www.welivesecurity.com Open in urlscan Pro
2a02:26f0:480:f::213:7ed3 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
Submission: On February 24 via api (February 24th 2023, 2:13:49 am UTC) from TR — Scanned from DE

Summary HTTP 82 Redirects Links 37 Behaviour Indicators

Summary

This website contacted 12 IPs in 2 countries across 10 domains to perform 82 HTTP transactions. The main IP is 2a02:26f0:480:f::213:7ed3, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is www.welivesecurity.com. The Cisco Umbrella rank of the primary domain is 360672.
TLS certificate: Issued by Thawte ECC CA 2018 on January 24th 2023. Valid for: a year.

This is the only time www.welivesecurity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
32	2a02:26f0:480... 2a02:26f0:480:f::213:7ed3	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:80e::2008	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
1	18.66.97.100 18.66.97.100	16509 (AMAZON-02) (AMAZON-02)
3	199.232.196.134 199.232.196.134	54113 (FASTLY) (FASTLY)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:4e:1... 2620:1ec:4e:1::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
23	2600:9000:223... 2600:9000:223d:3200:6:8656:f5c0:93a1	16509 (AMAZON-02) (AMAZON-02)
5	151.101.192.134 151.101.192.134	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
82	12

32 2a02:26f0:480:f::213:7ed3 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

www.welivesecurity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.100 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-100.fra56.r.cloudfront.net

cdn1.esetstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 199.232.196.134 (United States)

ASN54113 (FASTLY, US)

welivesecurity.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
referrer.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:4e:1::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

cdn.esetstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2600:9000:223d:3200:6:8656:f5c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.192.134 (United States)

ASN54113 (FASTLY, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
32	welivesecurity.com www.welivesecurity.com — Cisco Umbrella Rank: 360672	2 MB
23	disquscdn.com c.disquscdn.com — Cisco Umbrella Rank: 4888	612 KB
8	disqus.com welivesecurity.disqus.com disqus.com — Cisco Umbrella Rank: 1226 referrer.disqus.com — Cisco Umbrella Rank: 7028	73 KB
5	gstatic.com fonts.gstatic.com	81 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 30 region1.google-analytics.com — Cisco Umbrella Rank: 2425	20 KB
3	esetstatic.com cdn1.esetstatic.com — Cisco Umbrella Rank: 575685 cdn.esetstatic.com — Cisco Umbrella Rank: 486006	144 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 44	162 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 36	1 KB
0	go-mpulse.net Failed s.go-mpulse.net Failed
0	msecnd.net Failed az416426.vo.msecnd.net Failed
82	10

	Domain	Requested by
32	www.welivesecurity.com	www.welivesecurity.com
23	c.disquscdn.com	welivesecurity.disqus.com disqus.com c.disquscdn.com
5	fonts.gstatic.com	fonts.googleapis.com
5	disqus.com	welivesecurity.disqus.com c.disquscdn.com
4	www.google-analytics.com	www.welivesecurity.com www.googletagmanager.com www.google-analytics.com
2	cdn.esetstatic.com	www.googletagmanager.com
2	welivesecurity.disqus.com	www.welivesecurity.com
2	www.googletagmanager.com	www.welivesecurity.com www.googletagmanager.com
1	referrer.disqus.com
1	fonts.googleapis.com	client
1	region1.google-analytics.com	www.googletagmanager.com
1	cdn1.esetstatic.com	www.welivesecurity.com
0	s.go-mpulse.net Failed	www.welivesecurity.com
0	az416426.vo.msecnd.net Failed	www.welivesecurity.com
82	14

This site contains links to these domains. Also see Links.

Domain
www.eset.com
welivesecurity.com
www.facebook.com
twitter.com
www.linkedin.com
www.cisa.gov
cve.mitre.org
www.mcafee.com
www.virusbulletin.com
support.virustotal.com
github.com
attack.mitre.org
www.quicklz.com
eset.com

Subject Issuer	Validity	Valid
www.welivesecurity.com Thawte ECC CA 2018	`2023-01-24` - `2024-02-02`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
*.esetstatic.com Thawte RSA CA 2018	`2022-09-23` - `2023-10-02`	a year	crt.sh
*.disqus.com Sectigo RSA Domain Validation Secure Server CA	`2022-04-20` - `2023-04-20`	a year	crt.sh
cdn.esetstatic.com Thawte RSA CA 2018	`2022-11-11` - `2023-11-11`	a year	crt.sh
a.disquscdn.com Amazon	`2022-09-30` - `2023-10-29`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
Frame ID: 41A8E24232487BD464D5D0B60299CF41
Requests: 50 HTTP requests in this frame

Frame: https://s.go-mpulse.net/boomerang/7R9SM-QGSYF-QDLJK-UETXR-SPM6B
Frame ID: 73B3D249291206CCF50C9E834C966426
Requests: 1 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=169677%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D169677&t_u=https%3A%2F%2Fwww.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F&t_e=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_d=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_t=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&s_o=default&l=en
Frame ID: 7A9BE982F0E34FE2CB7A64D08270E509
Requests: 29 HTTP requests in this frame

Frame: https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css
Frame ID: FDE18B6F6BD18BE566494E718FA4B0DD
Requests: 1 HTTP requests in this frame

Frame: https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css
Frame ID: A9EDF14E912409F534BAE9BDBE32A686
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WinorDLL64: A backdoor from the vast Lazarus arsenal? | WeLiveSecurity

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

82
Requests

96 %
HTTPS

73 %
IPv6

10
Domains

14
Subdomains

12
IPs

2
Countries

3036 kB
Transfer

4569 kB
Size

3
Cookies

37 Outgoing links

These are links going to different origins than the main page.

URL: https://www.eset.com/?utm_source=welivesecurity.com&utm_medium=referral&utm_campaign=autotagging&utm_content=eset-research&utm_term=en

Search URL Search Domain Scan URL

URL: http://welivesecurity.com/category/ukraine-crisis-digital-security-resource-center/
Title: Ukraine Crisis – Digital Security Resource Center

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?&url=https%3A%2F%2Fwww.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F&text=WinorDLL64:%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal?%0A&via=welivesecurity

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F

Search URL Search Domain Scan URL

URL: https://www.cisa.gov/uscert/northkorea
Title: HIDDEN COBRA

Search URL Search Domain Scan URL

URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21551
Title: CVE‑2021‑21551

Search URL Search Domain Scan URL

URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
Title: Operation GhostSecret

Search URL Search Domain Scan URL

URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/hidden-cobra-targets-turkish-financial-sector-new-bankshot-implant/
Title: Bankshot implant

Search URL Search Domain Scan URL

URL: https://www.virusbulletin.com/virusbulletin/2020/01/vb2019-paper-rich-headers-leveraging-mysterious-artifact-pe-format/
Title: PE rich headers

Search URL Search Domain Scan URL

URL: https://support.virustotal.com/hc/en-us/articles/360001293377-Retrohunt
Title: VirusTotal’s retrohunt

Search URL Search Domain Scan URL

URL: https://github.com/fancycode/MemoryModule
Title: MemoryModule

Search URL Search Domain Scan URL

URL: https://www.eset.com/int/business/services/threat-intelligence/?utm_source=welivesecurity.com&utm_medium=referral&utm_campaign=wls-research&utm_content=winordll64-backdoor-vast-lazarus-arsenal
Title: ESET Threat Intelligence

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/resources/versions/
Title: version 12

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v12/techniques/T1587/001/
Title: T1587.001

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v12/techniques/T1059/001/
Title: T1059.001

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v12/techniques/T1106/
Title: T1106

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v12/techniques/T1134/002/
Title: T1134.002

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v12/techniques/T1070/004/
Title: T1070.004

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v12/techniques/T1087/001/
Title: T1087.001

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v12/techniques/T1087/002/
Title: T1087.002

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v12/techniques/T1083/
Title: T1083

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v12/techniques/T1135/
Title: T1135

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v12/techniques/T1057/
Title: T1057

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v12/techniques/T1012/
Title: T1012

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v12/techniques/T1082/
Title: T1082

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v12/techniques/T1614/
Title: T1614

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v12/techniques/T1614/001/
Title: T1614.001

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v12/techniques/T1016/
Title: T1016

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v12/techniques/T1049/
Title: T1049

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v12/techniques/T1033/
Title: T1033

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v12/techniques/T1560/002/
Title: T1560.002

Search URL Search Domain Scan URL

URL: http://www.quicklz.com/
Title: quicklz

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v12/techniques/T1005/
Title: T1005

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v12/techniques/T1531/
Title: T1531

Search URL Search Domain Scan URL

URL: https://eset.com/?utm_source=welivesecurity.com&utm_medium=referral&utm_campaign=autotagging&utm_content=eset-research&utm_term=en
Title: ESET

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?https%3A%2F%2Fwww.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

82 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/ 80 KB
22 KB 620ms
475ms Document
text/html 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

a7301fee7a25343fa0be1f107775c116ff3f18aa4a4c4947643485305fdf5fb2

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
cache-control: max-age=3600 public
content-encoding: gzip
content-length: 18275
content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-type: text/html; charset=UTF-8
date: Fri, 24 Feb 2023 02:13:44 GMT
expires: Fri, 24 Feb 2023 02:52:47 GMT
link: <https://www.welivesecurity.com/?p=169677>; rel=shortlink
referrer-policy: no-referrer-when-downgrade
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
server-timing: cdn-cache; desc=HIT edge; dur=89 ak_p; desc="465890_34831763_355073281_8893_2429_25_0";dur=1
strict-transport-security: max-age=15724800
vary: Accept-Encoding
x-akamai-transformed: 9 - 0 pmb=mRUM,2
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 main.css
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/ 236 KB
36 KB 44ms
43ms Stylesheet
text/css 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=c937631451c8fef9c5ad

