
X-Service
glitter
Content-Disposition
attachment; filename=f.txt
Strict-Transport-Security
max-age=300; includeSubdomains
Vary
Accept-Encoding, Cookie
noavatar92.png
a.disquscdn.com/1631826434/images/ Frame 61D3 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.disquscdn.com/1631826434/images/noavatar92.png
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.96662f29a1f56adcd7ebcd257a3eed8e.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=mrhackerco&t_i=mrhackerco-51279&t_u=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&t_e=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_d=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_t=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:11 GMT
x-content-type-options
nosniff
last-modified
Fri, 26 Feb 2021 20:50:09 GMT
server
nginx
age
1006449
etag
"60395f01-66c"
strict-transport-security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-xss-protection
1; mode=block
cache-control
max-age=2592000
x-amz-cf-pop
FRA56-C2
content-type
image/png
content-length
1644
x-amz-cf-id
ae8w-uPgwsEVtGRKicDs3hMl_c3U1sdmHCDVijA98QpEHqPpKSRWcQ==
expires
Sun, 17 Oct 2021 13:55:02 GMT
sync.gif
links.services.disqus.com/api/ 		43 B
375 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://links.services.disqus.com/api/sync.gif?key=cfdfcf52dffd0a702a61bad27507376d
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.196.64 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 29 Sep 2021 05:29:11 GMT
Server
Apache-Coyote/1.1
P3P
CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Cache-Control
no-cache, no-store
Connection
keep-alive
Content-Type
image/gif;charset=UTF-8
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
domains
links.services.disqus.com/api/ 		100 B
529 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://links.services.disqus.com/api/domains
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.196.64 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
0f605d8e48293fdf87270a216e34ef23fc68c77cef6455f5f54cf833666f85ff

Request headers

Referer
https://mrhacker.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Wed, 29 Sep 2021 05:29:11 GMT
Server
Apache-Coyote/1.1
P3P
CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin
https://mrhacker.co
Cache-Control
no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/javascript;charset=UTF-8
Content-Length
100
Expires
Thu, 01 Jan 1970 00:00:00 GMT
event.gif
referrer.disqus.com/juggler/ Frame 61D3 		43 B
295 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://referrer.disqus.com/juggler/event.gif?abe=1&embed_hidden=1&load_time=1004&event=init_embed&thread=7980492607&forum=mrhackerco&forum_id=5865020&imp=2krc4i2ig5b9j&prev_imp&thread_slug=cisa_warns_patched_pulse_secure_vpns_could_still_expose_organizations_to_hackers&user_type=anon&referrer=https%3A%2F%2Fmrhacker.co%2F&theme=next&dnt=0&tracking_enabled=1&experiment=network_default&variant=fallthrough&service=dynamic&promoted_enabled=true&max_enabled=true
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.196.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=mrhackerco&t_i=mrhackerco-51279&t_u=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&t_e=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_d=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_t=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 29 Sep 2021 05:29:12 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
nginx
Content-Type
image/gif
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
Cookie set 10010242
a.adtng.com/get/ Frame DD1E 		20 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://a.adtng.com/get/10010242?time=1592492288727&atc=265283&apb=tUR5OAaGRkuEWUvSod_x-wAAGzIAAAURADlk2wAAAAAABAxDAB0JwgAAAAJaLGzb
Requested by
Host: tsyndicate.com
URL: https://tsyndicate.com/iframes2/ecaaabf53036409d9c39b44bec79a69d.html?subid=1907070936&categories=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.18.168.166 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software
openresty /
Resource Hash
5b0f707e979fbde0b3f0ba9b1bc96b9187b90388518d42367a80604564c42ff8

Request headers

Host
a.adtng.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://tsyndicate.com/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://tsyndicate.com/

Response headers

Server
openresty
Date
Wed, 29 Sep 2021 05:29:11 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
GET
Access-Control-Allow-Headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
Set-Cookie
adtool_guid=Ch5KJmFT+afCKludmV58Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/; Secure; HTTPOnly; SameSite=None; RNLBSERVERID=ded6742; path=/; HttpOnly; Secure; SameSite=None
Content-Encoding
gzip
vortex-simple-1.0.0.js
hw-cdn2.adtng.com/delivery/vortex/ Frame DD1E 		5 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hw-cdn2.adtng.com/delivery/vortex/vortex-simple-1.0.0.js
Requested by
Host: a.adtng.com
URL: https://a.adtng.com/get/10010242?time=1592492288727&atc=265283&apb=tUR5OAaGRkuEWUvSod_x-wAAGzIAAAURADlk2wAAAAAABAxDAB0JwgAAAAJaLGzb
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
209.197.3.25 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
vip0x019.map2.ssl.hwcdn.net
Software
/
Resource Hash
6f0e50ac39121175ca0427c4e87cdfa2520b526c8497e23cffbca726eb6ca42c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://a.adtng.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 29 Sep 2021 05:29:12 GMT
Last-Modified
Fri, 02 Nov 2018 14:17:11 GMT
ETag
"1541168231"
X-HW
1632893352.dop252.am5.t,1632893352.cds144.am5.shn,1632893352.cds144.am5.c
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=10441471
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
5027
991898_logo.png
ht-cdn2.adtng.com/a7/creatives/2/61/811953/991898/ Frame DD1E 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ht-cdn2.adtng.com/a7/creatives/2/61/811953/991898/991898_logo.png
Requested by
Host: a.adtng.com
URL: https://a.adtng.com/get/10010242?time=1592492288727&atc=265283&apb=tUR5OAaGRkuEWUvSod_x-wAAGzIAAAURADlk2wAAAAAABAxDAB0JwgAAAAJaLGzb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.254.122.21 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software
/
Resource Hash
59850f83e6e3d914ef8645af6ae30b3302993ed4b6664a429fa2a5837457c276

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://a.adtng.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:12 GMT
last-modified
Wed, 24 Mar 2021 17:18:52 GMT
etag
"2b2bff846-108f-5be4b7e291700"
content-type
image/png
cache-control
max-age=10717057
x-cdn-diag
fra1-11028-2-23675-h-0-0---;11028-6-1313----0-0-0
accept-ranges
bytes
content-length
4239
expires
Sun, 30 Jan 2022 16:55:10 GMT
vortex-simple-1.0.0.js
hw-cdn2.adtng.com/delivery/vortex/ Frame F33B 		5 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hw-cdn2.adtng.com/delivery/vortex/vortex-simple-1.0.0.js
Requested by
Host: a.adtng.com
URL: https://a.adtng.com/get/10010242?time=1592492288727&atc=265283&apb=dbg_ToUtSX-ci0o7z1OORgAAGzIAAAURADlk2wAAAAAABAxDAB0JwgAAAAJnTngk
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
209.197.3.25 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
vip0x019.map2.ssl.hwcdn.net
Software
/
Resource Hash
6f0e50ac39121175ca0427c4e87cdfa2520b526c8497e23cffbca726eb6ca42c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://a.adtng.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 29 Sep 2021 05:29:12 GMT
Last-Modified
Fri, 02 Nov 2018 14:17:11 GMT
ETag
"1541168231"
X-HW
1632893352.dop246.am5.t,1632893352.cds111.am5.shn,1632893352.cds111.am5.c
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=10530671
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
5027
1007562_logo.png
vz-cdn2.adtng.com/a7/creatives/1/1322/813032/1007562/ Frame F33B 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://vz-cdn2.adtng.com/a7/creatives/1/1322/813032/1007562/1007562_logo.png
Requested by
Host: a.adtng.com
URL: https://a.adtng.com/get/10010242?time=1592492288727&atc=265283&apb=dbg_ToUtSX-ci0o7z1OORgAAGzIAAAURADlk2wAAAAAABAxDAB0JwgAAAAJnTngk
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.21.187 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FE0) /
Resource Hash
6cce250309d4470b025877494a01253e1d9d8da32fa5fc96ca2ce63683b2a084

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://a.adtng.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:12 GMT
last-modified
Fri, 10 Sep 2021 19:49:21 GMT
server
ECAcc (frc/8FE0)
age
1332828
etag
"2c134179b-1060-5cba9695a7240"
x-cache
HIT
content-type
image/png
cache-control
max-age=10563744
accept-ranges
bytes
content-length
4192
expires
Sat, 29 Jan 2022 11:51:36 GMT
43403-1623090191-0554495001623090191.gif
i.jads.co/network/user500/ Frame 1559 		300 KB
301 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.jads.co/network/user500/43403-1623090191-0554495001623090191.gif
Requested by
Host: poweredby.jads.co
URL: https://poweredby.jads.co/adshow.php?adzone=929967
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.16.175.10 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
hwcdn.net
Software
/
Resource Hash
20a62908760bc8ca0f8fc175051c9ee4d2f727e56fe2a18efafa8b96f6285822

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://poweredby.jads.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:12 GMT
last-modified
Mon, 07 Jun 2021 18:23:11 GMT
etag
"1623090191"
x-hw
1632893352.dop213.am5.t,1632893352.cds282.am5.hn,1632893352.cds109.am5.c
content-type
image/gif
cache-control
max-age=21786903
accept-ranges
bytes
content-length
307495
b.b.js
lcdn.tsyndicate.com/sdk/v1/ Frame 7B88 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lcdn.tsyndicate.com/sdk/v1/b.b.js
Requested by
Host: adsxyz.com
URL: https://adsxyz.com/sponsors/linkxyz/index.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.27.233.249 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software
nginx /
Resource Hash
cece7c5413247ee86d32c4fcfa2ff0440955b192c3f44cfc469a6094ea4b39f2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tsyndicate.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:12 GMT
content-encoding
gzip
last-modified
Wed, 14 Jul 2021 13:43:18 GMT
server
nginx
age
6393591
etag
W/"60eee9f6-1e8b"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
x-robots-tag
noindex, nofollow
content-length
2819
main.jpg
lcdn.tsyndicate.com/images/1/4/4e5eb778d64f6d77d6c3ebeb908dfff874bbf7/ Frame 7B88 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lcdn.tsyndicate.com/images/1/4/4e5eb778d64f6d77d6c3ebeb908dfff874bbf7/main.jpg
Requested by
Host: tsyndicate.com
URL: https://tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=718406681&categories={{ad_tags}}
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.27.233.249 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software
nginx /
Resource Hash
b58f939c74692c7858da571c9f7c1a9e1c2cfa367082ab49f7a4b1e0a0687927

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tsyndicate.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:12 GMT
content-encoding
gzip
last-modified
Tue, 28 Sep 2021 08:19:21 GMT
server
nginx
age
68725
etag
W/"6152d009-3709"
vary
Accept-Encoding
content-type
image/jpeg
x-robots-tag
noindex, nofollow
main.mp4
ip174213059.ahcdn.com/key=kSOl5diF0J+HbDTujkTzaQ,s=,,end=1632896952/state=YVP52INv/reftag=093898225/origin=152108259/images/1/4/4e5eb778d64f6d77d6c3ebeb908dfff874bbf7/ Frame 7B88
Redirect Chain
  • https://vcdn.tsyndicate.com/images/1/4/4e5eb778d64f6d77d6c3ebeb908dfff874bbf7/main.mp4
  • https://ip174213059.ahcdn.com/key=kSOl5diF0J+HbDTujkTzaQ,s=,,end=1632896952/state=YVP52INv/reftag=093898225/origin=152108259/images/1/4/4e5eb778d64f6d77d6c3ebeb908dfff874bbf7/main.mp4
41 KB
42 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://ip174213059.ahcdn.com/key=kSOl5diF0J+HbDTujkTzaQ,s=,,end=1632896952/state=YVP52INv/reftag=093898225/origin=152108259/images/1/4/4e5eb778d64f6d77d6c3ebeb908dfff874bbf7/main.mp4
Requested by
Host: tsyndicate.com
URL: https://tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=718406681&categories={{ad_tags}}
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.114.135.65 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
7beda80735407df2086e0c1fbce5bb295add72c571d0756f2a151c9fcc2a54c5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tsyndicate.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:12 GMT
last-modified
Tue, 28 Sep 2021 08:19:21 GMT
server
nginx/1.18.0
age
68734
etag
"6152d009-a5ba"
vary
Accept-Encoding
content-type
video/mp4
Content-Range
bytes 0-42425/42426
cache-control
max-age=7200, private
x-robots-tag
noindex, nofollow
access-control-allow-origin
*
Content-Length
42426
expires
Wed, 29 Sep 2021 07:29:12 GMT

Redirect headers

location
https://ip174213059.ahcdn.com/key=kSOl5diF0J+HbDTujkTzaQ,s=,,end=1632896952/state=YVP52INv/reftag=093898225/origin=152108259/images/1/4/4e5eb778d64f6d77d6c3ebeb908dfff874bbf7/main.mp4
date
Wed, 29 Sep 2021 05:29:12 GMT
cache-control
private, max-age=300
server
nginx/1.18.0
access-control-allow-origin
*
content-length
0
expires
Wed, 29 Sep 2021 05:34:12 GMT
/
chaturbate.com/tours/3/ Frame 5E90
Redirect Chain
  • https://chaturbate.com/in/?track=xdultchannel&tour=x1Rd&campaign=NcAyU&c=1&p=0&gender=f
  • https://chaturbate.com/tours/3/?c=1&campaign=NcAyU&gender=f&disable_sound=0&p=0&tour=x1Rd
33 KB
16 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://chaturbate.com/tours/3/?c=1&campaign=NcAyU&gender=f&disable_sound=0&p=0&tour=x1Rd
Requested by
Host: poweredby.jads.co
URL: https://poweredby.jads.co/adshow.php?adzone=929956
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.100.40 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e794ba451770824495229c5bf88993a892e0eb06a33e666fc31365d7c4e37e71
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://cdn.exoticads.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com ; connect-src 'self' blob: blob https://*.mmcdn.com https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://txn.apac.paywithpoli.com https://player.vimeo.com; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://wnu.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce