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

511e253387ed308f0053a733890f894f3fca6f5521e46c399107efeb4be0c396

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800
date: Fri, 24 Feb 2023 02:13:44 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="465890_34831763_355075356_104_1798_25_0";dur=1
content-length: 31178
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 22 Feb 2023 21:20:00 GMT
etag: W/"63e3b941-3ae0e"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: text/css
access-control-allow-origin: *
cache-control: public
expires: Sat, 13 May 2023 20:10:35 GMT

GET
H2 200 eset-wls-dark-header-1.svg
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/ 3 KB
6 KB 55ms
55ms Image
image/svg+xml 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/eset-wls-dark-header-1.svg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f0edf4ed283d119399dcb7025914b6a68a187667085bcbc49fe91db20f952cc1

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800
date: Fri, 24 Feb 2023 02:13:44 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=15, ak_p; desc="465890_34831763_355075378_1764_1810_25_0";dur=1
content-length: 1049
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 22 Feb 2023 21:19:45 GMT
etag: W/"63ee4019-bb2"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public
expires: Tue, 23 May 2023 21:18:53 GMT

GET
H2 200 eset-wls-dark-header-2.svg
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/ 3 KB
6 KB 190ms
186ms Image
image/svg+xml 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/eset-wls-dark-header-2.svg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

35ccbb14f6d8b7ed5eb03728f94221f27ed194ae83b32c40315d531f49b10bc1

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800
date: Fri, 24 Feb 2023 02:13:44 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=123, ak_p; desc="465890_34831763_355075604_14818_1795_25_0";dur=1
content-length: 1107
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 22 Feb 2023 21:19:59 GMT
etag: W/"63f364e0-a8a"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public
expires: Sun, 21 May 2023 16:50:47 GMT

GET
H2 200 eset-wls-light-header-1.svg
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/ 3 KB
6 KB 148ms
144ms Image
image/svg+xml 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/eset-wls-light-header-1.svg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

5813b04bb0c879b76179735995127ddc2af1867f42d4a4b5a8d7c3103f348b05

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800
date: Fri, 24 Feb 2023 02:13:44 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=40, ak_p; desc="465890_34831763_355075605_5086_1734_25_0";dur=1
content-length: 1059
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Feb 2023 15:34:55 GMT
etag: W/"63ee3f71-bc1"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public
expires: Sun, 21 May 2023 16:51:13 GMT

GET
H2 200 eset-wls-light-header-2.svg
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/ 2 KB
6 KB 116ms
112ms Image
image/svg+xml 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/eset-wls-light-header-2.svg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

12c42fa79dc321e56bb3c23008cacf7a79771bab4fa61f765556e24ba13a89ff

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800
date: Fri, 24 Feb 2023 02:13:44 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=8, ak_p; desc="465890_34831763_355075606_992_1526_25_0";dur=1
content-length: 986
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 22 Feb 2023 21:20:20 GMT
etag: W/"63f38359-967"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public
expires: Sun, 21 May 2023 16:50:47 GMT

GET
H2 200 vladislav-hrcka-222x179.jpg
www.welivesecurity.com/wp-content/uploads/2019/11/ 5 KB
9 KB 64ms
60ms Image
image/jpeg 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2019/11/vladislav-hrcka-222x179.jpg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

14d4f2dd6a2e890fa96742c8683388cbeaefc825413551f87647c26d86ad320e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
date: Fri, 24 Feb 2023 02:13:44 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="465890_34831763_355075608_243_1477_25_0";dur=1
content-length: 5161
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 11 Nov 2020 17:09:23 GMT
etag: "5fac1ac3-1429"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=7776000, public
accept-ranges: bytes
expires: Tue, 23 May 2023 22:04:11 GMT

GET
H2 200 Figure1.png
www.welivesecurity.com/wp-content/uploads/2023/02/ 78 KB
82 KB 58ms
55ms Image
image/png 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2023/02/Figure1.png

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

18375a99f4b847aa39d1da16be05d455c411409fd29afafd1be1ceedd706fab2

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
date: Fri, 24 Feb 2023 02:13:44 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="465890_34831763_355075609_195_1576_25_0";dur=1
content-length: 80045
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 21 Feb 2023 14:49:07 GMT
etag: "63f4d9e3-138ad"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=7776000, public
accept-ranges: bytes
expires: Wed, 24 May 2023 10:35:15 GMT

GET
H2 200 Figure2.png
www.welivesecurity.com/wp-content/uploads/2023/02/ 169 KB
173 KB 34ms
31ms Image
image/png 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2023/02/Figure2.png

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

4aa3dd6247ebeedd8996a9c442af61c243dd39966ae7973c982dce2e3c9f8e2f

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
date: Fri, 24 Feb 2023 02:13:44 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="465890_34831763_355075610_196_1214_25_0";dur=1
content-length: 172638
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 22 Feb 2023 03:23:00 GMT
etag: "63f58a94-2a25e"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=7776000, public
accept-ranges: bytes
expires: Wed, 24 May 2023 10:35:15 GMT

GET
H2 200 Figure3.png
www.welivesecurity.com/wp-content/uploads/2023/02/ 222 KB
226 KB 123ms
120ms Image
image/png 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2023/02/Figure3.png

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

7bd7d349cb984d8a66e401b924b4bb6ded6e8707a47edb78880cbc5f80ccf238

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
date: Fri, 24 Feb 2023 02:13:44 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="465890_34831763_355075678_215_1695_25_0";dur=1
content-length: 227283
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 22 Feb 2023 03:23:01 GMT
etag: "63f58a95-377d3"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=7776000, public
accept-ranges: bytes
expires: Wed, 24 May 2023 10:35:15 GMT

GET
H2 200 Winor64DLL_communication_diagram.png
www.welivesecurity.com/wp-content/uploads/2023/02/ 94 KB
98 KB 138ms
135ms Image
image/png 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2023/02/Winor64DLL_communication_diagram.png

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

dcea066e3d60b25dc4666b218fee29d96512dd0a490ace124ca36a256f63ebd7

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
date: Fri, 24 Feb 2023 02:13:44 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=4, ak_p; desc="465890_34831763_355075679_467_1605_25_0";dur=1
content-length: 96530
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Feb 2023 08:41:51 GMT
etag: "63f726cf-17912"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=7776000, public
accept-ranges: bytes
expires: Wed, 24 May 2023 10:50:14 GMT

GET
H2 200 Figure4.png
www.welivesecurity.com/wp-content/uploads/2023/02/ 119 KB
123 KB 118ms
115ms Image
image/png 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2023/02/Figure4.png

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

430f46ce22f8b4b7cd70ea613fa17d9f974c6a7634a0e2bb086209e9460485b3

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
date: Fri, 24 Feb 2023 02:13:44 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="465890_34831763_355075681_188_1284_25_0";dur=1
content-length: 121427
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 22 Feb 2023 03:23:02 GMT
etag: "63f58a96-1da53"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=7776000, public
accept-ranges: bytes
expires: Wed, 24 May 2023 10:35:15 GMT

GET
H2 200 Figure5.png
www.welivesecurity.com/wp-content/uploads/2023/02/ 179 KB
183 KB 143ms
141ms Image
image/png 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2023/02/Figure5.png

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

cffa239e0a651773d575030a5d67aebb950b5249ebedcd007906ea548e50c039

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
date: Fri, 24 Feb 2023 02:13:44 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="465890_34831763_355075682_1372_1463_25_0";dur=1
content-length: 183616
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 21 Feb 2023 14:50:58 GMT
etag: "63f4da52-2cd40"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=7776000, public
accept-ranges: bytes
expires: Wed, 24 May 2023 10:35:15 GMT

GET
H2 200 eset-threat-intelligence.png
www.welivesecurity.com/wp-content/uploads/2022/12/ 83 KB
89 KB 135ms
132ms Image
image/png 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2022/12/eset-threat-intelligence.png

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9abd76a570978a6e72fbed97f1142cb2e7b4fa20b22a1241fefbce251416bf7e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://platform.twitter.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://platform.twitter.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
date: Fri, 24 Feb 2023 02:13:44 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="465890_34831763_355075684_358_1506_25_0";dur=1
content-length: 85433
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 21 Dec 2022 06:29:35 GMT
etag: "63a2a7cf-14db9"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=7776000, public
accept-ranges: bytes
expires: Sun, 23 Apr 2023 10:59:47 GMT

GET
H2 200 malware-apps-installers-google-search-ads-623x432.jpg
www.welivesecurity.com/wp-content/uploads/2023/02/ 30 KB
34 KB 119ms
117ms Image
image/jpeg 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2023/02/malware-apps-installers-google-search-ads-623x432.jpg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

174663a9b801861b4e6cf5c4cf94ec20e94b9e15404ba58c9b43a4cd6e7f3896

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
date: Fri, 24 Feb 2023 02:13:44 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="465890_34831763_355075685_313_962_25_0";dur=1
content-length: 31024
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 15 Feb 2023 14:49:37 GMT
etag: "63ecf101-7930"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=7776000, public
accept-ranges: bytes
expires: Tue, 23 May 2023 21:20:02 GMT