Request headers

:method
GET
:authority
chaturbate.com
:scheme
https
:path
/tours/3/?c=1&campaign=NcAyU&gender=f&disable_sound=0&p=0&tour=x1Rd
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://poweredby.jads.co/
accept-encoding
gzip, deflate, br
cookie
affkey="eJwdjEsOQDAQhq8isxZVK7FzAQuJA4xOxas0NaIi7i5j9/3PBzgsUCUQ6VzZjLhtdoU0ARwGsR3GGJ2lCYtclxJ4sQstGARHZn9USvn9ssFSf2cz0pGZXUmF/2/dkgjj/nFj6ruD9wP6OiP9"; sbr="sec:sbr7ca273b0-d60b-45fc-9954-b254c7f0565d:1mVS9Y:suFXlz96JdL7sR83yyuGCIbg8JE"; us_x1Rd=1; u_x1Rd=1; fromaffiliate=1; noads=1; __cf_bm=Jop1t5chTPmjPwhYAaEWJS4hUC8fcTblZ.t9zWL4LRE-1632893352-0-AadYGoyC66GWBqS8Ej6eyh9rGtcYDKQA6ZGfOM15PTmBUNEZg1FKH3KktkNrOOiP1hnajTpZu5jcUozqZHc+ZwI=
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://poweredby.jads.co/

Response headers

date
Wed, 29 Sep 2021 05:29:12 GMT
content-type
text/html; charset=utf-8
cf-ray
6962cffc6aa8fae5-DUS
cache-control
no-cache
content-language
de
set-cookie
stcki="pOtSwZ=0\054FqPd9a=0\0546pduSG=1\054aDBbcK=0"; expires=Fri, 29-Oct-2021 05:29:12 GMT; Max-Age=2592000; Path=/; SameSite=none; secure dwf_s_a=False; expires=Fri, 29-Oct-2021 05:29:12 GMT; Max-Age=2592000; Path=/; SameSite=none; secure
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding, Accept-Language, Cookie
via
1.1 google
cf-cache-status
DYNAMIC
cf-ctrl
Z
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://cdn.exoticads.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com ; connect-src 'self' blob: blob https://*.mmcdn.com https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://txn.apac.paywithpoli.com https://player.vimeo.com; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://wnu.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"report_to":"default","max_age":2592000,"include_subdomains":true}
p3p
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
referrer-policy
strict-origin-when-cross-origin
report-to
{"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
x-content-type-options
nosniff
x-xss-protection
1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
server
cloudflare
content-encoding
br

Redirect headers

date
Wed, 29 Sep 2021 05:29:12 GMT
content-type
text/html; charset=utf-8
location
/tours/3/?c=1&campaign=NcAyU&gender=f&disable_sound=0&p=0&tour=x1Rd
cf-ray
6962cffb4980fae5-DUS
cache-control
no-cache
content-language
de
set-cookie
affkey="eJwdjEsOQDAQhq8isxZVK7FzAQuJA4xOxas0NaIi7i5j9/3PBzgsUCUQ6VzZjLhtdoU0ARwGsR3GGJ2lCYtclxJ4sQstGARHZn9USvn9ssFSf2cz0pGZXUmF/2/dkgjj/nFj6ruD9wP6OiP9"; Domain=.chaturbate.com; expires=Fri, 29-Oct-2021 05:29:12 GMT; Max-Age=2592000; Path=/; SameSite=none; secure sbr="sec:sbr7ca273b0-d60b-45fc-9954-b254c7f0565d:1mVS9Y:suFXlz96JdL7sR83yyuGCIbg8JE"; Domain=.chaturbate.com; expires=Mon, 24-Jun-2024 05:29:12 GMT; httponly; Max-Age=86313600; Path=/; SameSite=none; secure us_x1Rd=1; Path=/; SameSite=none; secure u_x1Rd=1; expires=Mon, 04-Oct-2021 05:29:12 GMT; Max-Age=432000; Path=/; SameSite=none; secure fromaffiliate=1; Domain=.chaturbate.com; Path=/; SameSite=none; secure noads=1; expires=Wed, 29-Sep-2021 11:29:12 GMT; Max-Age=21600; Path=/; SameSite=none; secure __cf_bm=Jop1t5chTPmjPwhYAaEWJS4hUC8fcTblZ.t9zWL4LRE-1632893352-0-AadYGoyC66GWBqS8Ej6eyh9rGtcYDKQA6ZGfOM15PTmBUNEZg1FKH3KktkNrOOiP1hnajTpZu5jcUozqZHc+ZwI=; path=/; expires=Wed, 29-Sep-21 05:59:12 GMT; domain=.chaturbate.com; HttpOnly; Secure; SameSite=None
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Language, Cookie, Accept-Encoding
via
1.1 google
cf-cache-status
DYNAMIC
cf-ctrl
Z
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://cdn.exoticads.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com ; connect-src 'self' blob: blob https://*.mmcdn.com https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://txn.apac.paywithpoli.com https://player.vimeo.com; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://wnu.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce;
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"report_to":"default","max_age":2592000,"include_subdomains":true}
p3p
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
referrer-policy
strict-origin-when-cross-origin
report-to
{"group":"default","max_age":2592000,"endpoints":[{"url":"https://report-uri.mmcdn.com/a/t/g"}],"include_subdomains":true}
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce
server
cloudflare
p.js
pxl.tsyndicate.com/api/v1/p/ Frame 7B88 		24 B
126 B 		Script
General
Check archive.org
Download Go to
Full URL
https://pxl.tsyndicate.com/api/v1/p/p.js?p=e0SgKROGTBk5c0TouMFCRJgxdBbGcEjnzEIRY2bQgBHDDAwcLcbgkBGjBQ0cGltANCOmhRgcMWqMkTEGpBgxNkQ4nCMmDRmFOraIuBEDB0cbNmKK6OIwTJ0xGHMUNVNjRowyK82QsXEyB4wwL3PQINMiaYwxYmqQqZHzRo6dD8nYWbgxBw4bDuHUETNRxlSncOBMjJEjxwyecCTqmHHDRozGMhyOaTOYcdIaY52SMTPRoRg3bhbKqFESx1WHbdxc1PG3BgzEIuCoZh2DRgyjDuvIYTMaB2zIFEXUkYERDR06cOboePFiDJs1c-iEoePijZwzztmkGbPGBRw0cH6sKZOnR443cNLjqGNDDA3DMOSEeYPGDJo1XOrAgCHDxnPu1vjipx7ugCEIM4Zo4gw0pmjiiTlauOEMK-6YYwgmLAoiiDSWeGPDIKqQIggioJsBRBSF0OKMIYIYQgsbargjRTG-eIoN_fjzb4w3pOsBBhf4qyHH_myYIw06yhiQjB5wM2wGIneUY8keSDPtqij_o66HIMiogw06QDiiDDcQCgPH_YokL487rmNyjzXblIOMPrKUowwzELpTjh6OS26OEk4sQQYjBjXCjDAES2M1NMhwgcc2DM1yjDAqI3AGzMbK0ozr2thyBv7wIA2GLNOAo8oYbHAhuFVxc0EGHLI8o4w3eqhiiizhkIM7Jdt44yA2ethDV16_8BXYPuIi4402MEJUUUYdhTQuSuWYiAaOJqNuoS2uako2OaLSoYasYMhLhPTCXYjcFsz9rDMdgBRystm-0FVceWHLwSE57LBMBslEKGOM2RbKtwbd6kgDo5rKeAuGMnJowQwa0jrJP4lxwCEMGMwKQ60yaBCjJBtgoCEuUxlOddWrWo3hVRzimjJlHUQgmeWXcXsZ1rjqCAOjJt7QIw022AjjhRqCBAGFKxZd1kIQnKAChBjk3QGEpt2wgYar8dg6BRCCEIyNMq4oQ4wlkES6MRcwXXoJJKhoggkWQNiOPDEHXuMNsIdAQw5my3jhsCBdoKGGG25wwYYZQJgiDER3XVtxTKkVV4Rb47ruizEuz9whNi4noghly7Djizt700GmG2qQ6Sj--D1DNMZyqAEHhw46XQxrdcBdBN2N_dU323IH3DN0g6JBL8DxyGM0fvE0DjnlmHvhWTgWZVBaZl-Ia45-MQJ8Ojqua6EON5BsgTQXyBgjhuJyv_ygL9yHPy46ml2dcVgPm6G0irShOPubQf9m8D8Z8OdcBkFdGeYABxstJlUFxIH_APgQMSwGeHi6kUT0EjqD9UEBAQE%3D&s=5c1ecb52fd8aa76f68679ad1d3a08421764de71257ef69b7d909c7f21bdbde5a1632893352&w=t&r=1&d=14&priv=false
Requested by
Host: tsyndicate.com
URL: https://tsyndicate.com/iframes2/00394b71264946e5bf58746cefe5435f.html?subid=718406681&categories={{ad_tags}}
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
136.243.80.153 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.153.80.243.136.clients.your-server.de
Software
nginx /
Resource Hash
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tsyndicate.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:12 GMT
server
nginx
x-robots-tag
noindex, nofollow
content-length
24
content-type
text/javascript; charset=utf-8
362358.gif
idsync.rlcdn.com/ Frame E4F0
Redirect Chain
  • https://ejp.rlcdn.com/501709.html
  • https://ejp.rlcdn.com/1000.gif?memo=CM3PHhoNCKjzz4oGEgUI6AcQAEIASgA
  • https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm
  • https://idsync.rlcdn.com/362358.gif?google_gid=CAESEOpl3b1AxKcUf_VUry052LM&google_cver=1
42 B
317 B 		Document
General
Check archive.org
Download Go to
Full URL
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEOpl3b1AxKcUf_VUry052LM&google_cver=1
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.a0ed109e21af94c55c513d7580d5773c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

:method
GET
:authority
idsync.rlcdn.com
:scheme
https
:path
/362358.gif?google_gid=CAESEOpl3b1AxKcUf_VUry052LM&google_cver=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://disqus.com/embed/comments/?base=default&f=mrhackerco&t_i=mrhackerco-51279&t_u=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&t_e=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_d=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_t=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&s_o=default
accept-encoding
gzip, deflate, br
cookie
rlas3=leYezWheL0mRsFZXfHDK4ZVuJpVBxYQGptVs2p8uv2o=; pxrc=CKjzz4oGEgUI6AcQABIGCLrqARAA
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=mrhackerco&t_i=mrhackerco-51279&t_u=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&t_e=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_d=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_t=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&s_o=default

Response headers

cache-control
no-cache, no-store
content-type
image/gif
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
set-cookie
rlas3=leYezWheL0mRsFZXfHDK4ZVuJpVBxYQGptVs2p8uv2o=; Path=/; Domain=rlcdn.com; Expires=Thu, 29 Sep 2022 05:29:12 GMT; Secure; SameSite=None pxrc=CKjzz4oGEgUI6AcQABIGCLrqARAA; Path=/; Domain=rlcdn.com; Expires=Sun, 28 Nov 2021 05:29:12 GMT; Secure; SameSite=None
timing-allow-origin
*
date
Wed, 29 Sep 2021 05:29:12 GMT
content-length
42
via
1.1 google
alt-svc
clear

Redirect headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEOpl3b1AxKcUf_VUry052LM&google_cver=1
date
Wed, 29 Sep 2021 05:29:12 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
server
HTTP server (unknown)
content-length
289
x-xss-protection
0
set-cookie
IDE=AHWqTUnuH4QH87V979zyyYq4HJ-sAgqGsjMFu3CwX-wVqp4BdNENJORrsl4Z7JFVNhE; expires=Mon, 24-Oct-2022 05:29:12 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
pixel.html
live.rezync.com/ Frame 1E8F 		507 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://live.rezync.com/pixel.html?c=4656c20ee35215f78e9273796625d90b&cid=c2kph8k114ahs1i&pctry=DE&referrer=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.a0ed109e21af94c55c513d7580d5773c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.87.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-87-94.fra2.r.cloudfront.net
Software
lighttpd/1.4.33 /
Resource Hash
cc3065712fe8491c6bb8cb728cd3309c1c5896ba6bb0d0d23bfc60a0c3297890

Request headers

:method
GET
:authority
live.rezync.com
:scheme
https
:path
/pixel.html?c=4656c20ee35215f78e9273796625d90b&cid=c2kph8k114ahs1i&pctry=DE&referrer=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://disqus.com/embed/comments/?base=default&f=mrhackerco&t_i=mrhackerco-51279&t_u=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&t_e=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_d=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_t=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&s_o=default
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=mrhackerco&t_i=mrhackerco-51279&t_u=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&t_e=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_d=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_t=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&s_o=default

Response headers

content-type
text/html; charset=utf-8
content-length
507
date
Wed, 29 Sep 2021 05:29:12 GMT
server
lighttpd/1.4.33
set-cookie
zync-uuid=357b854d-0c8e-4a69-a6f3-b31e122d75e7:1632893352.33; Domain=rezync.com; Expires=Sun, 27-Mar-2022 22:29:12 GMT; Path=/; SameSite=None; Secure sd-session-id=.eJwVykELgjAYgOG_Et_Zg9MFIXQUEfoUaSLzIqZDN9PMTaiJ_z27vS88G1SzWMZ6EpOBwCyrcKB5yuM0BBu0Ur_Xo6Dxhrm_DITQutdEwu6AFlrL11TJ9i9Pj0OhzX2uOpJEmcEIaXl3Xc74-VaEXqnQcIWfkoVfHDM_KXI_VaGHNqYpQ5uweEWLV9j3H7IhMTo.FDWLKA.irnonf2yot18J9TCyefZYFbGSI0; Expires=Mon, 28-Mar-2022 05:29:12 GMT; HttpOnly; Path=/; SameSite=None; Secure
x-cache
Miss from cloudfront
via
1.1 784dd167d622737126ee2d76985e7d3c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
1WfFRTFHPfoB1o2P81r4iZg8oLaar39EMb2db0P5nSHgEZmiqnBFSQ==
narr
obgpm76tt0a0sgozk8l.npdredinuid.imrworldwide.com/ Frame 61D3 		0
0
/
io.narrative.io/ Frame 61D3
Redirect Chain
  • https://io.narrative.io/?companyId=19&id=disqus_id%3Ac2kph8k114ahs1i&ret=img&ref=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
  • https://io.narrative.io/?io.narrative.guid.v2=2da66810-20e6-11ec-a9a5-06119d0d8b4f&companyId=19&id=disqus_id%3Ac2kph8k114ahs1i&ret=img&ref=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-gr...
35 B
319 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://io.narrative.io/?io.narrative.guid.v2=2da66810-20e6-11ec-a9a5-06119d0d8b4f&companyId=19&id=disqus_id%3Ac2kph8k114ahs1i&ret=img&ref=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/malware/russian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.47.34 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-17-47-34.eu-west-1.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=mrhackerco&t_i=mrhackerco-51279&t_u=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems&t_e=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_d=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&t_t=Russian%20Turla%20APT%20Group%20Deploying%20New%20Backdoor%20on%20Targeted%20Systems&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 29 Sep 2021 05:29:12 GMT
Cache-Control
no-cache
Server
nginx/1.18.0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif

Redirect headers

Location
https://io.narrative.io/?io.narrative.guid.v2=2da66810-20e6-11ec-a9a5-06119d0d8b4f&companyId=19&id=disqus_id%3Ac2kph8k114ahs1i&ret=img&ref=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Date
Wed, 29 Sep 2021 05:29:12 GMT
Server
nginx/1.18.0
Connection
keep-alive
Content-Length
0
16287-1492718134.gif
i.jads.co/network/user500/ Frame 5FCC 		278 KB
278 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.jads.co/network/user500/16287-1492718134.gif
Requested by
Host: poweredby.jads.co
URL: https://poweredby.jads.co/adshow.php?adzone=929979
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.16.175.10 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
hwcdn.net
Software
/
Resource Hash
d80c738c707a8314897fec631566054d35613f93931db4ac9c5a126ff3534274

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://poweredby.jads.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:12 GMT
last-modified
Thu, 20 Apr 2017 19:55:34 GMT
etag
"1492718134"
x-hw
1632893352.dop213.am5.t,1632893352.cds282.am5.hn,1632893352.cds155.am5.c
content-type
image/gif
cache-control
max-age=26851298
accept-ranges
bytes
content-length
284353
37399-1623577009-0808676001623577009.jpg
i.jads.co/network/user500/ Frame B947 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.jads.co/network/user500/37399-1623577009-0808676001623577009.jpg
Requested by
Host: poweredby.jads.co
URL: https://poweredby.jads.co/adshow.php?adzone=929973
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.16.175.10 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
hwcdn.net
Software
/
Resource Hash
44dd34631d251f58a88f771f5b4bf5495756377dd29c6177754aa7fd4b8d53ca

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://poweredby.jads.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:12 GMT
last-modified
Sun, 13 Jun 2021 09:36:49 GMT
etag
"1623577009"
x-hw
1632893352.dop213.am5.t,1632893352.cds282.am5.hn,1632893352.cds118.am5.c
content-type
image/jpeg
cache-control
max-age=22244946
accept-ranges
bytes
content-length
16345
991898_video.mp4
ht-cdn2.adtng.com/a7/creatives/2/61/811953/991898/ Frame DD1E 		389 KB
390 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://ht-cdn2.adtng.com/a7/creatives/2/61/811953/991898/991898_video.mp4
Requested by
Host: a.adtng.com
URL: https://a.adtng.com/get/10010242?time=1592492288727&atc=265283&apb=tUR5OAaGRkuEWUvSod_x-wAAGzIAAAURADlk2wAAAAAABAxDAB0JwgAAAAJaLGzb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.254.122.21 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software
/
Resource Hash
6cd6e37676b17b8d6ea7820808d01f7aa8a3485f374ffd12f0be4bb5de8d12fa

Request headers

Referer
https://a.adtng.com/
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Range
bytes=0-

Response headers

date
Wed, 29 Sep 2021 05:29:12 GMT
last-modified
Wed, 24 Mar 2021 17:20:57 GMT
etag
"2b62bd64f-615b1-5be4b859c7040"
content-type
video/mp4
Content-Range
bytes 0-398768/398769
cache-control
max-age=10717057
x-cdn-diag
fra1-11014-1-28146-h-0-0---;11028-6-1313----0-0-0
Content-Length
398769
expires
Sun, 30 Jan 2022 16:55:10 GMT
1007562_video.mp4
vz-cdn2.adtng.com/a7/creatives/1/1322/813032/1007562/ Frame F33B 		398 KB
399 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://vz-cdn2.adtng.com/a7/creatives/1/1322/813032/1007562/1007562_video.mp4
Requested by
Host: a.adtng.com
URL: https://a.adtng.com/get/10010242?time=1592492288727&atc=265283&apb=dbg_ToUtSX-ci0o7z1OORgAAGzIAAAURADlk2wAAAAAABAxDAB0JwgAAAAJnTngk
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.21.187 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FAD) /
Resource Hash
4d54a8b941eaa5c7d9be699e77081b177e8b1b9caa58b6e0dab0c14babae9787

Request headers

Referer
https://a.adtng.com/
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Range
bytes=0-

Response headers

date
Wed, 29 Sep 2021 05:29:12 GMT
last-modified
Fri, 10 Sep 2021 19:51:07 GMT
server
ECAcc (frc/8FAD)
age
1332828
etag
"2c18c5001-63960-5cba96fabe0c0"
x-cache
HIT
content-type
video/mp4
Content-Range
bytes 0-407903/407904
cache-control
max-age=10665407
accept-ranges
bytes
Content-Length
407904
expires
Sun, 30 Jan 2022 16:05:59 GMT
p.js
pxl.tsyndicate.com/api/v1/p/ Frame AF97 		24 B
126 B 		Script
General
Check archive.org
Download Go to
Full URL
https://pxl.tsyndicate.com/api/v1/p/p.js?p=e0SgKROGTBk5c0TouMFCRJgxdBbGcEjnzEIRN2qIwTHDDI0yLXDUkEGmBY0cN8y0yDEGh5iTYWaIGWOmxgwcZWjYEOFwjpg0ZBTq2CIiRg4YN5LCyDGDZxeHYeqMwUgGh4wcMW7YwNFCzA2nJ0vO8EqGRlcZZm4c_QjDTIwwZXo-JGNnoY0cNmQ4hFNHzESsDR_CgTPxaFOfcCTqmLE1RmOKIsa0KaxDhg2SHaOSMbNQhmAxbtxMRDoDBo29Itq4uajjsQwZMPiubh2DRowYOBzWiYERDR06cOboePEijAuDdFi7GPOmzYszZei8iAEDRnUZqH_QSdOmTI8YNXJkHy8DB44bn7nUsX45DJ0xPS5nnrG-vY0wcMT0ICPmzBcq3qiCjimwaGGMNGB44wY9YnjiCSnOCCKII_RIYsIgqpAiCCLYWEOGOzDEUIgg8CAiCCFgUOIOCTFUwg0qWFtjLjja8MwhMpzDyIz84EiDNTTIYE5Hh8Z4b6EtZogBKhHgkIMq1xx6w0koIxOjMx1gcMG6Goqs8QsqF9LSuhtwiCE1OeyoDDaHyhijRjG3rO66LkWoo440qmrqhttqGKMFMsaYgYaT3ITBKyVXEkMMkmqggQwlw7hBLofSqEwEGWKwwYXHYuAUNxfMm0uOLyzFKNNNO_3UU1F3CwOjJt7QIw022AjjhRq2BAGFK37M8Y45QHCCChCq23IHEHp1wwYakMWD2RRACIIwNsq4ogwxlkhjuptucMGpXZdAgoommGABBDbSWKMMEI5wc403oh0CDTmcK-OFprZ0gYYabvDWhhlAmCIMHuVIA9fGvuWpSChFqGKKud4gdYyGH56LjYaJKGKug-z4Qo4y2Jio3xrCw4EG6xyS44zRGMuhBt1E6PgLMeRYKOaZ23iDDM_MpAHHeieScqifm6wXjzxuFAFkLAcCTjjiXuCRsB_PCHLI5-aaI02M6qXjPYlbqMONbVswz4VAz-S44YO-SFuGueiw0TWAzWtqhpIragNuumewewa8cztts4_LmAOOL47s--_AoxJjMZnL4LEONiTiC2Mx-1AgIA%3D%3D&s=71b1ba329cb4a68bd523056e161a7b20ecafd13eee6596cee47a5224072f93e71632893351&w=t&r=1&d=389&priv=false
Requested by
Host: tsyndicate.com
URL: https://tsyndicate.com/iframes2/ecaaabf53036409d9c39b44bec79a69d.html?subid=1907070936&categories=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
136.243.80.153 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.153.80.243.136.clients.your-server.de
Software
nginx /
Resource Hash
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tsyndicate.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:12 GMT
server
nginx
x-robots-tag
noindex, nofollow
content-length
24
content-type
text/javascript; charset=utf-8
52154.gif
idsync.rlcdn.com/ Frame 1E8F
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A//live.rezync.com/sync%3Fc%3D4656c20ee35215f78e9273796625d90b%26p%3D093016b0419d19c905c78c859b815219%26pid%3D%24UID
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%2F%2Flive.rezync.com%2Fsync%253Fc%253D4656c20ee35215f78e9273796625d90b%2526p%253D093016b0419d19c905c78c859b815219%2526pid%253D%2524UID
  • https://live.rezync.com/sync?c=4656c20ee35215f78e9273796625d90b&p=093016b0419d19c905c78c859b815219&pid=3244829569288000608
  • https://p.rfihub.com/cm?pub=39342&in=1&userid=357b854d-0c8e-4a69-a6f3-b31e122d75e7%3A1632893352.33&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3Dc2kph8k114ahs1i
  • https://idsync.rlcdn.com/501709.gif?partner_uid=c2kph8k114ahs1i
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fidsync.rlcdn.com%2F52154.gif%3Fserved_by%3Devergreen%26partner_uid%3D%24UID
  • https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=3244829569288000608
42 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=3244829569288000608
Requested by
Host: live.rezync.com
URL: https://live.rezync.com/pixel.html?c=4656c20ee35215f78e9273796625d90b&cid=c2kph8k114ahs1i&pctry=DE&referrer=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://live.rezync.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 29 Sep 2021 05:29:12 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store
content-type
image/gif
alt-svc
clear
content-length
42

Redirect headers

Pragma
no-cache
Date
Wed, 29 Sep 2021 05:29:12 GMT
X-Proxy-Origin
216.131.111.28; 216.131.111.28; 623.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
3cbd8b56-012b-4e05-a894-2a365eae947a
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=3244829569288000608
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
397676.gif
idsync.rlcdn.com/ Frame 1E8F
Redirect Chain
  • https://p.rfihub.com/cm?pub=39342&in=1&userid=357b854d-0c8e-4a69-a6f3-b31e122d75e7%3A1632893352.33&forward=https%3A//live.rezync.com/sync%3Fc%3D4656c20ee35215f78e9273796625d90b%26p%3D260a954059a0ab...
  • https://live.rezync.com/sync?c=4656c20ee35215f78e9273796625d90b&p=260a954059a0ab1986e4ee8c5c88c54c&pid=1871316023239078225
  • https://idsync.rlcdn.com/501709.gif?partner_uid=c2kph8k114ahs1i
  • https://gum.criteo.com/sync?c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397676.gif%3Fserved_by%3Devergreen%26partner_uid%3D%40USERID%40
  • https://gum.criteo.com/sync?s=1&c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397676.gif%3Fserved_by%3Devergreen%26partner_uid%3D%40USERID%40
  • https://idsync.rlcdn.com/397676.gif?served_by=evergreen&partner_uid=5ABHRaiPG5B1vAZ1m6RWDH4K0a5uy3KK
42 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.rlcdn.com/397676.gif?served_by=evergreen&partner_uid=5ABHRaiPG5B1vAZ1m6RWDH4K0a5uy3KK
Requested by
Host: live.rezync.com
URL: https://live.rezync.com/pixel.html?c=4656c20ee35215f78e9273796625d90b&cid=c2kph8k114ahs1i&pctry=DE&referrer=https%3A%2F%2Fmrhacker.co%2Fmalware%2Frussian-turla-apt-group-deploying-new-backdoor-on-targeted-systems
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://live.rezync.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 29 Sep 2021 05:29:12 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store
content-type
image/gif
alt-svc
clear
content-length
42