GET
H2 200 reverse-engineering-ipyida-python-plugin-ipython-jupyter-notebook-IDA-623x432.jpg
www.welivesecurity.com/wp-content/uploads/2023/01/ 29 KB
34 KB 162ms
159ms Image
image/jpeg 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2023/01/reverse-engineering-ipyida-python-plugin-ipython-jupyter-notebook-IDA-623x432.jpg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

ba1c5790ac83bfbf785ce9075d918cab2d22e8b2e192ae9df8978dfa85b2f8be

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://platform.twitter.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://platform.twitter.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
date: Fri, 24 Feb 2023 02:13:44 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=71, ak_p; desc="465890_34831763_355075686_7216_1538_25_0";dur=1
content-length: 29206
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 05 Jan 2023 15:47:11 GMT
etag: "63b6f0ff-7216"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=7776000, public
accept-ranges: bytes
expires: Wed, 12 Apr 2023 22:00:52 GMT

GET
H2 200 strongpity-android-malware-backdoor-espionage-623x432.jpg
www.welivesecurity.com/wp-content/uploads/2023/01/ 25 KB
30 KB 141ms
138ms Image
image/jpeg 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2023/01/strongpity-android-malware-backdoor-espionage-623x432.jpg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

7e5d4c5244e13672a91ef8d08f0c9fe06a4020d6259e75dbd4ee8c6798b022d6

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://platform.twitter.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://platform.twitter.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
date: Fri, 24 Feb 2023 02:13:44 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=3, ak_p; desc="465890_34831763_355075687_533_1533_25_0";dur=1
content-length: 25215
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 04 Jan 2023 16:31:35 GMT
etag: "63b5a9e7-627f"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=7776000, public
accept-ranges: bytes
expires: Wed, 12 Apr 2023 22:00:52 GMT

GET
H2 200 mirrorface-liberalface-japan-political-entities-malware-cyberattack-623x432.jpg
www.welivesecurity.com/wp-content/uploads/2022/12/ 28 KB
33 KB 148ms
146ms Image
image/jpeg 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2022/12/mirrorface-liberalface-japan-political-entities-malware-cyberattack-623x432.jpg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

472d1ba3429e8ec7f23e4a094d0c578c95e007e15fdbfe62771ae0c01678e320

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self'; frame-src 'self' https://c.disquscdn.com https://disqus.com https://m.facebook.com https://platform.twitter.com https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.gh https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mk https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self'; frame-src 'self' https://c.disquscdn.com https://disqus.com https://m.facebook.com https://platform.twitter.com https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.gh https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mk https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
date: Fri, 24 Feb 2023 02:13:44 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="465890_34831763_355075688_3330_1893_25_0";dur=1
content-length: 28434
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 14 Dec 2022 07:32:31 GMT
etag: "63997c0f-6f12"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=7776000, public
accept-ranges: bytes
expires: Tue, 14 Mar 2023 10:41:01 GMT

GET
H2 200 eset-wls-footer-1.svg
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/ 3 KB
6 KB 147ms
145ms Image
image/svg+xml 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/eset-wls-footer-1.svg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

7df5345a52f22643ef051bf74f41d9a5a5644d5e699480a81ae8825b8ab5e533

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800
date: Fri, 24 Feb 2023 02:13:44 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=40, ak_p; desc="465890_34831763_355075689_4272_1300_25_0";dur=1
content-length: 1087
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 20 Feb 2023 17:44:25 GMT
etag: W/"63e3bcb0-be5"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public
expires: Wed, 10 May 2023 07:40:25 GMT

GET
H2 200 eset-wls-footer-2.svg
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/ 3 KB
6 KB 282ms
280ms Image
image/svg+xml 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/new-logo/eset-wls-footer-2.svg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e22e3416c5b454c2fc3c8e8185b478647446789abbee258ec18a5791880eaf1b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800
date: Fri, 24 Feb 2023 02:13:44 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=188, ak_p; desc="465890_34831763_355075690_21046_2313_25_0";dur=1
content-length: 1058
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 22 Feb 2023 21:34:46 GMT
etag: W/"63f61829-a0b"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public
expires: Tue, 23 May 2023 21:24:09 GMT

GET
H2 200 main.js Show response
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/js/ 318 KB
93 KB 35ms
35ms Script
application/javascript 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/js/main.js?id=fef3139dcedd23afc232

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

822800703045ecbccb15cff577f1f09d9b4efee6ae916396a6aceb3f6544b9a5

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://platform.twitter.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://platform.twitter.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800
date: Fri, 24 Feb 2023 02:13:44 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="465890_34831763_355075559_239_1667_25_0";dur=1
content-length: 89989
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Feb 2023 16:34:06 GMT
etag: W/"63c735a1-4f74a"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public
expires: Tue, 18 Apr 2023 21:10:26 GMT

GET
H2 200 crayon.min.js Show response
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/static/js/ 22 KB
11 KB 118ms
115ms Script
application/javascript 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/static/js/crayon.min.js

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

193fbb968733b8a7049da19274546e6b80b76e9a8f1b837fee9a5fdeb8f97c7b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800
date: Fri, 24 Feb 2023 02:13:44 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="465890_34831763_355075601_1239_2249_25_0";dur=1
content-length: 6050
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 20 Feb 2023 18:59:24 GMT
etag: W/"63ee3fbf-5741"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public
expires: Sun, 21 May 2023 16:50:48 GMT

GET
H2 200 comment_count.js Show response
www.welivesecurity.com/wp-content/plugins/disqus-comment-system/public/js/ 889 B
6 KB 67ms
63ms Script
application/javascript 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.16

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

cea0a05c5af6e21a409875328ed2e3dba79131b7c41f8ea07d0e0e02c7b7b59e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800
date: Fri, 24 Feb 2023 02:13:44 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="465890_34831763_355075602_292_1677_25_0";dur=1
content-length: 307
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 20 Feb 2023 16:52:20 GMT
etag: W/"63ea49fb-379"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public
expires: Mon, 15 May 2023 01:30:55 GMT

GET
H2 200 comment_embed.js Show response
www.welivesecurity.com/wp-content/plugins/disqus-comment-system/public/js/ 1 KB
5 KB 66ms
62ms Script
application/javascript 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.16

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f055e217bde76d711bd8b42af773f9f99b8a29d81ad9ed10b6379cc7e6c60452

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self'; frame-src 'self' https://c.disquscdn.com https://disqus.com https://m.facebook.com https://platform.twitter.com https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.at https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.com https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bo https://www.google.com.br https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.gh https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kw https://www.google.com.lb https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.mk https://www.google.mn https://www.google.mv https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self'; prefetch-src 'none' https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self'; frame-src 'self' https://c.disquscdn.com https://disqus.com https://m.facebook.com https://platform.twitter.com https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.at https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.com https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bo https://www.google.com.br https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.gh https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kw https://www.google.com.lb https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.mk https://www.google.mn https://www.google.mv https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self'; prefetch-src 'none' https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800
date: Fri, 24 Feb 2023 02:13:44 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="465890_34831763_355075603_296_1210_25_0";dur=1
content-length: 379
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 20 Feb 2023 16:53:22 GMT
etag: W/"637f80d1-47e"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public
expires: Thu, 23 Feb 2023 19:19:11 GMT

GET ai.0.js
az416426.vo.msecnd.net/scripts/a/ 0
0

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 289 KB
94 KB 47ms
26ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PMDGSM

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f24b8a75facaefbf62c9da8e20fb6d72d61f8c34415c13ede3cd72abe3c02741

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 24 Feb 2023 02:13:44 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 96009
x-xss-protection: 0
last-modified: Fri, 24 Feb 2023 01:24:32 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 24 Feb 2023 02:13:44 GMT

GET 7R9SM-QGSYF-QDLJK-UETXR-SPM6B
s.go-mpulse.net/boomerang/ 0
0

GET
H2 200 single-wide-header-fade.png
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/images/ 92 KB
97 KB 124ms
123ms Image
image/png 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/images/single-wide-header-fade.png?5aa0f236a77ebb03d1bf2fbde7c17072

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=c937631451c8fef9c5ad

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e2a1c2c0322c2737e986c860da67fbb2b9e93b70527a943b8c35b9d6e81ebb42

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=c937631451c8fef9c5ad
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
date: Fri, 24 Feb 2023 02:13:44 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=3, ak_p; desc="465890_34831763_355075694_375_1595_25_0";dur=1
content-length: 94055
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 01 Feb 2023 13:33:25 GMT
etag: "63da6a25-16f67"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=7776000, public
accept-ranges: bytes
expires: Tue, 02 May 2023 19:22:01 GMT

GET
H2 200 Fedra-Sans-Alt-Book.woff
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/fonts/ 40 KB
40 KB 127ms
126ms Font
font/woff 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/fonts/Fedra-Sans-Alt-Book.woff?c156eca4ec460dcfa741dfda69fb16d5

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=c937631451c8fef9c5ad

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

1ba0ff3994900740a94dc37300b7415b25d642f6ef495afc5ae4e16ae1128e66

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=c937631451c8fef9c5ad
Origin: https://www.welivesecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
date: Fri, 24 Feb 2023 02:13:44 GMT
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
last-modified: Wed, 20 Apr 2022 20:41:59 GMT
etag: "62607017-9ff1"
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=31536000, public
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="465890_34831763_355075692_390_1057_25_0";dur=1
accept-ranges: bytes
content-length: 40945
x-xss-protection: 1; mode=block
expires: Fri, 21 Apr 2023 20:13:52 GMT