Redirect headers

location
https://idsync.rlcdn.com/397676.gif?served_by=evergreen&partner_uid=5ABHRaiPG5B1vAZ1m6RWDH4K0a5uy3KK
strict-transport-security
max-age=31536000
cache-control
private, max-age=0, no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
3603
date
Wed, 29 Sep 2021 05:29:12 GMT
content-length
221
content-type
text/html; charset=utf-8
p.js
pxl.tsyndicate.com/api/v1/p/ Frame D8D0 		24 B
126 B 		Script
General
Check archive.org
Download Go to
Full URL
https://pxl.tsyndicate.com/api/v1/p/p.js?p=e0SgKROGTBk5c0TouMFCRJgxdBbGcEjnzEIRYmrQoHEjxwwcLWDYwGGjBQ0bNMS0wEGjRo6TYsjICBODjBkzMcyIEeFwjpg0ZBTq2CIiRg4YN5LC-GhDRBeHYeqMwYijzJgcZDrCxDHDDMytMlqE8VqmxRgZNWyQrKm1BpmeD8nYWWgjhw0ZDuHU4akjhowcDR_CgTPx6EefcCTqmHHDRozGFEWMaVNYhwwbNWR0jXpzoQzBYty4mYh0BgwaeUW0cXPR7wwZMmDoZe06Bo0YMXA4rBMDIxo6dODM0fHiRRgXBum0djHmTZsXZ8rQeREDBgzrMlL_oJOmTZkeMV5qzxEbB44boLnUuY45DJ0xPTBr7rq-vY0wcMT0oFNFSo0nggjjCCnWqKOIK6qwY4o3yPgCjxbuCCKII_RIYsIg_AuCCDbWkEFCDCcUIgg8iAhCCBiUuOOMEJUIg4kKeaLtM4fIeA4jM_KDI43W0CCjuRsdGuO9hbaYIQaoRIBDDqr8cuiNJZuUTAwzFoLBhetqEBKONr6I0kosR8oBPYfksMOy2By6ikswr8Mhhxp2E6GOOtLA6AYzbBADuzDMmoEsM04CSawcxiDjhrFm0EqM8so477G40rBMBBlisMEFyGLANDcXNotLji8kxajSSzPdVFNPeQsDoybe0CMNNtgI44UasAQBhSt4tPGOOUBwggoQrMNyBxBydSMlYvFIKQUQgiCMjTKuKEOMJdKgrobGXJjBhluXQIKKJphgAQQ20lijDBCOuGqNN5gdAg05nivjhY-wdMGlG25wwYYZQJgijBzlSIPWbLeNa4wmRahiirjeABVhjBaOi42EiSgiroPs-EKOMtiYqIYbahCvpevKPIM0xuCUM-MvxJBjoZXL0LiNBj_D4bYa453oyaFo0CtePPKgUQSOq9RhoOCGK-6FHAnj8QwfgYQurjnMxCheOt5zuIU63LC2BfFcIGOMvzBO-KAvxi67ojYm4nezj2YQmW0Z3IbtzRnk1o2pzjYuYw44viDSr7fx1jsqMRYT4aAc62BDIr0otrIPBQIC&s=78e86032233bf7421dd98520a1efc0deb7ea22a05230b58b5e6641f23e6a0fbe1632893351&w=t&r=1&d=555&priv=false
Requested by
Host: tsyndicate.com
URL: https://tsyndicate.com/iframes2/ecaaabf53036409d9c39b44bec79a69d.html?subid=1907070936&categories=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
136.243.80.153 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.153.80.243.136.clients.your-server.de
Software
nginx /
Resource Hash
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tsyndicate.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:12 GMT
server
nginx
x-robots-tag
noindex, nofollow
content-length
24
content-type
text/javascript; charset=utf-8
output.3344232d6d14.css
static-assets.highwebmedia.com/CACHE/css/ Frame 5E90 		55 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static-assets.highwebmedia.com/CACHE/css/output.3344232d6d14.css
Requested by
Host: chaturbate.com
URL: https://chaturbate.com/tours/3/?c=1&campaign=NcAyU&gender=f&disable_sound=0&p=0&tour=x1Rd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.93.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d24969c0f4eecb669152db506268c2ee3361f5dd5d72508ead0d098260260ea0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://chaturbate.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:12 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
476318
cf-polished
origSize=67279
last-modified
Thu, 23 Sep 2021 17:07:15 GMT
x-amz-request-id
3VKAFQ5EMVVVD7C2
x-amz-id-2
6+kw0UlUsYKKcC3vaznACzWNyjEfwv2TcUS1gESlMaKSEG+lEJ/D7XVZgJ0SRF+HPvf4wKo74a0=
cf-bgj
minify
server
cloudflare
x-amz-meta-s3cmd-attrs
md5:d09739d43b32a02373d31843741f693d
etag
W/"d09739d43b32a02373d31843741f693d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zbK11Z4rVJxsTlX3Z246VRZYt1zVNhRp%2BkgEt1gJgivd3SpcFuiXgqyyf%2B6pq2Aac7jkEuHmi%2F9AcChh5w3zqDNfZZj49fVvqA0kXoDmdyoengh18Gj7uBlkE46g82Ip4uCEkRhFuNDmm%2Bw0cAq60w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=2592000
cf-ray
6962cffe2f702193-DUS
expires
Fri, 29 Oct 2021 05:29:12 GMT
api.js
chaturbate.com/cdn-cgi/bm/cv/669835187/ Frame 5E90 		35 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://chaturbate.com/cdn-cgi/bm/cv/669835187/api.js
Requested by
Host: chaturbate.com
URL: https://chaturbate.com/tours/3/?c=1&campaign=NcAyU&gender=f&disable_sound=0&p=0&tour=x1Rd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.100.40 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0d3118e306c6a26f1d2efcb698984e6922c5e7e155c94a84760e36e5592a3c11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://chaturbate.com/tours/3/?c=1&campaign=NcAyU&gender=f&disable_sound=0&p=0&tour=x1Rd
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wmkSJ7xtUGAV0o7CqUqB%2F4eAv5XYB%2BFWm%2Foh30H53dQA3mniPoC5%2FmWmTRBfgJLy%2BXWVvVYQecAGVsLd7A%2B%2BmWqIYVDz9WQi%2Fw0gVnoE83Mv5yl5J2EVKgyb3qcro0tG"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=604800, public
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
6962cffddc34fae5-DUS
princesshannnn.jpg
roomimg.stream.highwebmedia.com/riw/ Frame 5E90 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://roomimg.stream.highwebmedia.com/riw/princesshannnn.jpg?1632893340
Requested by
Host: chaturbate.com
URL: https://chaturbate.com/tours/3/?c=1&campaign=NcAyU&gender=f&disable_sound=0&p=0&tour=x1Rd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.241.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a8bbb814e0728f4318be60b880b1a445035044d93e97ab38a3a39ecf93fd6d2c
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src data:; style-src 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://chaturbate.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:12 GMT
access-control-allow-methods
GET, POST, OPTIONS
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
17
cf-polished
origSize=10086
vary
Accept-Encoding
content-length
9976
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
cf-bgj
imgq:100,h2pri
server
cloudflare
x-frame-options
DENY
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5dtzUJUY7eEgYgcSAURdqVSFjrvgwbvsPsdoDfvoHzng3YvgB2PKAozrRGFiGonxTzdFiBbDVXhTVZHXKkQfALLcC9muqlnHb9FNiysdoEqZ6NOXlxktZhzG%2BKI9L%2FwiwJTSWoypfAkXvabfTr2bjHg%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=30
content-security-policy
default-src 'none'; img-src data:; style-src 'unsafe-inline'
accept-ranges
bytes
cf-ray
6962cffe2fa4c49f-DUS
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 29 Sep 2021 05:29:42 GMT
output.6f6724a00cb8.js
static-assets.highwebmedia.com/CACHE/js/ Frame 5E90 		316 B
673 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static-assets.highwebmedia.com/CACHE/js/output.6f6724a00cb8.js
Requested by
Host: chaturbate.com
URL: https://chaturbate.com/tours/3/?c=1&campaign=NcAyU&gender=f&disable_sound=0&p=0&tour=x1Rd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.93.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6f6724a00cb858aa73759829289a3593ec992eb2ce720825bd2239e53dca4d3f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://chaturbate.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:12 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
547352
last-modified
Thu, 24 Jun 2021 21:24:05 GMT
x-amz-request-id
GQ6G6CMSVCZGKZYK
x-amz-id-2
DjkyAPglbcYdTGu6KBk2faEbOPgzFAg7aNVU+PldvRcgJP7uxAeZl1XfOZLN189T+bNsA7mn7M0=
cf-bgj
minify
server
cloudflare
x-amz-meta-s3cmd-attrs
md5:a708027bfbbde438a72a93082d4bc4b5
etag
W/"a708027bfbbde438a72a93082d4bc4b5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h5AkxNRonSKY5g25VlJ57cBoF2%2FOnOVY660cwaMhixwBcP7bBmGj7s444owRCvvwg%2BMOMPdpQ5Goe%2FYDLP%2BmPfiV8vhuoRHics3mvnN2DYywt8ULR%2FuyWE9BWeCH%2FgMs7HlQsosTOy%2FoTbxrzLmVtA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000
cf-ray
6962cffe2f732193-DUS
expires
Fri, 29 Oct 2021 05:29:12 GMT
analytics.js
www.google-analytics.com/ Frame 5E90 		48 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: chaturbate.com
URL: https://chaturbate.com/tours/3/?c=1&campaign=NcAyU&gender=f&disable_sound=0&p=0&tour=x1Rd
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://chaturbate.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 11 Aug 2021 00:32:57 GMT
server
Golfe2
age
2232
date
Wed, 29 Sep 2021 04:52:00 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19747
expires
Wed, 29 Sep 2021 06:52:00 GMT
ico-female.svg
static-assets.highwebmedia.com/images/ Frame 5E90 		7 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static-assets.highwebmedia.com/images/ico-female.svg?818c9c4c368f
Requested by
Host: static-assets.highwebmedia.com
URL: https://static-assets.highwebmedia.com/CACHE/css/output.3344232d6d14.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.93.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
818c9c4c368ff40bbc414f8bb3a80990c7208bcf0b45f9d9aa947f1ea2e1eb93

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://static-assets.highwebmedia.com/CACHE/css/output.3344232d6d14.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:12 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
805895
x-amz-request-id
SYYGT9SPMH3ZN6C7
x-amz-id-2
GMQ0npZzcwJImgBjQDtih180x9x/mC1EbKXmRnGkzVUXlu44cbmwNoLlg8gXPhzUel5qPwodUh8=
last-modified
Tue, 09 Mar 2021 22:37:01 GMT
server
cloudflare
x-amz-meta-s3cmd-attrs
md5:304b64c8f4b6c7e0c36c86b419151c45
etag
W/"304b64c8f4b6c7e0c36c86b419151c45"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3TQXZsRQb3Vq6wP2iK4W6ia0cv%2B%2BleI9Wa61i8saoreqLY6mOpF3ybee%2BUxCi3R137Ln5zOjhANC4I1EFkazLT5niDTRYWrzg7NQNt9iK37X5gol4srgeuBTPY4xqucNwroARedcxtND%2Fx9Msm1teQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=2592000
cf-ray
6962cffe582c2193-DUS
expires
Fri, 29 Oct 2021 05:29:12 GMT
ico-cams.png
static-assets.highwebmedia.com/images/ Frame 5E90 		549 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static-assets.highwebmedia.com/images/ico-cams.png?829027f88094
Requested by
Host: static-assets.highwebmedia.com
URL: https://static-assets.highwebmedia.com/CACHE/css/output.3344232d6d14.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.93.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
52dc5730b7afd3f35531dcca2bd7b9984f0271d15c8b449c4b1d425dddf12a33

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://static-assets.highwebmedia.com/CACHE/css/output.3344232d6d14.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:12 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
805895
cf-polished
origSize=1457
cf-ray
6962cffe58302193-DUS
last-modified
Tue, 19 Jan 2021 22:03:22 GMT
content-length
549
x-amz-id-2
fygetyH4BZmJvsYWDeLGwdGZ8hEOoHLNltt0ovtxfBkfUe9T9Aetd129HUIsxfz5VeI+XmW+Eyw=
cf-bgj
imgq:100,h2pri,csam-hash
server
cloudflare
x-amz-meta-s3cmd-attrs
md5:58ecd9d7af4908cce84eccd4cbd6f0d0
etag
"58ecd9d7af4908cce84eccd4cbd6f0d0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QUmCVGFV%2FCismBvArAtFKsKUyQQUnQuDBvqx7taATPHmRktAiMuvIJy2Zo44E0HWXSH4pJdDpWPPjAsXopUHITgbHghvvbjKkhFEdufIzzHkc1UOZU4Cs7uNiKdoT8%2BRHzna2%2FkAdVGB4s6CeYEDjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-request-id
SYYXT76R9XE26DGR
cache-control
public, max-age=2592000
accept-ranges
bytes
content-type
image/png
expires
Fri, 29 Oct 2021 05:29:12 GMT
ubuntur-webfont.woff
static-assets.highwebmedia.com/fonts/ Frame 5E90 		32 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static-assets.highwebmedia.com/fonts/ubuntur-webfont.woff?896a82003cd1
Requested by
Host: static-assets.highwebmedia.com
URL: https://static-assets.highwebmedia.com/CACHE/css/output.3344232d6d14.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.93.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
896a82003cd1a9134b0404c129bb7b8292e1d8a91298e275141b21086baa8a9d

Request headers

Referer
https://static-assets.highwebmedia.com/CACHE/css/output.3344232d6d14.css
Origin
https://chaturbate.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:12 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
805895
access-control-allow-methods
GET
x-amz-request-id
YJ17FF7QA30AC7AS
x-amz-id-2
e4AxRxMo5ZHABySm+ZJOoL8f0nn2yb48w25IhG5CaAN9mNJSlGgKW5mTnX3zxMm4aeDYXGj7JN4=
last-modified
Tue, 19 Jan 2021 22:07:55 GMT
server
cloudflare
x-amz-meta-s3cmd-attrs
md5:30556905d926944a6ada140546bcf5ce
etag
W/"30556905d926944a6ada140546bcf5ce"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YUors0Sxu6FYp8wqgwSbx%2BaTsw3hPmsqIfafKJn9gciPyqN4Bu9EfoIwxKbEoouTMQgaezvxeTn9kzAoV8c9NDYO%2FbrfhDIb8cQRgBOkik%2B%2FfimVdqGwo0q%2B3r9HNmnmSf93UdgAgVmU8npqHic7pQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/font-woff
access-control-allow-origin
*
cache-control
public, max-age=2592000
cf-ray
6962cffe7949215d-DUS
expires
Fri, 29 Oct 2021 05:29:12 GMT
ubuntum-webfont.woff
static-assets.highwebmedia.com/fonts/ Frame 5E90 		31 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static-assets.highwebmedia.com/fonts/ubuntum-webfont.woff?a7fc63c36394
Requested by
Host: static-assets.highwebmedia.com
URL: https://static-assets.highwebmedia.com/CACHE/css/output.3344232d6d14.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.93.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a7fc63c363948d7add8e1dade66045376e2bad22da6697f84d175e5f9a76166e

Request headers

Referer
https://static-assets.highwebmedia.com/CACHE/css/output.3344232d6d14.css
Origin
https://chaturbate.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:12 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
805775
access-control-allow-methods
GET
x-amz-request-id
C271EJMCCR5AM9F2
x-amz-id-2
bIQK+fSufE17DSL4adzGe9myz636U9HaVT7LBzVon9VEW6/d62IWrtTzEMyTkEiuh1a62Q220DM=
last-modified
Tue, 19 Jan 2021 22:07:54 GMT
server
cloudflare
x-amz-meta-s3cmd-attrs
md5:9968f3d2a16c9ae20a54d0e44ee83d3a
etag
W/"9968f3d2a16c9ae20a54d0e44ee83d3a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZklOpwqSw7NZFJyavbW26BR%2Fa8WfdRH6%2FaVWnUmHB%2B3iVWYOOB1uZ2L5vGcvdwjgxPOINstyXiFboqaj%2BSZvvvdAWlJDUOn6YOouL7wg5IkLCCtGpIKnucZduyEBnkxqzte1O64v422KDBcCwQ1stw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/font-woff
access-control-allow-origin
*
cache-control
public, max-age=2592000
cf-ray
6962cffe794c215d-DUS
expires
Fri, 29 Oct 2021 05:29:12 GMT
result
chaturbate.com/cdn-cgi/bm/cv/ Frame 5E90 		0
510 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://chaturbate.com/cdn-cgi/bm/cv/result?req_id=6962cffc6aa8fae5
Requested by
Host: chaturbate.com
URL: https://chaturbate.com/tours/3/?c=1&campaign=NcAyU&gender=f&disable_sound=0&p=0&tour=x1Rd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.100.40 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

X-NewRelic-ID
VQIGWV9aDxACUFNVDgMEUw==
tracestate
1418997@nr=0-1-1418997-24506750-037bb1850d5de8ca----1632893352737
traceparent
00-231d7c751a705704e033c01de257ce60-037bb1850d5de8ca-01
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
newrelic
eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjE0MTg5OTciLCJhcCI6IjI0NTA2NzUwIiwiaWQiOiIwMzdiYjE4NTBkNWRlOGNhIiwidHIiOiIyMzFkN2M3NTFhNzA1NzA0ZTAzM2MwMWRlMjU3Y2U2MCIsInRpIjoxNjMyODkzMzUyNzM3fX0=
Content-Type
application/json
Referer
https://chaturbate.com/tours/3/?c=1&campaign=NcAyU&gender=f&disable_sound=0&p=0&tour=x1Rd

Response headers

date
Wed, 29 Sep 2021 05:29:12 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LvY%2B7tL5reQQrbW%2FwbkrYlzRRxTfQAieTtVFU877gKbtm8O8RtO0KJ%2FLyOqD7C05IlboskmItn%2FCtWJpr8qd%2BqGYXXF4CVabzfaYNrQAMk1jDu%2Bna3lTU5MPPpNeiBkN"}],"group":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
6962cffead42fae5-DUS
nr-spa-1210.min.js
js-agent.newrelic.com/ Frame 5E90 		41 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-spa-1210.min.js
Requested by
Host: chaturbate.com
URL: https://chaturbate.com/tours/3/?c=1&campaign=NcAyU&gender=f&disable_sound=0&p=0&tour=x1Rd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ae2fc8f8e0697701399521441a03445a3c11d79719accd0099f41687c1536c49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://chaturbate.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-version-id
S2ZWAVF_bOLxH9dSP4fxyD9xCbMCwnq9
content-encoding
gzip
etag
"d5eff122d09ab2c851fb1780f0287cbf"
x-amz-request-id
MAGTRK8AS2TWBKPD
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
15563
x-amz-id-2
gGMYV8OIO2MSmkGqcvQY50hjTAfzx2UFXcJLvXe01HcBlULlecvkeuKWxnp+aqSyj4XtQUwDL8o=
x-served-by
cache-hhn4062-HHN
last-modified
Tue, 22 Jun 2021 22:47:08 GMT
server
AmazonS3
x-timer
S1632893353.768754,VS0,VE0
date
Wed, 29 Sep 2021 05:29:12 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
5649
6f524845d1
bam-cell.nr-data.net/1/ Frame 5E90 		49 B
930 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bam-cell.nr-data.net/1/6f524845d1?a=24279235&v=1210.e2a3f80&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=729&ck=1&ref=https://chaturbate.com/tours/3/&ap=22&be=564&fe=700&dc=634&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1632893352049,%22n%22:0,%22r%22:107,%22re%22:325,%22f%22:325,%22dn%22:325,%22dne%22:325,%22c%22:325,%22ce%22:325,%22rq%22:326,%22rp%22:545,%22rpe%22:549,%22dl%22:551,%22di%22:634,%22ds%22:634,%22de%22:634,%22dc%22:700,%22l%22:700,%22le%22:701%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&at=H0ETGw9CEwBfVg89BQgCAUoXAxMgf3YvTisrMDIbGRtEAG5dBBQKBwY5TUxJVEMLGwUHEA8XCUkXFRMSWE0EPQoAQVwIGRtYEW5XBBYUCxENGw8bQwRdUAAADwELCUpBUF8GH1oOD0FIQQ9JalhCDxMDV1BVUVJKG1BVWAZYWw0HPBcTClBBZkUEQk0SQFlGQyJKVk9DIwAZJREAEhEkCxV9QgJHSyNRQyAQBU9HewVBExVDEQoQBjldWlRQCF8bW0AADAISTEdbUBVUFwINDkZPRExUZl4Sbk8EEBANDAgbDxsAURMVQwAGFxc5XkBcQhJuXgQNQV5BInwXFRMIQWYCDRYKFxRAFwMTJXQbTUAGCAoBUFdVVD5CSQ0LFzsXA0pBSm4PQhtbQEMAChVaWk9UE0hmEQMEAUNEFRdaXg1eSz4PDAAGRAMXVVgGWU0MDQcBQUobQEpUE25QBUBZVE9EUEVmWBJBG1tALQEXFktaTVQCRRtNQBEBEhNcRk1uCV5KFUBZRgAOWEFMQwNQTQRMAAsORBUXS1QQRFwSFjwJBhJRWl0TWxN%2BJDZBSEEWWEdYXBITA0MZP0YAOhsPGW1DAGVDTkM4QQVYWElQCFZXPUBZRD9Ed1Z4SDRtG01CP0YEA1dRXEM9EwNBPkECP0QVFWUTBVhKAAAPATwVVkBXVT0TA0E%2BQVQ/RBUVZRMRbRtbQj9GUzobGRltQ0VWFBA/RllGZRdBADNVZUMfQUhBD0lqWEIPblYTBUFeQSh8YWljLmV8IjZOUlFQDAQbHUNEWD4NEDsFB1RcVUhDCxs2Cw0ADBFKFxUTFEJcEwwCCQZEAxdmbgBfVg89PEZPRHpzZnMORXwZFhEFQVwbU1hdElQVBwMPFwZEFRd6dz5zVhVAWV1WShtAWG4DQ1YWEQYWPBBcR0pYDl8bW0BaV01WFwEMBlYTFUMLEzsACUxbTUMYbloODAUNBwNXVlwTWxMAWEBPRhEDWFlmWBETA0NQUlJNVwoEFwBQABdTWkFIQQRLWk5CBENmCAZBXkFRWlQLBlJTCUwGVVQBSw0AX1JMCABUVk4GUVMNVg5XUQQPVAZBSEEPSWpaXg9fXAIWCgsNOU1MSVRDCxsiDREUDBRYQVwTTRNMAD0HARUPWlBmVwBcUA0bQV5BKU1dXENDHRsAARcNFQNmRkldCEVmFQcQEBBEAxcZdRJSTxMgUERBShtHXFcEQ1wTQFlGCxJNRUoLTh5JDhUGFgYCW0wXWwBVSk8BDEtBShtCVW4JXkoVQFlGAA5YQUxDA1BNBEwACw5EFRdLVBBEXBIWPBQCElEXAxNORVYUEBBLUEkbGRtCCFZXFBI8AAISXBcDAU0TWwQRFzsEE1xGSm4IQRtbQFFVVUgIBggfUAAIT1BbRk9EUEVmRBJUSz4WGhQGRAMXUV4SRVAPBUFIQQ9JalZDBlBXCBgCEAoJVxcDEy9UTREQDBAGBU0XFRMGWE0%2BAQwJDg9NFwMTBQALA1tXBwcHCw1aE00TTAA9EBARD1dSGwtDfFYbCw8IAkkMGwkRSWZQDwYMExBGd2EZAFEfCVpCNA0NUA0OGUlXBRBBIxMUDwNuUFt6CEUWVFFUSlBQGR1yeTV8dU1CDw0IAxlyXFIKXhBBIQsWDAtcGgACTwEXVVdUU01QChVqUAdQSwhNVldUSAoDGx1Dcn8%2BMAIdQVwbAwAHU1JfBwEAUQZXX1RcBEx1bDJAT0YWB2ZXS14WQlwTPQUFDg9VTBsLQ3JREw0OAUEbRA%3D%3D&jsonp=NREUM.setToken
Requested by
Host: chaturbate.com
URL: https://chaturbate.com/tours/3/?c=1&campaign=NcAyU&gender=f&disable_sound=0&p=0&tour=x1Rd
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.243.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://chaturbate.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 29 Sep 2021 05:29:12 GMT
Content-Encoding
gzip
CF-Cache-Status
DYNAMIC
X-NewRelic-App-Data
PxQGQlVXCgYEXVFVFR0VMQFTYkEDCBADUxZRDVZkG3xWEU0YdQhAEgVCVAkDEWQcfgEVFk51XhUUUEJQCgMRQBxSFlIUChoKC1QPV3RMB05WAhtDUgYJBQBXUVpRCQ9SAlVSAUBKBQNcEV0/
Server
cloudflare
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Transfer-Encoding
chunked
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
access-control-allow-credentials
true
CF-Ray
6962cfff2916fad4-DUS
1313463
ad.a-ads.com/ Frame 61A8 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.a-ads.com/1313463?size=320x50
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/wp-content/cache/busting/1/wp-content/plugins/boxzilla/assets/js/script.min-3.2.18.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
78.46.174.169 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.169.174.46.78.clients.your-server.de
Software
nginx/1.18.0 (Ubuntu) / Phusion Passenger(R)
Resource Hash
773d860f5a76b9a63384b93c1af6eff4582d64dfb92e19e771d1e25318a46731
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
ad.a-ads.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://mrhacker.co/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/

Response headers

Server
nginx/1.18.0 (Ubuntu)
Date
Wed, 29 Sep 2021 05:29:12 GMT
Content-Type
text/html;charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding Accept-Encoding
Status
200 OK
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Powered-By
Phusion Passenger(R)
X-Original-Referer
https://mrhacker.co/
Content-Encoding
gzip
1313465
ad.a-ads.com/ Frame 495F 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.a-ads.com/1313465?size=728x90
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/wp-content/cache/busting/1/wp-content/plugins/boxzilla/assets/js/script.min-3.2.18.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
78.46.174.169 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.169.174.46.78.clients.your-server.de
Software
nginx/1.18.0 (Ubuntu) / Phusion Passenger(R)
Resource Hash
a96cd324242c853ce619d31a10cdab2bf7e04c4cfc26ce357a1f8e6839a77576
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
ad.a-ads.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://mrhacker.co/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/