GET 7R9SM-QGSYF-QDLJK-UETXR-SPM6B
s.go-mpulse.net/boomerang/ Frame 73B3 0
0

GET
H2 200 lazarus-winordll64-backdoor.jpg
www.welivesecurity.com/wp-content/uploads/2023/02/ 381 KB
385 KB 263ms
262ms Image
image/jpeg 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/uploads/2023/02/lazarus-winordll64-backdoor.jpg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

8df77ec03440b2553fcdd9f5b92a24867f19c1989b52beeb2374af7dfe607176

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
date: Fri, 24 Feb 2023 02:13:44 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=151, ak_p; desc="465890_34831763_355075944_15856_1643_25_0";dur=1
content-length: 389709
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 22 Feb 2023 14:10:29 GMT
etag: "63f62255-5f24d"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=7776000, public
accept-ranges: bytes
expires: Wed, 24 May 2023 10:35:15 GMT

GET
H2 200 Fedra-Sans-Alt-Bold.woff
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/fonts/ 40 KB
40 KB 145ms
145ms Font
font/woff 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/fonts/Fedra-Sans-Alt-Bold.woff?0050bbd300d61bbb50d2fff0bb6cd926

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=c937631451c8fef9c5ad

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

12f37c0a70377ac636345742e2eb0d2acb70d411612020ae1608193330a5b15d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=c937631451c8fef9c5ad
Origin: https://www.welivesecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
date: Fri, 24 Feb 2023 02:13:44 GMT
x-content-type-options: nosniff
content-security-policy-report-only: default-src 'self'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="465890_34831763_355075997_1272_1329_25_0";dur=1
content-length: 40563
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 10 Jun 2022 10:44:32 GMT
etag: "62a32090-9e73"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=31536000, public
accept-ranges: bytes
expires: Tue, 13 Jun 2023 19:32:41 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
300 B 28ms
6ms Image
image/gif 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&cid=77374.9668847643&tid=UA-76266002-27&dl=https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/&t=event&ec=Tracking%20check%20-%20recurring&ea=Script%20loaded&ni=1&cd1=wls&aip=1&z=117528

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 18:41:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 27110
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 check.png
cdn1.esetstatic.com/ESET/INT/assets/img/ 68 B
413 B 73ms
6ms Image
image/png 18.66.97.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn1.esetstatic.com/ESET/INT/assets/img/check.png?country=wls&gcode=scriptLoaded&z=84257
Requested by: Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-100.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 260865134b6e69ca7bafa9e8ddcd59fb6ffbf727f50a3d2dd186d217c8c79694

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 03:09:40 GMT
via: 1.1 018ffb575888f1c9ec960e3e977c042e.cloudfront.net (CloudFront)
last-modified: Thu, 20 Oct 2022 06:22:16 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
age: 83176
etag: "5df0ac2d51cfecbde35e8dd1ba3a8d77"
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 68
x-amz-cf-id: iLtVs67ZajS4wo5P5aTV9-3maTJpdgYvDrU7FB0BrL_t7eEi6LCvqA==

GET
H2 200 li-shield-icon.svg
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/images/ 961 B
6 KB 273ms
273ms Image
image/svg+xml 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/images/li-shield-icon.svg?82256d0e5b3abb3d9d256afa85d732a4

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=c937631451c8fef9c5ad

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e0c2fd69b7d441b42045d474afe52d2bdbb81a44c8d73e2c8271e4114003d991

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=c937631451c8fef9c5ad
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800
date: Fri, 24 Feb 2023 02:13:44 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=159, ak_p; desc="465890_34831763_355075999_18072_1790_31_0";dur=1
content-length: 487
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 22 Feb 2023 21:20:55 GMT
etag: W/"63f4aeac-3c1"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public
expires: Tue, 23 May 2023 21:20:43 GMT

GET
H2 200 button-flag-50x60.svg
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/ 459 B
5 KB 133ms
133ms Image
image/svg+xml 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/img/button-flag-50x60.svg

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=c937631451c8fef9c5ad

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

5159dca2fe03c327248fd3b685f497f9f521c91d243ffaf43077601fedf56f7a

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=c937631451c8fef9c5ad
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.hotjar.com https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gg https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.tt https://www.google.vg https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.co.kr https://www.google.de https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800
date: Fri, 24 Feb 2023 02:13:44 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=4, ak_p; desc="465890_34831763_355076000_1267_1873_25_0";dur=1
content-length: 234
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 20 Feb 2023 16:52:11 GMT
etag: W/"63ee3fbf-1cb"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public
expires: Sun, 21 May 2023 16:52:11 GMT

GET
H2 200 icomoon.ttf
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/fonts/ 4 KB
6 KB 142ms
140ms Font
text/plain 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/fonts/icomoon.ttf?45b4319f2445b74719611d0ab85cf93a

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=c937631451c8fef9c5ad

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

d33fbf33d2895817029b01cf16d273104474646e4e441988ab4efcfa7563991b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=c937631451c8fef9c5ad
Origin: https://www.welivesecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
date: Fri, 24 Feb 2023 02:13:44 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="465890_34831763_355076001_3780_2007_25_0";dur=1
content-length: 2186
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 22 Feb 2023 21:33:10 GMT
etag: W/"63f68a16-f94"
vary: Accept-Encoding
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=86400, public
expires: Fri, 24 Feb 2023 18:58:00 GMT

GET
H2 200 Fedra-Sans-Alt-Book-Italic.woff
www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/fonts/ 40 KB
40 KB 130ms
129ms Font
font/woff 2a02:26f0:480:f::213:7ed3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/fonts/Fedra-Sans-Alt-Book-Italic.woff?f299cc2feeecf266ff50b5ea8b3a3deb

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=c937631451c8fef9c5ad

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ed3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

63a41173db39c92635a87b39eedb581e8a1c3142372ebced441ce927fef343a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.welivesecurity.com/wp-content/themes/eset-wls-2018/assets/css/main.css?id=c937631451c8fef9c5ad
Origin: https://www.welivesecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=15724800
date: Fri, 24 Feb 2023 02:13:44 GMT
x-content-type-options: nosniff
content-security-policy-report-only: default-src 'self'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="465890_34831763_355076002_910_1727_25_0";dur=1
content-length: 40640
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 24 Jul 2022 06:11:13 GMT
etag: "62dce281-9ec0"
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report"}],"include_subdomains":false}
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=31536000, public
accept-ranges: bytes
expires: Wed, 26 Jul 2023 19:42:07 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMDGSM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 24 Feb 2023 00:14:50 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 7134
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Fri, 24 Feb 2023 02:14:50 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 185 KB
67 KB 22ms
22ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-FBY6B30C4M&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMDGSM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

eea847879675c779e243a8dad7945ae783ce7f68ea382c550a7ad741a33c2c68

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 24 Feb 2023 02:13:44 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 68988
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 24 Feb 2023 02:13:44 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 3 B
23 B 14ms
14ms XHR
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&aip=1&a=772981375&t=pageview&_s=1&dl=https%3A%2F%2Fwww.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F&ul=en-us&de=UTF-8&dt=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F%20%7C%20WeLiveSecurity&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAIg~&cid=1935700808.1677204824&tid=UA-37839312-1&_gid=1658582856.1677204824&_slc=1&gtm=45He32m0n71PMDGSM&cd1=ESET%20Research&cd2=Vladislav%20Hr%C4%8Dka&cd4=&cd5=2023-02-24T02%3A13%3A44.338%2B00%3A00&cd6=Non-Office%20Hours&cd7=www.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F&cd8=https%3A%2F%2Fwww.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F&cd10=Research&cd11=en&cd12=not-a-bot&cd25=GTM-PMDGSM&cd33=consent%20not%20set&cd34=consent%20not%20set&z=1398333645

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 24 Feb 2023 02:13:44 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.welivesecurity.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK count.js Show response
welivesecurity.disqus.com/ 1 KB
2 KB 48ms
6ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://welivesecurity.disqus.com/count.js

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.16

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Fri, 24 Feb 2023 02:13:44 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=300; includeSubdomains
X-Amz-Cf-Pop: DFW3-C1
Age: 136
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 871
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 21 Feb 2023 17:24:58 GMT
Server: nginx
ETag: "63f4fe6a-367"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=300
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
X-Amz-Cf-Id: RWPoCDBf7Stw45BWG127Di61OnxKgL59WcCiTrsuDLlpcufQcRHyqQ==

GET
H/1.1 200
OK embed.js Show response
welivesecurity.disqus.com/ 78 KB
26 KB 48ms
7ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://welivesecurity.disqus.com/embed.js

Requested by

Host: www.welivesecurity.com
URL: https://www.welivesecurity.com/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.16

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

a530deb9be14a63f69fc9929f2f56e690af01acf3ec5386a87b52c1afb4d048c

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Fri, 24 Feb 2023 02:13:44 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=300; includeSubdomains
Server: openresty
Age: 49
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 25637

POST
H2 204 collect
region1.google-analytics.com/g/ 0
259 B 35ms
13ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-FBY6B30C4M&gtm=45je32m0&_p=772981375&cid=1935700808.1677204824&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=1&sid=1677204824&sct=1&seg=0&dl=https%3A%2F%2Fwww.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F&dt=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F%20%7C%20WeLiveSecurity&en=page_view&_fv=2&_ss=2&ep.branch=en&ep.page_location_noquery=https%3A%2F%2Fwww.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F&ep.hostname=www.welivesecurity.com&ep.useragent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F110.0.5481.177%20Safari%2F537.36&ep.project_id=wls&ep.article_category=ESET%20Research&ep.author=Vladislav%20Hr%C4%8Dka&ep.article_section=Research&ep.cookie_consent=b%3A1%7Ca%3A0%7Cm%3A0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FBY6B30C4M&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Feb 2023 02:13:44 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.welivesecurity.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 app.min.css
cdn.esetstatic.com/cookie-consent/v3/ 20 KB
5 KB 138ms
47ms Stylesheet
text/css 2620:1ec:4e:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.esetstatic.com/cookie-consent/v3/app.min.css
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMDGSM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:4e:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: ddf0e65e326bc99627ac2d1df7babf8780bb64fe4fa08bb1a0e5d772fb2e3c94

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 24 Feb 2023 02:13:44 GMT
content-encoding: br
last-modified: Wed, 30 Nov 2022 12:49:33 GMT
etag: W/"0x8DAD2D15474DB45"
vary: Accept-Encoding
x-azure-ref: 20230224T021344Z-qfg5an3bpp4hx0wpd873549bv4000000016000000001hwe5
content-type: text/css
x-ms-request-id: b6598a56-801e-000c-6004-4597b0000000
x-cache: TCP_HIT
x-ms-version: 2018-03-28

GET
H2 200 app.min.js Show response
cdn.esetstatic.com/cookie-consent/v3/ 380 KB
139 KB 128ms
37ms Script
text/javascript 2620:1ec:4e:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.esetstatic.com/cookie-consent/v3/app.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMDGSM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:4e:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3136ed18810649908a21e1af3d5ed10eb6f0b06f8e7653362e2303870aaf8b8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 24 Feb 2023 02:13:44 GMT
content-encoding: br
last-modified: Fri, 11 Nov 2022 13:55:52 GMT
etag: W/"0x8DAC3EC72913F28"
vary: Accept-Encoding
x-azure-ref: 20230224T021344Z-qfg5an3bpp4hx0wpd873549bv4000000016000000001hwe6
content-type: text/javascript
x-ms-request-id: e80bf2a1-501e-0099-6695-467f05000000
x-cache: TCP_HIT
x-ms-version: 2018-03-28

GET
H2 200 lounge.2330dfe9833fc6fa82fa0ffee36e8c21.css
c.disquscdn.com/next/embed/styles/ 0
33 KB 59ms
6ms Other
text/css 2600:9000:223d:3200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.2330dfe9833fc6fa82fa0ffee36e8c21.css

Requested by

Host: welivesecurity.disqus.com
URL: https://welivesecurity.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:3200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-cache-hits: 0
date: Wed, 15 Feb 2023 19:09:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
age: 716631
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 33270
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Wed, 15 Feb 2023 18:40:44 GMT
server: nginx
etag: "63ed272c-81f6"
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: Som2V-HJJ6oYAvgSwvjGdncm9DMQCh2Sf9jh9kIIQo_lfeQ8fJGXFw==
expires: Thu, 15 Feb 2024 19:09:53 GMT

GET
H2 200 common.bundle.4ba4d839a8c58443b0a3c9c44262d3b7.js
c.disquscdn.com/next/embed/ 0
93 KB 63ms
11ms Other
application/javascript 2600:9000:223d:3200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.4ba4d839a8c58443b0a3c9c44262d3b7.js

Requested by

Host: welivesecurity.disqus.com
URL: https://welivesecurity.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:3200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-cache-hits: 0
date: Wed, 18 Jan 2023 17:45:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
age: 3140889
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 94186
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Wed, 18 Jan 2023 17:40:51 GMT
server: nginx
etag: "63c82f23-16fea"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: V-JmaqOpL64jRWvNwKMEntskxDPiR-XsLEDoYDnZFJdEO5fMC6JD5w==
expires: Thu, 18 Jan 2024 17:45:34 GMT

GET
H2 200 lounge.bundle.944405f46b741461538725b083516e4d.js
c.disquscdn.com/next/embed/ 0
127 KB 71ms
19ms Other
application/javascript 2600:9000:223d:3200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.944405f46b741461538725b083516e4d.js

Requested by

Host: welivesecurity.disqus.com
URL: https://welivesecurity.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:3200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-cache-hits: 0
date: Thu, 23 Feb 2023 19:13:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
age: 25197
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 129739
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Thu, 23 Feb 2023 18:52:58 GMT
server: nginx
etag: "63f7b60a-1facb"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: _uIwriwT8_k2-LgHqcwzemh9HylEhhUO0_xEosVdGsfN0f6_tNbIPQ==
expires: Fri, 23 Feb 2024 19:13:47 GMT

GET
H/1.1 200
OK config.js
disqus.com/next/ 0
17 KB 27ms
6ms Other
application/javascript 151.101.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: welivesecurity.disqus.com
URL: https://welivesecurity.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Fri, 24 Feb 2023 02:13:44 GMT
Strict-Transport-Security: max-age=300; includeSubdomains
X-Content-Type-Options: nosniff
Server: nginx
Age: 49
X-Frame-Options: SAMEORIGIN
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 17116
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK / Show response
disqus.com/embed/comments/ Frame 7A9B 8 KB
5 KB 101ms
101ms Document
text/html 151.101.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=169677%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D169677&t_u=https%3A%2F%2Fwww.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F&t_e=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_d=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_t=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&s_o=default&l=en

Requested by

Host: welivesecurity.disqus.com
URL: https://welivesecurity.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

4711749957cd83f1827bc057b47e5fad53fb34d571c37914d12cc7b9b3d7db91

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ https://com-disqus.netmng.com:* 'unsafe-inline' https://referrer.disqus.com/juggler/ https://connect.facebook.net/en_US/sdk.js https://cdn.syndication.twimg.com/tweets.json https://apis.google.com https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Age: 15
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 3304
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://com-disqus.netmng.com:* 'unsafe-inline' https://referrer.disqus.com/juggler/ https://connect.facebook.net/en_US/sdk.js https://cdn.syndication.twimg.com/tweets.json https://apis.google.com https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Content-Type: text/html; charset=utf-8
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 24 Feb 2023 02:13:44 GMT
ETag: W/"lounge:view:9590382743.951cf39678d5551f7a458f35bbb43a72.2"
Last-Modified: Thu, 23 Feb 2023 10:40:30 GMT
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Referrer-Policy: no-referrer-when-downgrade
Server: nginx
Strict-Transport-Security: max-age=300; includeSubdomains
Timing-Allow-Origin: *
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"

GET
H2 200 lounge.load.94f22ba62af084852428f342c37a2a17.js Show response
c.disquscdn.com/next/embed/ Frame 7A9B 958 B
1 KB 19ms
6ms Script
application/javascript 2600:9000:223d:3200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.load.94f22ba62af084852428f342c37a2a17.js

Requested by

Host: disqus.com
URL: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=169677%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D169677&t_u=https%3A%2F%2Fwww.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F&t_e=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_d=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_t=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&s_o=default&l=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:3200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

835522a8bd6be0919bf3b579e711e1291a16ab2b3a50371827bba7580ccc2d4e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=169677%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D169677&t_u=https%3A%2F%2Fwww.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F&t_e=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_d=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_t=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&s_o=default&l=en
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-cache-hits: 0
date: Thu, 23 Feb 2023 19:13:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 d79861a030d3421826a919f9c2b00146.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
age: 25196
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 496
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Thu, 23 Feb 2023 18:52:58 GMT
server: nginx
etag: "63f7b60a-1f0"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: w0tf7LQ705OO48fg5gxbO0zlGNLf4821HLxNmnMnW0ty8Ac4RPGGoQ==
expires: Fri, 23 Feb 2024 19:13:47 GMT

GET
H2 200 common.bundle.4ba4d839a8c58443b0a3c9c44262d3b7.js Show response
c.disquscdn.com/next/embed/ Frame 7A9B 280 KB
93 KB 7ms
7ms Script
application/javascript 2600:9000:223d:3200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.4ba4d839a8c58443b0a3c9c44262d3b7.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.load.94f22ba62af084852428f342c37a2a17.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:3200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

9c72aa9048dc4cb5f976e7b1a5be738cdc5429f35291261fab0036d077afaa51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=169677%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D169677&t_u=https%3A%2F%2Fwww.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F&t_e=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_d=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_t=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&s_o=default&l=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-cache-hits: 0
date: Wed, 18 Jan 2023 17:45:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
age: 3140889
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 94186
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Wed, 18 Jan 2023 17:40:51 GMT
server: nginx
etag: "63c82f23-16fea"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: wBffnNDwqm9G2tkYbDa3g4vKCGTwzj4esFfeP5xQoVUic8Y_XcX7vw==
expires: Thu, 18 Jan 2024 17:45:34 GMT

GET
H2 200 lounge.2330dfe9833fc6fa82fa0ffee36e8c21.css
c.disquscdn.com/next/embed/styles/ Frame 7A9B 233 KB
33 KB 7ms
7ms Stylesheet
text/css 2600:9000:223d:3200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.2330dfe9833fc6fa82fa0ffee36e8c21.css

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.4ba4d839a8c58443b0a3c9c44262d3b7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:3200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