Response headers

Server
nginx/1.18.0 (Ubuntu)
Date
Wed, 29 Sep 2021 05:29:12 GMT
Content-Type
text/html;charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding Accept-Encoding
Status
200 OK
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Powered-By
Phusion Passenger(R)
X-Original-Referer
https://mrhacker.co/
Content-Encoding
gzip
1313462
ad.a-ads.com/ Frame 9C67 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.a-ads.com/1313462?size=300x250
Requested by
Host: mrhacker.co
URL: https://mrhacker.co/wp-content/cache/busting/1/wp-content/plugins/boxzilla/assets/js/script.min-3.2.18.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
78.46.174.169 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.169.174.46.78.clients.your-server.de
Software
nginx/1.18.0 (Ubuntu) / Phusion Passenger(R)
Resource Hash
7b4897fabcdc978df340c2d32069d3850b033daf9ed10ebcd402a8777d1f255b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
ad.a-ads.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://mrhacker.co/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/

Response headers

Server
nginx/1.18.0 (Ubuntu)
Date
Wed, 29 Sep 2021 05:29:12 GMT
Content-Type
text/html;charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding Accept-Encoding
Status
200 OK
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Powered-By
Phusion Passenger(R)
X-Original-Referer
https://mrhacker.co/
Content-Encoding
gzip
sodar
pagead2.googlesyndication.com/getconfig/ 		11 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210922&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109220101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7952463575870072&plah=mrhacker.co
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
cf84b06bca8354e7efd15fb00c02ef5ea5606ec23b25a5a42d267655bca1bff1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 29 Sep 2021 05:29:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8503
x-xss-protection
0
320x50
static.a-ads.com/a-ads-banners/117618/ Frame 61A8 		106 KB
107 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.a-ads.com/a-ads-banners/117618/320x50?region=eu-central-1
Requested by
Host: ad.a-ads.com
URL: https://ad.a-ads.com/1313463?size=320x50
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
78.46.174.169 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.169.174.46.78.clients.your-server.de
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
0cab8671024e27265f5d37739d64ccfd8417d3a1326cd85e578a2ca7280ecf0d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ad.a-ads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 29 Sep 2021 05:29:12 GMT
Last-Modified
Sun, 19 Apr 2020 16:08:09 GMT
Server
nginx/1.18.0 (Ubuntu)
x-amz-request-id
0GAG5KFB475TJHPK
ETag
"964435510a885dc83118d9345a439c3d"
Content-Type
image/gif
Cache-Control
max-age=315360000
Content-Length
108594
Connection
keep-alive
Accept-Ranges
bytes
x-amz-version-id
w4CWsbKlEWz_x7_SpmcYfVfQEmXT2wOu
x-amz-id-2
Ox6+aWq3lgtM9rHFSFNDNDjtpsYOBJjO55QmlXL6LQXs+U7Kppqp7NnT/VuFNcDELe1tczMNR/g=
Expires
Thu, 31 Dec 2037 23:55:55 GMT
728x90
static.a-ads.com/a-ads-banners/117619/ Frame 495F 		122 KB
123 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.a-ads.com/a-ads-banners/117619/728x90?region=eu-central-1
Requested by
Host: ad.a-ads.com
URL: https://ad.a-ads.com/1313465?size=728x90
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
78.46.174.169 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.169.174.46.78.clients.your-server.de
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e4503a46dd63eb6398899345e1cf979d0aeb0dedfe051fc6cd213a69d67ddcc9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ad.a-ads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 29 Sep 2021 05:29:12 GMT
Last-Modified
Sun, 19 Apr 2020 16:08:09 GMT
Server
nginx/1.18.0 (Ubuntu)
x-amz-request-id
318RYSRCGCRPFKBH
ETag
"8df22bfbf1b66e4d461cc595236e19c5"
Content-Type
image/gif
Cache-Control
max-age=315360000
Content-Length
125388
Connection
keep-alive
Accept-Ranges
bytes
x-amz-version-id
0fATWmKYpJSZr5TJ6jtiSoqDotlI3uSs
x-amz-id-2
ila+FRrOhImuEgfWowX/eRxFxE9CXGoRs/xZY5sZ1ZlE+yq3Re4MrrYJR/Tv36rMPwmH30tNqnA=
Expires
Thu, 31 Dec 2037 23:55:55 GMT
300x250
static.a-ads.com/a-ads-banners/103763/ Frame 9C67 		686 KB
687 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.a-ads.com/a-ads-banners/103763/300x250?region=eu-central-1
Requested by
Host: ad.a-ads.com
URL: https://ad.a-ads.com/1313462?size=300x250
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
78.46.174.169 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.169.174.46.78.clients.your-server.de
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
2191d31c59541b9c44346fde06c4e0ea2900c7ff88d084e8871ef13d2daa1326

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ad.a-ads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Wed, 29 Sep 2021 05:29:12 GMT
Last-Modified
Fri, 27 Dec 2019 12:20:30 GMT
Server
nginx/1.18.0 (Ubuntu)
x-amz-request-id
317XX5MEQSABBPGT
ETag
"28dd56aa4c3448923f2e06f6f90e1017"
Content-Type
image/gif
Cache-Control
max-age=315360000
Content-Length
702864
Connection
keep-alive
Accept-Ranges
bytes
x-amz-version-id
KIPQ8aj2AKbgfuqCDbQF8bZCjZrg7.Bd
x-amz-id-2
clnVlMeI+IGV01RZ8xfV+0fAZ/Q1YFwrdGQLpkHoKv7FBYNpjSvBVmTCZ1sGmKivwuHxXGXEG/s=
Expires
Thu, 31 Dec 2037 23:55:55 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109220101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7952463575870072&plah=mrhacker.co
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.161 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f1.1e100.net
Software
sffe /
Resource Hash
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 29 Sep 2021 05:29:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1624308425655142"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6467
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
expires
Wed, 29 Sep 2021 05:29:13 GMT
6f524845d1
bam-cell.nr-data.net/events/1/ Frame 5E90 		24 B
502 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bam-cell.nr-data.net/events/1/6f524845d1?a=24279235&v=1210.e2a3f80&to=MwYEbUdYXxJQWhULDApMIExbWkUIXldOFgwRERUXQ1BUFkIDFQ0WFlA%3D&rst=912&ck=1&ref=https://chaturbate.com/tours/3/
Requested by
Host: chaturbate.com
URL: https://chaturbate.com/tours/3/?c=1&campaign=NcAyU&gender=f&disable_sound=0&p=0&tour=x1Rd
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.243.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer
https://chaturbate.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type
text/plain

Response headers

Date
Wed, 29 Sep 2021 05:29:13 GMT
CF-Cache-Status
DYNAMIC
Server
cloudflare
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
https://chaturbate.com
access-control-allow-credentials
true
Connection
keep-alive
CF-Ray
6962d0001a66fad4-DUS
Content-Length
24
runner.html
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 7B85 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.161 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f1.1e100.net
Software
sffe /
Resource Hash
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/224/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://mrhacker.co/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5029
date
Tue, 28 Sep 2021 13:52:25 GMT
expires
Wed, 28 Sep 2022 13:52:25 GMT
last-modified
Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
56208
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame B069 		783 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.132 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f132.1e100.net
Software
GSE /
Resource Hash
f15e90b9cff0419fcddff4d772eac7c0a036c505b12f92d0d929ec5ea91c0964
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-dOQRlqJf5l/oYjfxkDSAnQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/aframe
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://mrhacker.co/
accept-encoding
gzip, deflate, br
cookie
NID=511=NtnLl_r7ueBbJwdiH-HQIaZYPXNgJI0DCiDiYHE5spX7VLxcN6_7_RSq8Z9pMPB9pAJgOrWcr07pjOma73gib4L3NXnZjuyEJfeRyThjXu7HlvAmYP3D0FJgjAbgYY7yosHOykGj057d9_PiBi16oebQrB4g25d2ZHx_U90xG_8
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy-report-only
require-corp; report-to="recaptcha"
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Wed, 29 Sep 2021 05:29:13 GMT
date
Wed, 29 Sep 2021 05:29:13 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-dOQRlqJf5l/oYjfxkDSAnQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
513
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
WAz-nyaJu9uVRUq8NsxhsXGtXViWwv7lV4sP3qP2SqA.js
pagead2.googlesyndication.com/bg/ Frame 7B85 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/WAz-nyaJu9uVRUq8NsxhsXGtXViWwv7lV4sP3qP2SqA.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
sffe /
Resource Hash
580cfe9f2689bbdb95454abc36cc61b171ad5d5896c2fee5578b0fdea3f64aa0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 27 Sep 2021 17:18:46 GMT
content-encoding
br
x-content-type-options
nosniff
age
130227
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13388
x-xss-protection
0
last-modified
Mon, 20 Sep 2021 23:08:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="botguard-scs"
expires
Tue, 27 Sep 2022 17:18:46 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame B069 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20210922&jk=1607268127619954&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&t=2&li=gda_r20210922&jk=1607268127619954&bg=!CQqlCk7NAAZNQyuQTUM7ACkAdvg8WpfR7dqLNqtxwoG6NJTtbsh5JLD8AeHtUyOsuph8Xf0SHzn1mAIAAABkUgAAAAtoAQcKAIXrwNKiIe0k4-eXjUKVVC0654iLJZTRRQu3M0xWpRKecaYjxQJD55_Y3JImZyCeWt5QCTW3nbte9RXpyOvxRwwGCB97bUTc16Iya4bGpG5hvplmtZhLGjweXTImi_IOchnwSir5za4KEvabCCkv98UiA_v8R2sRiCsEr8NIzyjpjPHpx-OjmQLOOsjMP3ADPSZAOzINHAKkkBP3guXmbc2hvZdO_iuGf9lp1C0zkpsErP14fFtk2vIdYB_r1yW2WUXwzaWkobHdgRzigLJTZGF5JkxXaXQAJQYgjo-j1hPlIdOGl2f9Nux8MS7XO_xqGFr8hVnYdV9-r9QGTaDp8Rw4OpcCJUJ06tr74llo8wHWGdcpjkcdkkCB3L1ZaBjIhn2rQV_0kOVcBOXXIoRfNiKrapGHz4x02gAjybkRvy09Ue-aAcBgoHpZ8WQyDo4GFYikSzbzWPQkElgbl6jExSEhehu2bpB2qAOPwwlykiZh80nS1Lnt60JobDr8Bo_Esl92XtHkyaAq6Q8XiuhqMDmlMNiu8pJkIhLawSzrknARYw31Vnf9kburpxbf52KDiMg3XOc1eMxB60SG_fdC3alRaFOOE2gFdbSWBD3eN86Uw_SeGcLuxO2Hm5WynlIrRIV4cjgPw5GH4BwvMklJjcD_dwYat_OEKpOaU1eMz2cbnl-YkzRnP99TouqEyvl8d5fsyPSDlAeu8H_FS_xSg6VYtlw8028rxjFIZBBQktze6N6C2Q1V2MLmI3X6edzju8BjJlgszxngQGDOUt69QoE2lCb4MSTCEcee98mD1mbyZnhYr60O5QRF70XD8guESh63IIFhAitOa7cpKJ5Ft6mt-XAk4elT6f1NwNJDo_zVVqggkdk3NxLa6Ze3_QJtwg1UJA3Vfh82QiTwgVVLEGFd-FNmHrAJT1ScG65HADJf5B8ivOWHcXDp7TvElolXOmDsU8MxMS7Pb3W7EW8pSMwqxxMQQm-xIpEv0slfeFokoFX6riQXh-QKrWs-5nIzPR5tp9QCvIR1sgieEwKUkrA5DnpAlWfryawZqRjSwiG2rCN_LB-jIMsCbB1ASMVtUl0lD7_Vv4aK6iyI0XdEj7YmOzfBXuKqHBxcsHOfxdo6P4tCp7iRtA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mrhacker.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
poweredby.jads.co
URL
https://poweredby.jads.co/adshow.php?adzone=929956
Domain
poweredby.jads.co
URL
https://poweredby.jads.co/adshow.php?adzone=929973
Domain
poweredby.jads.co
URL
https://poweredby.jads.co/adshow.php?adzone=929967
Domain
poweredby.jads.co
URL
https://poweredby.jads.co/adshow.php?adzone=929979
Domain
obgpm76tt0a0sgozk8l.npdredinuid.imrworldwide.com
URL
https://obgpm76tt0a0sgozk8l.npdredinuid.imrworldwide.com/narr?gdpr=1&gdpr_consent=&url=https%3A%2F%2Fio.narrative.io%2F%3FcompanyId%3D19%26gdpr%3D1%26gdpr_consent%3D%26id%3Ddisqus_id%3Ac2kph8k114ahs1i

Verdicts & Comments Add Verdict or Comment

120 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| onbeforexrselect boolean| originAgentCluster string| et_site_url string| et_post_id function| et_core_page_resource_fallback undefined| $ function| jQuery function| gtag object| dataLayer object| google_js_reporting_queue number| google_srt object| google_logging_queue object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state object| adsbygoogle boolean| _gfp_a_ object| google_sa_queue object| google_sl_win function| google_process_slots object| google_persistent_state_async function| google_spfd number| google_unique_id object| google_sv_map string| google_user_agent_client_hint string| disqus_shortname string| disqus_title string| disqus_url string| disqus_identifier object| monarchSettings undefined| fb_timeout object| fb_opts function| easy_fancybox_handler function| easy_fancybox_auto object| boxzilla_options object| addComment function| ResizeSensor object| NiceScroll object| jQuery112409251006680495806 function| retinajs function| _abort function| _error function| _start function| _process_inline function| _process_image function| _show function| _format_title function| _process_title function| _set_navigation function| _finish function| _preload_next function| _preload_prev function| _preload_image function| _draw function| _get_viewport function| _get_zoom_to function| _get_obj_pos function| _get_zoom_from function| _animate_loading object| Boxzilla object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter function| google_sa_impl object| __google_ad_urls number| google_global_correlator number| __google_ad_urls_id object| googleToken object| googleIMState boolean| _gfp_p_ function| processGoogleToken object| google_prev_clients object| gaGlobal object| google_jobrunner object| ampInaboxIframes object| ampInaboxPendingMessages boolean| google_osd_loaded boolean| google_onload_fired function| disqus_config object| DISQUS function| disqus_recommendations_config function| addEvent object| gaplugins object| gaData function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb object| DISQUS_RECOMMENDATIONS boolean| __v5k function| vl_cB function| vl_disable function| vglnk_16328933512406 object| vglnk undefined| vglnk_16328933517417 undefined| vglnk_16328933519009 function| BezierClass number| a object| GoogleGcLKhOms object| google_image_requests