98c5d085af0203422d443dce1c737ac861630fe6aada284508ca1db3558bde8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=169677%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D169677&t_u=https%3A%2F%2Fwww.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F&t_e=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_d=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_t=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&s_o=default&l=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-cache-hits: 0
date: Wed, 15 Feb 2023 19:09:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
age: 716631
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 33270
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Wed, 15 Feb 2023 18:40:44 GMT
server: nginx
etag: "63ed272c-81f6"
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: Slpi3Idr_OXwC6c67eYzAFntjyxv10o3-DeXXEC1vZ6yWMb5UxdlFA==
expires: Thu, 15 Feb 2024 19:09:53 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&aip=1&a=772981375&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F&ul=en-us&de=UTF-8&dt=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F%20%7C%20WeLiveSecurity&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=cookie%20consent&ea=cookie-consent-visible&_u=aHDAAEABAAAAACAAIg~&cid=1935700808.1677204824&tid=UA-37839312-1&_gid=1658582856.1677204824&gtm=45He32m0n71PMDGSM&cd1=ESET%20Research&cd2=Vladislav%20Hr%C4%8Dka&cd3=2k-2.5k&cd4=&cd5=2023-02-24T02%3A13%3A44.842%2B00%3A00&cd6=Non-Office%20Hours&cd7=www.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F&cd8=https%3A%2F%2Fwww.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F&cd10=Research&cd11=en&cd12=not-a-bot&cd20=1935700808.1677204824&cd25=GTM-PMDGSM&cd33=consent%20not%20set&cd34=consent%20not%20set&z=1790793550

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 19:16:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 25016
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 lounge.bundle.944405f46b741461538725b083516e4d.js Show response
c.disquscdn.com/next/embed/ Frame 7A9B 507 KB
127 KB 7ms
6ms Script
application/javascript 2600:9000:223d:3200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.944405f46b741461538725b083516e4d.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.4ba4d839a8c58443b0a3c9c44262d3b7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:3200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

35425c6bfcc9cb97073ad120ef2ff24bacb8feede52fa5e505f8c40a067195fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=169677%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D169677&t_u=https%3A%2F%2Fwww.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F&t_e=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_d=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_t=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&s_o=default&l=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-cache-hits: 0
date: Thu, 23 Feb 2023 19:13:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
age: 25197
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 129739
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Thu, 23 Feb 2023 18:52:58 GMT
server: nginx
etag: "63f7b60a-1facb"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: QqZQuPr7ZwFSsVc1OUGQVom6iEm3BVm2lGwbifJ1bg040XBFFeUXUQ==
expires: Fri, 23 Feb 2024 19:13:47 GMT

GET
H/1.1 200
OK config.js Show response
disqus.com/next/ Frame 7A9B 17 KB
17 KB 9ms
9ms Script
application/javascript 151.101.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.4ba4d839a8c58443b0a3c9c44262d3b7.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c11cb8a2559b0ede513d84f4c2436af3b10ba523fe5541351f036a95a4184d73

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=169677%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D169677&t_u=https%3A%2F%2Fwww.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F&t_e=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_d=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_t=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&s_o=default&l=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Fri, 24 Feb 2023 02:13:44 GMT
Strict-Transport-Security: max-age=300; includeSubdomains
X-Content-Type-Options: nosniff
Server: nginx
Age: 49
X-Frame-Options: SAMEORIGIN
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 17116
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK details Show response
disqus.com/api/3.0/forums/ Frame 7A9B 4 KB
4 KB 104ms
104ms XHR
application/json 151.101.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/forums/details?forum=welivesecurity&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.4ba4d839a8c58443b0a3c9c44262d3b7.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

90514aacb5485e3aeb4bc8766c7ad3b6279254ea9806f9c463b9c82cb1f4b044

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=169677%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D169677&t_u=https%3A%2F%2Fwww.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F&t_e=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_d=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_t=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&s_o=default&l=en
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Fri, 24 Feb 2023 02:13:45 GMT
Strict-Transport-Security: max-age=300; includeSubdomains
X-Content-Type-Options: nosniff
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
Vary: Origin, Cookie
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: application/json
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 3968
X-XSS-Protection: 1; mode=block

GET
H2 200 css2
fonts.googleapis.com/ Frame 7A9B 11 KB
1 KB 37ms
16ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

29cf63b3a3f220aa82357afebcfda1a2499327ce2429680ab58af2a87ed19f23

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=169677%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D169677&t_u=https%3A%2F%2Fwww.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F&t_e=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_d=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_t=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&s_o=default&l=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 24 Feb 2023 02:13:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 24 Feb 2023 00:33:14 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 24 Feb 2023 02:13:44 GMT

GET
H/1.1 200
OK loadReactions Show response
disqus.com/api/3.0/threadReactions/ Frame 7A9B 1 KB
2 KB 111ms
98ms XHR
application/json 151.101.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/threadReactions/loadReactions?thread=9590382743&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.4ba4d839a8c58443b0a3c9c44262d3b7.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

bb8a336cfb6fcec28ed454e668fd8a8cd440cb81544266cdb2cc79824fc49166

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=169677%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D169677&t_u=https%3A%2F%2Fwww.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F&t_e=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_d=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_t=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&s_o=default&l=en
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Fri, 24 Feb 2023 02:13:45 GMT
Strict-Transport-Security: max-age=300; includeSubdomains
X-Content-Type-Options: nosniff
Server: nginx
Age: 65
X-Frame-Options: SAMEORIGIN
Vary: Origin, Cookie
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: application/json
Cache-Control: stale-while-revalidate=30, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 1351
X-XSS-Protection: 1; mode=block

GET
H2 200 avatar92.jpg
c.disquscdn.com/uploads/forums/215/2520/ Frame 7A9B 3 KB
4 KB 6ms
6ms Image
image/jpeg 2600:9000:223d:3200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/uploads/forums/215/2520/avatar92.jpg?1666017561

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:3200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

547d64d9586e701e83fd750596ba4ad00437294bbb2377e68d38823b0d097911

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=169677%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D169677&t_u=https%3A%2F%2Fwww.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F&t_e=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_d=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_t=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&s_o=default&l=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-cache-hits: 0
date: Mon, 17 Oct 2022 14:40:50 GMT
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
age: 11187174
x-cache: Hit from cloudfront
content-length: 3099
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Mon, 17 Oct 2022 14:39:22 GMT
server: nginx
etag: "03e2797add6e2cc784dc53b89eb72771"
content-type: image/jpeg
cache-control: max-age=31536000, public, immutable
accept-ranges: bytes
x-amz-cf-id: 874BTjJygeuZ3tRkKuIEoOBuctwzxYvdkuEc_ZqTvYpLnr1vc4GAFw==
expires: Tue, 17 Oct 2023 14:40:50 GMT

GET
H2 200 svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
c.disquscdn.com/next/embed/assets/img/ Frame 7A9B 13 KB
13 KB 7ms
6ms Image
image/svg+xml 2600:9000:223d:3200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.2330dfe9833fc6fa82fa0ffee36e8c21.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:3200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.2330dfe9833fc6fa82fa0ffee36e8c21.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-cache-hits: 0
date: Thu, 28 Apr 2022 14:37:41 GMT
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
age: 26048163
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 13079
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Tue, 26 Apr 2022 19:12:12 GMT
server: nginx
etag: "6268440c-3317"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 1-9jOipL3JRQGINN3VYRIOGwjSZksn1aKfNDOqeXX0F87dhrvM0Fmw==
expires: Fri, 28 Apr 2023 14:37:41 GMT

GET
H2 200 loader.ba7c86e8b4b6135bb668d05223f8f127.gif
c.disquscdn.com/next/embed/assets/img/ Frame 7A9B 3 KB
3 KB 7ms
6ms Image
image/gif 2600:9000:223d:3200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/loader.ba7c86e8b4b6135bb668d05223f8f127.gif

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.2330dfe9833fc6fa82fa0ffee36e8c21.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:3200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.2330dfe9833fc6fa82fa0ffee36e8c21.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-cache-hits: 0
date: Thu, 12 Jan 2023 03:03:01 GMT
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
age: 3712243
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 2971
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Fri, 06 Jan 2023 19:06:43 GMT
server: nginx
etag: "63b87143-b9b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: KyXQ_YMHj-uGcd9UrJQqWxt5UAXLPFKm_tKPLXPuTNOsZt___bqANg==
expires: Fri, 12 Jan 2024 03:03:01 GMT

GET
H2 200 email.727e30eb9b6c1e85cb010b9c8eb04c7e.svg
c.disquscdn.com/next/embed/assets/img/ Frame 7A9B 840 B
1 KB 7ms
6ms Image
image/svg+xml 2600:9000:223d:3200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/email.727e30eb9b6c1e85cb010b9c8eb04c7e.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.2330dfe9833fc6fa82fa0ffee36e8c21.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:3200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

0589c5845288117448d7aa710af60618b151d78efd1a2653f89a0b57f7eb3de8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.2330dfe9833fc6fa82fa0ffee36e8c21.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-cache-hits: 0
date: Mon, 14 Nov 2022 05:36:22 GMT
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
age: 8800642
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 840
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Fri, 11 Nov 2022 07:03:00 GMT
server: nginx
etag: "636df3a4-348"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: g5qlZ6mjiJdnojukt0xLorMASqdBHaJ2h3yCwgsyZgH3zqaUO7hhAQ==
expires: Tue, 14 Nov 2023 05:36:22 GMT