31 Cookies

Domain/Path Name / Value
.mrhacker.co/ Name: _ga
Value: GA1.2.696830200.1632893350
.mrhacker.co/ Name: _gid
Value: GA1.2.1176372558.1632893350
.mrhacker.co/ Name: __gads
Value: ID=a9623390156645bb-22b7d01166c900ff:T=1632893350:RT=1632893350:S=ALNI_MYH41ADXFw3tR1mJ4K9rE5IQRnpdA
.disqus.com/ Name: disqus_unique
Value: 2kph8k114ahs1i
.google.com/ Name: NID
Value: 511=NtnLl_r7ueBbJwdiH-HQIaZYPXNgJI0DCiDiYHE5spX7VLxcN6_7_RSq8Z9pMPB9pAJgOrWcr07pjOma73gib4L3NXnZjuyEJfeRyThjXu7HlvAmYP3D0FJgjAbgYY7yosHOykGj057d9_PiBi16oebQrB4g25d2ZHx_U90xG_8
disqus.com/ Name: __jid
Value: 2kph8kb2lbhbvs
btds.zog.link/ Name: 912.0
Value: 1
a.adtng.com/ Name: adtool_guid
Value: Ch5KBmFT+acVmFWbvf17Ag==
a.adtng.com/ Name: RNLBSERVERID
Value: ded6974
.tsyndicate.com/ Name: ts_uid
Value: 2ce790e9-f4cb-4269-88a0-6ab5e4b21604
io.narrative.io/ Name: io.narrative.guid.v2
Value: 2da66810-20e6-11ec-a9a5-06119d0d8b4f
.rlcdn.com/ Name: rlas3
Value: leYezWheL0mRsFZXfHDK4ZVuJpVBxYQGptVs2p8uv2o=
.chaturbate.com/ Name: affkey
Value: "eJwdjEsOQDAQhq8isxZVK7FzAQuJA4xOxas0NaIi7i5j9/3PBzgsUCUQ6VzZjLhtdoU0ARwGsR3GGJ2lCYtclxJ4sQstGARHZn9USvn9ssFSf2cz0pGZXUmF/2/dkgjj/nFj6ruD9wP6OiP9"
.chaturbate.com/ Name: sbr
Value: "sec:sbr7ca273b0-d60b-45fc-9954-b254c7f0565d:1mVS9Y:suFXlz96JdL7sR83yyuGCIbg8JE"
chaturbate.com/ Name: us_x1Rd
Value: 1
chaturbate.com/ Name: u_x1Rd
Value: 1
.chaturbate.com/ Name: fromaffiliate
Value: 1
chaturbate.com/ Name: noads
Value: 1
.doubleclick.net/ Name: IDE
Value: AHWqTUnuH4QH87V979zyyYq4HJ-sAgqGsjMFu3CwX-wVqp4BdNENJORrsl4Z7JFVNhE
.rezync.com/ Name: zync-uuid
Value: 357b854d-0c8e-4a69-a6f3-b31e122d75e7:1632893352.33
live.rezync.com/ Name: sd-session-id
Value: .eJwVykELgjAYgOG_Et_Zg9MFIXQUEfoUaSLzIqZDN9PMTaiJ_z27vS88G1SzWMZ6EpOBwCyrcKB5yuM0BBu0Ur_Xo6Dxhrm_DITQutdEwu6AFlrL11TJ9i9Pj0OhzX2uOpJEmcEIaXl3Xc74-VaEXqnQcIWfkoVfHDM_KXI_VaGHNqYpQ5uweEWLV9j3H7IhMTo.FDWLKA.irnonf2yot18J9TCyefZYFbGSI0
.adnxs.com/ Name: uuid2
Value: 3244829569288000608
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAAAOMSNrQwNzQ2NDMwMjYytjQwtzAyMhXiM9R19vDxizCPMCjzLDWV4jU0MzaysDQ2NjUyNbEAACxYWpQ0AAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAAAOMSNrQwNzQ2NDMwMjYytjQwtzAyMhXiM9R19vDxizCPMCjzLDUFAJnH4MUlAAAA
.rfihub.com/ Name: euds
Value: H4sIAAAAAAAAAAXByxWAIAwEwIvtxGd2yQe7AQmFULkz5wItZlpb8nxZ0oZ3Gb4pk1oKrLCKV53IThpu8gfxfciNNQAAAA
chaturbate.com/ Name: stcki
Value: "pOtSwZ=0\054FqPd9a=0\0546pduSG=1\054aDBbcK=0"
chaturbate.com/ Name: dwf_s_a
Value: False
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAAAEXHuRGAMAwEwAqIXIcYS2c9phs_oiBCqiVks32KQH2Gtk11RVIb1mnYDZrgZJHtmn6xQaIDKifwluO_Wf0ATy5o7UUAAAA
.chaturbate.com/ Name: __cf_bm
Value: 5M1WbQjUWofprHvofhbSObFl61Kf1iJWp04Ck9n2zSA-1632893352-0-AXHr7Go9jeSaqIasF7IifS1bICdVeVK2DQUjOHsnHjbttWvQs7066Rv/tvzzctI0GcVdwnYL7EQdYASt1y1IVbXlfBHkaYsml0iuE9T49UxSs+icuLkEDSUr3UISGuFyYR4DboP4EVU3k6a6JdzJpaQ/F93sZ+atp8ncKspsmQgg
.rlcdn.com/ Name: pxrc
Value: CKjzz4oGEgUI6AcQABIGCLbqARAAEgYIuuoBEAA=
.criteo.com/ Name: uid
Value: 3cb997b1-1e3f-4c4f-bc8a-6ce0a81c1202