GET
H2 200 privacy.8c96be6b50de1c3fab838c5f050e0be5.svg
c.disquscdn.com/next/embed/assets/img/ Frame 7A9B 891 B
1 KB 7ms
6ms Image
image/svg+xml 2600:9000:223d:3200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/privacy.8c96be6b50de1c3fab838c5f050e0be5.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.2330dfe9833fc6fa82fa0ffee36e8c21.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:3200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

068753b8f09b32ad8a3283199c7252090d0076a56924df724dda72828ae31b95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.2330dfe9833fc6fa82fa0ffee36e8c21.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-cache-hits: 0
date: Sat, 12 Nov 2022 02:28:02 GMT
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
age: 8984742
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 891
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Fri, 11 Nov 2022 07:03:00 GMT
server: nginx
etag: "636df3a4-37b"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: KtUAX64q4UUKGq_RSVZu-ajTJJXnKrbv1yFa_X5ilKGF7hVwrlPp6w==
expires: Sun, 12 Nov 2023 02:28:02 GMT

GET
H2 200 warning.3bc0b4bff6c268a4ceaf404014b9be42.svg
c.disquscdn.com/next/embed/assets/img/ Frame 7A9B 605 B
1 KB 8ms
7ms Image
image/svg+xml 2600:9000:223d:3200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/warning.3bc0b4bff6c268a4ceaf404014b9be42.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.2330dfe9833fc6fa82fa0ffee36e8c21.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:3200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

a657bedd3bc0c106f7cfa5fe6556a0b7e175870d33bd7da9ef67ffcffbafda69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.2330dfe9833fc6fa82fa0ffee36e8c21.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-cache-hits: 0
date: Sun, 04 Dec 2022 10:05:42 GMT
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
age: 7056482
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 605
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Thu, 01 Dec 2022 19:00:29 GMT
server: nginx
etag: "6388f9cd-25d"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: NSKXxT0nexnhm0H136yUEHoIsaEiu-hNYKA85kThUgp8uumlhJK2yg==
expires: Mon, 04 Dec 2023 10:05:42 GMT

GET
H2 200 sprite.ad630a07080a45451f139a7487853ff8.png
c.disquscdn.com/next/embed/assets/img/ Frame 7A9B 2 KB
2 KB 8ms
7ms Image
image/png 2600:9000:223d:3200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/sprite.ad630a07080a45451f139a7487853ff8.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.2330dfe9833fc6fa82fa0ffee36e8c21.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:3200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.2330dfe9833fc6fa82fa0ffee36e8c21.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-cache-hits: 0
date: Tue, 20 Sep 2022 11:48:31 GMT
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
age: 13530313
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 1763
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Fri, 16 Sep 2022 08:34:41 GMT
server: nginx
etag: "63243521-6e3"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: J4rwRXfKOxP-AFaqH3SqcldDuEzDmHi_JlZrrJ1RSVhSMVWz8QPZug==
expires: Wed, 20 Sep 2023 11:48:31 GMT

GET
H2 200 icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2
c.disquscdn.com/next/embed/assets/font/ Frame 7A9B 8 KB
8 KB 8ms
8ms Font
application/octet-stream 2600:9000:223d:3200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/assets/font/icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.2330dfe9833fc6fa82fa0ffee36e8c21.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:3200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c.disquscdn.com/next/embed/styles/lounge.2330dfe9833fc6fa82fa0ffee36e8c21.css
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-cache-hits: 0
date: Sun, 28 Aug 2022 00:45:29 GMT
via: 1.1 d79861a030d3421826a919f9c2b00146.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
age: 15557295
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 7900
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Fri, 26 Aug 2022 22:07:42 GMT
server: nginx
etag: "6309442e-1edc"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: TwwYYOuS5r7rvGqcrhoh7COvsFowuUGki4aolYBUcxBbG94eMhtvFw==
expires: Mon, 28 Aug 2023 00:45:29 GMT

GET
H2 200 realtime.b23ff3c36dd0169627f8e54ca1621eca.css
c.disquscdn.com/next/embed/styles/ Frame FDE1 337 B
840 B 6ms
6ms Stylesheet
text/css 2600:9000:223d:3200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css

Requested by

Host: welivesecurity.disqus.com
URL: https://welivesecurity.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:3200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 28 Oct 2022 14:13:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
age: 10238399
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 244
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Thu, 27 Oct 2022 21:17:31 GMT
server: nginx
etag: "635af56b-f4"
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: XX0CbIZ20lpw8RxunxEEG8jIRhKM8s38Jr61ZU1RkoU0l94MXvEWsw==
expires: Sat, 28 Oct 2023 14:13:46 GMT

GET
H2 200 realtime.b23ff3c36dd0169627f8e54ca1621eca.css
c.disquscdn.com/next/embed/styles/ Frame A9ED 337 B
839 B 7ms
6ms Stylesheet
text/css 2600:9000:223d:3200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css

Requested by

Host: welivesecurity.disqus.com
URL: https://welivesecurity.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:3200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 28 Oct 2022 14:13:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
age: 10238399
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 244
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Thu, 27 Oct 2022 21:17:31 GMT
server: nginx
etag: "635af56b-f4"
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: kJm7AeNn-dbDsGmroIy2oAzo-TNRwvAK4rO5krJCrXKOkKIyuA-zcQ==
expires: Sat, 28 Oct 2023 14:13:46 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 7A9B 15 KB
16 KB 29ms
6ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 09:37:51 GMT
x-content-type-options: nosniff
age: 578154
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 17 Feb 2024 09:37:51 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 7A9B 15 KB
15 KB 27ms
8ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 01:29:06 GMT
x-content-type-options: nosniff
age: 348279
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 20 Feb 2024 01:29:06 GMT

GET
H2 200 KFOkCnqEu92Fr1Mu51xIIzI.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 7A9B 17 KB
17 KB 32ms
14ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 05:20:36 GMT
x-content-type-options: nosniff
age: 75189
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17368
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 23 Feb 2024 05:20:36 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 7A9B 16 KB
16 KB 28ms
12ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 05:21:08 GMT
x-content-type-options: nosniff
age: 75157
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 23 Feb 2024 05:21:08 GMT

GET
H2 200 KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 7A9B 17 KB
17 KB 30ms
17ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6be97ca17228a69c406231d89c003194c3dfba7401eaa9fe9e9ed0ef1c18dc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 12:42:15 GMT
x-content-type-options: nosniff
age: 48690
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17032
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 23 Feb 2024 12:42:15 GMT

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ Frame 7A9B 43 B
339 B 110ms
95ms Image
image/gif 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?abe=0&embed_hidden=0&integration=wordpress%203.0.16&load_time=169&event=init_embed&thread=9590382743&forum=welivesecurity&forum_id=2152520&imp=6l98vt3128nv8h&thread_slug=winordll64_a_backdoor_from_the_vast_lazarus_arsenal&user_type=anon&referrer=https%3A%2F%2Fwww.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F&theme=next&dnt=0&tracking_enabled=0&experiment=network_default_hidden&variant=fallthrough&service=dynamic&promoted_enabled=false&max_enabled=false

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=169677%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D169677&t_u=https%3A%2F%2Fwww.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F&t_e=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_d=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_t=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&s_o=default&l=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Fri, 24 Feb 2023 02:13:45 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

GET
H2 200 upvote-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 7A9B 8 KB
8 KB 7ms
6ms Image
image/png 2600:9000:223d:3200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/upvote-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:3200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

ddc6aec4144b67f0a2a12d687f3c4b8a9faf7c445847d0e25dcb5bd1a9ba9018

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=169677%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D169677&t_u=https%3A%2F%2Fwww.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F&t_e=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_d=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_t=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&s_o=default&l=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 24 Feb 2023 02:09:28 GMT
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
age: 257
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 8170
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Thu, 23 Feb 2023 18:52:58 GMT
server: nginx
etag: "63f7b60a-1fea"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300, public
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: Gt1qqvsTII74f2mBoIFCbZYQwBJAHwDtXE0zPlhoKRNmDlMGeN3r5A==
expires: Fri, 24 Feb 2023 02:14:28 GMT

GET
H2 200 funny-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 7A9B 9 KB
9 KB 7ms
6ms Image
image/png 2600:9000:223d:3200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/funny-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:3200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

20a91bd509668238b6af8e16475c5e2611bcd2861d0eec2e0d4f6815e81449bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=169677%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D169677&t_u=https%3A%2F%2Fwww.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F&t_e=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_d=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_t=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&s_o=default&l=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 24 Feb 2023 02:10:19 GMT
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
age: 206
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 8883
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Thu, 23 Feb 2023 18:52:58 GMT
server: nginx
etag: "63f7b60a-22b3"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300, public
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: x_nxs3KJovTkDzIFpCQDGdftUCAB50mzByjspsn2Kggb7yy7Ivn4FQ==
expires: Fri, 24 Feb 2023 02:15:19 GMT

GET
H2 200 love-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 7A9B 12 KB
12 KB 8ms
7ms Image
image/png 2600:9000:223d:3200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/love-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:3200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e422b07ca1550e55cd90a518e910fd3cfb4d9337ea6092357f9761aa77ac9e33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=169677%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D169677&t_u=https%3A%2F%2Fwww.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F&t_e=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_d=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_t=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&s_o=default&l=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 24 Feb 2023 02:09:56 GMT
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
age: 229
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 11910
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Thu, 23 Feb 2023 18:52:58 GMT
server: nginx
etag: "63f7b60a-2e86"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300, public
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 7vW_FngIvAVM3ialz-zGiMGD6Q6lflUlcpUbxqP9JEQdYTzWpDKmhA==
expires: Fri, 24 Feb 2023 02:14:56 GMT