7 Console Messages

Source Level URL
Text
network error URL: https://ad.a-ads.com/1313462?size=300x250
Message:
Failed to load resource: the server responded with a status of 577 ()
network error URL: https://www.effectivedisplayformat.com/09b4c663c359aa4550e8776a006e591a/invoke.js
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://www.effectivedisplayformat.com/6cc0003302752de793ff29e3ffcd55ae/invoke.js
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://www.effectivedisplayformat.com/e3f31de3ba73aad193bc6d6123925a0d/invoke.js
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://www.effectivedisplayformat.com/5443e680fc84477d90d46ca506b1db43/invoke.js
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://c.disquscdn.com/get?url=https%3A%2F%2Fmrhacker.co%2Fwp-content%2Fuploads%2F2020%2F04%2Fhow-to-get-windows-10-2004-release-preview.jpg&key=VkcfeckCrYChI1IL-3gBzQ&h=200
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://obgpm76tt0a0sgozk8l.npdredinuid.imrworldwide.com/narr?gdpr=1&gdpr_consent=&url=https%3A%2F%2Fio.narrative.io%2F%3FcompanyId%3D19%26gdpr%3D1%26gdpr_consent%3D%26id%3Ddisqus_id%3Ac2kph8k114ahs1i
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.adtng.com
a.disquscdn.com
accounts.google.com
ad.a-ads.com
adservice.google.com
adservice.google.de
adsxyz.com
apis.google.com
bam-cell.nr-data.net
btds.zog.link
c.disquscdn.com
cdn.viglink.com
chaturbate.com
clipsex.online
cm.g.doubleclick.net
connect.facebook.net
disqus.com
ejp.rlcdn.com
fappinghd.com
fonts.googleapis.com
fonts.gstatic.com
glitter.services.disqus.com
googleads.g.doubleclick.net
gum.criteo.com
ht-cdn2.adtng.com
hw-cdn2.adtng.com
i.jads.co
ib.adnxs.com
idsync.rlcdn.com
io.narrative.io
ip174213059.ahcdn.com
jav1080.com
javbest.co
js-agent.newrelic.com
js.cabnnr.com
js.wpadmngr.com
lcdn.tsyndicate.com
links.services.disqus.com
live.rezync.com
mrhacker.co
mrhackerco.disqus.com
na.nawpush.com
netdna.bootstrapcdn.com
null88.com
obgpm76tt0a0sgozk8l.npdredinuid.imrworldwide.com
p.rfihub.com
pagead2.googlesyndication.com
partner.googleadservices.com
phancongkhanh.com
pornbebes.com
poweredby.jads.co
pxl.tsyndicate.com
referrer.disqus.com
roomimg.stream.highwebmedia.com
rtbbnr.com
secure.gravatar.com
sex4viet.com
ssl.gstatic.com
static-assets.highwebmedia.com
static.a-ads.com
thehackernews.com
thesexscene.com
tongdongkhue.com
tpc.googlesyndication.com
tsyndicate.com
vcdn.tsyndicate.com
vz-cdn2.adtng.com
www.effectivedisplayformat.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
xdultchannel.com
obgpm76tt0a0sgozk8l.npdredinuid.imrworldwide.com
poweredby.jads.co
104.16.160.13
104.16.93.42
104.18.100.40
104.18.11.207
104.19.241.83
104.21.235.51
104.21.25.241
104.21.3.136
104.21.50.160
104.21.62.171
104.21.86.13
104.26.0.97
109.206.175.224
13.225.87.83
13.225.87.94
136.243.80.153
142.250.184.194
142.250.184.232
142.250.185.110
142.250.185.130
142.250.185.141
142.250.185.162
142.250.185.163
142.250.185.202
142.250.185.226
142.250.185.66
142.250.186.161
142.250.186.78
142.250.186.98
151.101.192.134
151.101.2.137
152.199.21.187
157.240.236.1
157.240.236.35
162.247.243.146
162.55.139.130
172.217.23.99
172.67.132.22
172.67.147.50
172.67.174.93
172.67.175.114
172.67.198.237
172.67.199.92
172.67.204.82
178.250.2.146
185.33.220.145
185.94.236.247
192.0.73.2
192.243.59.13
193.0.160.128
199.232.192.134
199.232.192.64
199.232.194.49
199.232.196.134
199.232.196.64
209.197.3.25
213.174.135.25
216.18.168.166
216.58.212.132
35.244.174.68
52.17.47.34
66.254.122.21
67.27.233.249
69.16.175.10
78.46.174.169
88.208.31.2
93.114.135.65
94.130.164.161
002d4e61d6efae0d93d62d4c12576e427302f32361e675aaffa3691ecd9ae17d
00495464ebf2e7d11845a11f8bf98fd71cbd8e26ceb6889c90fafaba1becfdeb
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
039a1b099485ec8984e9a10a5f26fa3849b13c483575ab4d2e55639c39cb1c98
04fb342b42c3c65375bbb55a2271d16fc76159c0246a310baa25ba86f956e139
0596f95d0cbe3e4d4348337b6e375fc7c425fe3e1036467ea68695d4944ac9de
0656c75c4917096eb8be23bc78c8c3fee7b8d059779519cb30dccc9f296c54ce
07aa1437b73b702e4fd27db55e676455653762882c782440309ba4534050928a
090b57d2ba8067994e94dadb6fea5c934c4bd4c38f516c9e7fc29dd8387d5d88
09b81fcb452174dc5423a2e2e6e86beae84ae77aa084dae62b15441bd2e6cc9f
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0cab8671024e27265f5d37739d64ccfd8417d3a1326cd85e578a2ca7280ecf0d
0d3118e306c6a26f1d2efcb698984e6922c5e7e155c94a84760e36e5592a3c11
0ec98adf593ebcc01bec60b1f494dacd47522abfef9038a714101d83f45e165d
0f605d8e48293fdf87270a216e34ef23fc68c77cef6455f5f54cf833666f85ff
13b807f139804c62d4dd702d938f68fffae105e0e87a8656d30143d039ae5029
189f9e055dd25823d14b06678036d41865d143d8ca4813fe97c08db4eb21e851
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
1fccfb19edcba5a92a7afccf2ce377eda3f6e2e0eca54288de5ef889316ea8fa
20a62908760bc8ca0f8fc175051c9ee4d2f727e56fe2a18efafa8b96f6285822
2191d31c59541b9c44346fde06c4e0ea2900c7ff88d084e8871ef13d2daa1326
227365258106f73bc8761237c88b38ffbca65361aa95b865709657406eae1459
22b8e0d3e840d946a55b0bd55b53398a7eba6d15dd03943719c9cc0192ed8680
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
28e4bf97c04dd85f54eec28480e7ef6264e5d6a39354ca662e795f244e910405
29d9b3f1416ee995532dbf3cd486342447ab2ab627b989854751ee7c9ae1f48c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
30ebe86ee66f181317d9669e0530fc4fcb459005996595c73993c1e7fb0022e4
331477a89d7bb7078d3f93d2b0589ff5d99a09ab64b60797694dfe8f591b26ea
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444
38602ce85e992baf3c0146bc94d7494ac31ebb9bb17b655edcd062b268b8137f
387e8b5019922c28cdc230b2cb4eb495b498aa0457bba42eb16d690e36773942
3ad0ec366281df6e9aeb1a76d38edbf62c2d76dc0acfff428755b085c8d1ebb6
3e5518c1f6b2575f6147a680f6feaf3958b5c26fd189713bc53c24bf4edc5d19
4028750e7b37de9ff30e9359b4bcd6b64159656332dd056677121f3cfe022cc5
44dd34631d251f58a88f771f5b4bf5495756377dd29c6177754aa7fd4b8d53ca
45458c5cfa0ae1e6992b40d920661a7107510f24e5c96f4b2f160d9939d946d0
454d5718d8a2b6216d34004eac916cc7b579c504488ae02dd7e055bc023c0c4b
46997ea7053f258497fc6c7f6f6cc27e95f2c6fcc0d71ce40e2d4b09d3c41229
4733f238ec3a12b30e5d920ea6486829a55c642ef23b13195284a47e6fcc77e9
478823b79d2f830725e8e69079313a3dde42a265ba96e4cfb3a9dd562cbc6318
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
49f6a8a3f828ce6e2eeb58b3471946284256d4d9dc5c1a8bbeeb88d9b955e871
4d1e19ec512d63c76f67e817ed30ae50ae25af95cbffa205c85f283471eba1b9
4d5107c233a2e0aa5ff4f7cd61b80726dffbe0fe7b31c7917593fc7c83f3cf32
4d54a8b941eaa5c7d9be699e77081b177e8b1b9caa58b6e0dab0c14babae9787
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
51809bc55f512c21a3829627405dfec8796820392303908a9e011691de6f79f7
52415b65b808c23ba1578c46b4b397fdaa4f979c8ae04dc1bd2b9cd96d4230fb
52dc5730b7afd3f35531dcca2bd7b9984f0271d15c8b449c4b1d425dddf12a33
538dd4ff6e384a44155168326ac40a6c20a93cd212b1fbf88ae7b0c44f9ab0bd
53fe53c56c5b1bbfc0e93be0885873cfaa6b27db47e7a9b022b0844dc7072bc9
580cfe9f2689bbdb95454abc36cc61b171ad5d5896c2fee5578b0fdea3f64aa0
58a44d6c770507ec46d86726935ddc8e38cc5770464e9b1eb6246682fd6e5504
59850f83e6e3d914ef8645af6ae30b3302993ed4b6664a429fa2a5837457c276
5ad0b5133e45b32908a388c8c6dcfca2c23d1d9d3e2ed6a839a742bab1ffde51
5b0f707e979fbde0b3f0ba9b1bc96b9187b90388518d42367a80604564c42ff8
5fae79754e7af92e6afadc3060797e3d35188221e60d63d0625f66cf921e7ebb
5fb819190480f377caafc83eb8a5f7963d95bbae69649c3001b75816ef9e9b90
63bda5233506a33c226e040ba3cacc8626427d71352fe910e8095545aa40122e
647bd83caba3a4b29c19e2ed0fdb74b2c6f83f4bb2058e143bb4ce161465204d
676311b41a8a21162d8187ce2b2ecb7c652888635cc52967a9aabff9ef583d2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6cce250309d4470b025877494a01253e1d9d8da32fa5fc96ca2ce63683b2a084
6cd6e37676b17b8d6ea7820808d01f7aa8a3485f374ffd12f0be4bb5de8d12fa
6ea5ae441130287eb5d58aebb3425bd80c9836d3c51e5e04e293cae2188b1bae
6ec96ff2d718b49c1d890f2e22b8bdb653a55a13d0878efb56b44d4f571303a6
6f0e50ac39121175ca0427c4e87cdfa2520b526c8497e23cffbca726eb6ca42c
6f46c2b77f2d088d2acf6aca54a9e726b75bae179a3454b577ae5ca45d1fa2f9
6f6724a00cb858aa73759829289a3593ec992eb2ce720825bd2239e53dca4d3f
716fbed432779a3d7f8d44cf45511b4787a1b15c5841d204e01ed86a2f70f72c
73eb139b1371aed55b1dce74b7258f2d90991c5294d69fce852c3eed1af40068
751dcf9dcab28e7704b6c2b25d6288581f8a45af878fd628135cec03d8112eed
76552adae5607fac34408495c778731ee6e211032fc0bb99c6489c7b78098911
773d860f5a76b9a63384b93c1af6eff4582d64dfb92e19e771d1e25318a46731
7822b26e3bd8cb2acd74876d4ca3e73a21c4155ec40cc93e81d1c498b81d5ce5
785098daf6dcf871b7ad4186aba3b8fdc8904e650dc8db4844733fad8e7ceb00
795630a67e6d00e72b01172b0b9941769e885762b79862c657089eb506d5a61b
7964d033f829ae2809f61810c4efa9adf6aff915ded111a9c346bca2b1302b62
7b4897fabcdc978df340c2d32069d3850b033daf9ed10ebcd402a8777d1f255b
7beda80735407df2086e0c1fbce5bb295add72c571d0756f2a151c9fcc2a54c5
7d873711d6fd0790210612da76716c15fa865a6e078a1786f0ff0df4764e1aea
7e4e39faf7f1a2189448df77d8f21a44396df799e20800869ae83fde5a9b5a3a
80de47821654fdda2f463506ec525ef1e5f3788e5aa8638793034fe79162935e
818c9c4c368ff40bbc414f8bb3a80990c7208bcf0b45f9d9aa947f1ea2e1eb93
8255e8a2ab490330fa8ae9c0c9a34e26daa52b7118b72bcdb775156dcc38ef6a
8282288043770e0f117c91af4dbf076e0d7bdff4338014570222118ad0d44a10
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
896a82003cd1a9134b0404c129bb7b8292e1d8a91298e275141b21086baa8a9d
897410b87e27e3dfba3a7d6caab315a5e69cc941bb96d91fc74878a9b051843a
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a9ce7cd5160431f151052553126cc3cfac8ab340119f462451e6667c33daa18
8c102baea959329be23bb8a5d6bc268ce1668484995f0d23c2f88b46d7653c4f
8daf09a6fc31937457dd77e9c25ce4b21349d605b561a8c5d557841bf964c9a0
8ff3c131212b8c54e4fef81437dd815acba30e979a4e811a5a1174250e548bcb
92c35f839d90ea55730d05ce3ea859cb598cd85eb20be3ed55621bb8baa3aa36
93e18f2f4e1a2af8839f0ee4900990890090742ac52482ea811f1fe41ef5556c
948f0c154ad97428bc1d1dee456f2e20ec4e0e302b0d3189e08a4573cb63cdb3
949fd0ad4963742c2a0141cc2affe757d708568e9f00008d1a4a53caf5d0415f
951036f01a969b7b181d7952ee802c9ab4989a447b171dabf959934e9814118a
95347f5a02237a0ff92fc87be7ad78f0fb44eebc125ffb61edc17da98a6d23d7
97152508df33871d78e6d8595480ac6c5cf8f2feb1fc1ef7fd2ef7a0517810c7
983fdbe3bd9e7d78e285457cf2dc06291a6c61db64fafcfbdba83e3698b59178
99654901317893462dd2d3c9a9e19c20bed9ecca4e59e20308ec6d38d284f77e
9ad8ceacf5021200f5e0d5c97008d8f856a2fe2280d3fdce044ae205bd69d96c
9c39061e556a9b345f0756474660bfd346f3a98a3a668ffa9fc4aade55befaa8
9e0455b3df679d8214817d3c23170c0315d5659e8274e6dc718cf459024279e8
9edb993f362fcd878c310594fcc08f4271d8ac16469829db3eda62b5e551ce09
9efb3d5e1b082a66bd94908b42afb4cf6fe0e8eb8f50b8d2a18f6a5da03e6a18
a2ac7d27583731c7b8390949ca3884a647f16f7e499fef291bc73881ac4400b9
a474a8cbc88dcc5235e10c79292e916ee9e62db462ab931a725ef13e65130c93
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a51841ac5a3ccca313c7a0aaeda9c8c928a5769e8f7b8c24c3cf683d523491fa
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a68091c3a89ef3d42bdf172776721fade92cbc1bf09821205f1a2370a3f7c3a9
a7733d7cdf5627664c2672c9101d56d3c6e7f5351fe10353a25dea90eb3fd2ca
a7fc63c363948d7add8e1dade66045376e2bad22da6697f84d175e5f9a76166e
a8bbb814e0728f4318be60b880b1a445035044d93e97ab38a3a39ecf93fd6d2c
a96cd324242c853ce619d31a10cdab2bf7e04c4cfc26ce357a1f8e6839a77576
aac4761a5930acedec45aad4271f9a03ea52052d2450a3d23c73c4ee7d21db91
ae2fc8f8e0697701399521441a03445a3c11d79719accd0099f41687c1536c49
b050ef5971f31e140596e6d9e064ce65dfe5135918de2c682228f725f9ae4f2a
b4701a02867fc115537d39c50cdf7ddafebe452b157396081da80b222a6a679e
b58f939c74692c7858da571c9f7c1a9e1c2cfa367082ab49f7a4b1e0a0687927
b81d1d6dc8129dde051254463257a664dfe1bb49b78f0f4cd37dafbb3f960f93
b9e1a882c53094365b04f77c9fb1a34eb6e68842cc1c39569b2628c71157e113
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb776e4e7499c2a01783aaeafd98641ea731c2d2da8ed9bb20cef55cd50b863b
c18c7bd2947e12105e9a5fe5c317987bd0fb915bf9c985de41277f2411f5a8be
c28017db0580858fe7b0e2bdb0518979c2c1aa6348f128f42abb16730e293352
c2fdc3b13928223d29af3f7bd80b57d2bd680a8b229ce5948eadcf8fa5ccef42
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
c5b8a61b7114f9131b2c26131527d5ea955e8fc57c3989b92f7ab781473db139
c60dfaf4d68247d23d28f56642945518dc7481ce4fba6b1f908857f497a4c614
c953490be90a1e661e731eed1b5b5b07d20a3d23806cc81d641c383e99422c2d
ca6b4ff24aa7b8641869bb4744a0e1bd0bc0247c962e05df4cb0cde2c61b98f8
cc3065712fe8491c6bb8cb728cd3309c1c5896ba6bb0d0d23bfc60a0c3297890
cd6b4464f392f177e137577093ddc978acd3d80efc1a8128fb973caf6391a6e8
cd6fc870cdb3257ef57d431bec0c36302f6ebf108508b90516aee9678f8be6be
cece7c5413247ee86d32c4fcfa2ff0440955b192c3f44cfc469a6094ea4b39f2
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf84b06bca8354e7efd15fb00c02ef5ea5606ec23b25a5a42d267655bca1bff1
d14249854f89bfc3d438d887833ac7ec8f86f7070a683454e325d3b54810ce11
d24969c0f4eecb669152db506268c2ee3361f5dd5d72508ead0d098260260ea0
d3deca09d4349262b3737b8bc8b708838208f2a9f4eae9a099dddfd315cf735f
d80c738c707a8314897fec631566054d35613f93931db4ac9c5a126ff3534274
d8fd8f477b9e6eeabdb8a7a82c5d4ad22ef274c40c75edfa74c74cbaad7beec4
d9662b4b9ba6c2c3691ce0acd4572e027366eb97d6070550a13429262bb0037f
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
dd724a5daced2d1de5aab5f9707d9c47ac4cebb4a14d437a169d0c51e8b50b66
dd819f8eba0b56e52c8583bf1db1b5bbeec52504bef12ef0b325013b68977901
dd9bfe5f04d4e393463f42b4f503763c36693306dffef16d481e0c071b61ae64
e2e1b64507c8e03581b958717b74ea4f9df546187e1477ff33f2ad65dbdfcb16
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4503a46dd63eb6398899345e1cf979d0aeb0dedfe051fc6cd213a69d67ddcc9
e5668ad294690c0def710438c8462f2eb7ece9e8ef4b7ab53cb93a45d1f8cd7c
e56c7d55014ea7a44e772d84f66a29ecb78684227f234addfd06e7ad0c688eae
e5e71fa614171fdf7f3eee87e6198d233232fe2d73e7cc75cb30722c00000738
e794ba451770824495229c5bf88993a892e0eb06a33e666fc31365d7c4e37e71
e9c53e491809ea05195e1c724e21985de514fe94d10e63b82293bdd4b2258f05
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f154ad0a779cdcbfe1cb4e5df7f12695b16ed0839247ae9622663c3859e20ec8
f15e90b9cff0419fcddff4d772eac7c0a036c505b12f92d0d929ec5ea91c0964
f17838965e70a81ceda4ed6c773e1566ba25dafc3977c424e032d6fb27056911
f2aa607667861849c6c11cb3fd8737b2a26f2d4fc6fb902475f9f3c01e216192
f34bb7d9c8f2db0e78e5d7b226bc169182f8c22e7cd1a3e7b5767519b709c1bc
f48986bbd3c0fa2325dd32fc09cd1d3cc9a0063762964feff8bde2d58d5ce7f4
f493c9cdcc3bd4b86124a98a6da5f57a04d38a46fc748116bb744064b001532b
fb81d4108d1a485047b260bd9736c2c8ef105b1f56ead03c7d7f2a8811b3a6bc
fc2d7e2e227883c1ad3ab84d15f45e22d8a0bb7760ff0b9867e94bf7a3cb640f
fd110802bfc94a315236b952fc20ee920c1cf886b9526ffad1ee4ff9057d2394
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62