GET
H2 200 surprised-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 7A9B 7 KB
8 KB 8ms
7ms Image
image/png 2600:9000:223d:3200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/surprised-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:3200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4e14ce1bd0d4433eee84cbb16196a7a051126f07af888ef7f9d252120f32f907

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=169677%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D169677&t_u=https%3A%2F%2Fwww.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F&t_e=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_d=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_t=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&s_o=default&l=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 24 Feb 2023 02:13:07 GMT
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
age: 42
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 7308
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Thu, 23 Feb 2023 18:52:58 GMT
server: nginx
etag: "63f7b60a-1c8c"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300, public
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: IQPs0WlN6ttR3DudC4sKakztYtJ81oTZbdqpal43rUGuwE7lRuED6Q==
expires: Fri, 24 Feb 2023 02:18:03 GMT

GET
H2 200 angry-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 7A9B 20 KB
21 KB 9ms
8ms Image
image/png 2600:9000:223d:3200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/angry-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:3200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

db865c8f3642f3485829c0ee0008fe04a32cc66af70867b39f60395a7fed3984

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=169677%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D169677&t_u=https%3A%2F%2Fwww.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F&t_e=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_d=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_t=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&s_o=default&l=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 24 Feb 2023 02:10:40 GMT
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
age: 185
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 20675
x-xss-protection: 1; mode=block
x-served-by: static-web-1
last-modified: Thu, 23 Feb 2023 18:52:58 GMT
server: nginx
etag: "63f7b60a-50c3"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300, public
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: iMomc37QO6R8ho4wS80Oq7CyJ31qht0tbofKJkO0QxqoserXmSCn2w==
expires: Fri, 24 Feb 2023 02:15:40 GMT

GET
H2 200 sad-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame 7A9B 9 KB
9 KB 9ms
9ms Image
image/png 2600:9000:223d:3200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/sad-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223d:3200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

11c401a81e32b086bea3798c033009907b429fb601411da6ffc266b78184898a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=169677%20https%3A%2F%2Fbackend.welivesecurity.com%2F%3Fp%3D169677&t_u=https%3A%2F%2Fwww.welivesecurity.com%2F2023%2F02%2F23%2Fwinordll64-backdoor-vast-lazarus-arsenal%2F&t_e=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_d=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&t_t=WinorDLL64%3A%20A%20backdoor%20from%20the%20vast%20Lazarus%20arsenal%3F&s_o=default&l=en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 24 Feb 2023 02:12:49 GMT
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P3
age: 56
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 8986
x-xss-protection: 1; mode=block
x-served-by: static-web-1
last-modified: Thu, 23 Feb 2023 18:52:58 GMT
server: nginx
etag: "63f7b60a-231a"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300, public
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: Y-_NzXfrZzsaPAcPpuO_Ew02C0s7EqXV36fpA6UwPVSy9cTDw6ICRA==
expires: Fri, 24 Feb 2023 02:17:49 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js

Domain: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/7R9SM-QGSYF-QDLJK-UETXR-SPM6B

Domain: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/7R9SM-QGSYF-QDLJK-UETXR-SPM6B

Verdicts & Comments Add Verdict or Comment

58 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.welivesecurity.com/	1970-01-20 09:54:51	Name: _gid Value: GA1.2.1658582856.1677204824
.welivesecurity.com/	1970-01-20 19:29:24	Name: _ga Value: GA1.2.1935700808.1677204824
.welivesecurity.com/	1970-01-20 19:29:24	Name: _ga_FBY6B30C4M Value: GS1.1.1677204824.1.0.1677204824.0.0.0

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/(Line 16) Message: Refused to load the script 'https://az416426.vo.msecnd.net/scripts/a/ai.0.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/(Line 66) Message: Refused to load the script 'https://s.go-mpulse.net/boomerang/7R9SM-QGSYF-QDLJK-UETXR-SPM6B' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/(Line 66) Message: Refused to load the script 'https://s.go-mpulse.net/boomerang/7R9SM-QGSYF-QDLJK-UETXR-SPM6B' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://.akamaihd.net https://.akstat.io https://.hotjar.com https://.hotjar.io https://adservice.google.com https://captcha.eset.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.eset.com https://cdn1.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self'; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default;
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

az416426.vo.msecnd.net
c.disquscdn.com
cdn.esetstatic.com
cdn1.esetstatic.com
disqus.com
fonts.googleapis.com
fonts.gstatic.com
referrer.disqus.com
region1.google-analytics.com
s.go-mpulse.net
welivesecurity.disqus.com
www.google-analytics.com
www.googletagmanager.com
www.welivesecurity.com
az416426.vo.msecnd.net
s.go-mpulse.net
151.101.192.134
18.66.97.100
199.232.196.134
2001:4860:4802:34::36
2600:9000:223d:3200:6:8656:f5c0:93a1
2620:1ec:4e:1::45
2a00:1450:4001:80e::2003
2a00:1450:4001:80e::2008
2a00:1450:4001:812::200e
2a00:1450:4001:827::200a
2a02:26f0:480:f::213:7ed3
0589c5845288117448d7aa710af60618b151d78efd1a2653f89a0b57f7eb3de8
068753b8f09b32ad8a3283199c7252090d0076a56924df724dda72828ae31b95
11c401a81e32b086bea3798c033009907b429fb601411da6ffc266b78184898a
12c42fa79dc321e56bb3c23008cacf7a79771bab4fa61f765556e24ba13a89ff
12f37c0a70377ac636345742e2eb0d2acb70d411612020ae1608193330a5b15d
14d4f2dd6a2e890fa96742c8683388cbeaefc825413551f87647c26d86ad320e
174663a9b801861b4e6cf5c4cf94ec20e94b9e15404ba58c9b43a4cd6e7f3896
18375a99f4b847aa39d1da16be05d455c411409fd29afafd1be1ceedd706fab2
193fbb968733b8a7049da19274546e6b80b76e9a8f1b837fee9a5fdeb8f97c7b
1ba0ff3994900740a94dc37300b7415b25d642f6ef495afc5ae4e16ae1128e66
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
20a91bd509668238b6af8e16475c5e2611bcd2861d0eec2e0d4f6815e81449bd
260865134b6e69ca7bafa9e8ddcd59fb6ffbf727f50a3d2dd186d217c8c79694
29cf63b3a3f220aa82357afebcfda1a2499327ce2429680ab58af2a87ed19f23
3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
35425c6bfcc9cb97073ad120ef2ff24bacb8feede52fa5e505f8c40a067195fb
35ccbb14f6d8b7ed5eb03728f94221f27ed194ae83b32c40315d531f49b10bc1
430f46ce22f8b4b7cd70ea613fa17d9f974c6a7634a0e2bb086209e9460485b3
4711749957cd83f1827bc057b47e5fad53fb34d571c37914d12cc7b9b3d7db91
472d1ba3429e8ec7f23e4a094d0c578c95e007e15fdbfe62771ae0c01678e320
4aa3dd6247ebeedd8996a9c442af61c243dd39966ae7973c982dce2e3c9f8e2f
4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c
4e14ce1bd0d4433eee84cbb16196a7a051126f07af888ef7f9d252120f32f907
511e253387ed308f0053a733890f894f3fca6f5521e46c399107efeb4be0c396
5159dca2fe03c327248fd3b685f497f9f521c91d243ffaf43077601fedf56f7a
547d64d9586e701e83fd750596ba4ad00437294bbb2377e68d38823b0d097911
5813b04bb0c879b76179735995127ddc2af1867f42d4a4b5a8d7c3103f348b05
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
63a41173db39c92635a87b39eedb581e8a1c3142372ebced441ce927fef343a1
6be97ca17228a69c406231d89c003194c3dfba7401eaa9fe9e9ed0ef1c18dc38
7bd7d349cb984d8a66e401b924b4bb6ded6e8707a47edb78880cbc5f80ccf238
7df5345a52f22643ef051bf74f41d9a5a5644d5e699480a81ae8825b8ab5e533
7e5d4c5244e13672a91ef8d08f0c9fe06a4020d6259e75dbd4ee8c6798b022d6
822800703045ecbccb15cff577f1f09d9b4efee6ae916396a6aceb3f6544b9a5
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
835522a8bd6be0919bf3b579e711e1291a16ab2b3a50371827bba7580ccc2d4e
8df77ec03440b2553fcdd9f5b92a24867f19c1989b52beeb2374af7dfe607176
90514aacb5485e3aeb4bc8766c7ad3b6279254ea9806f9c463b9c82cb1f4b044
9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3
98c5d085af0203422d443dce1c737ac861630fe6aada284508ca1db3558bde8f
9abd76a570978a6e72fbed97f1142cb2e7b4fa20b22a1241fefbce251416bf7e
9c72aa9048dc4cb5f976e7b1a5be738cdc5429f35291261fab0036d077afaa51
a530deb9be14a63f69fc9929f2f56e690af01acf3ec5386a87b52c1afb4d048c
a657bedd3bc0c106f7cfa5fe6556a0b7e175870d33bd7da9ef67ffcffbafda69
a7301fee7a25343fa0be1f107775c116ff3f18aa4a4c4947643485305fdf5fb2
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
ba1c5790ac83bfbf785ce9075d918cab2d22e8b2e192ae9df8978dfa85b2f8be
bb8a336cfb6fcec28ed454e668fd8a8cd440cb81544266cdb2cc79824fc49166
c11cb8a2559b0ede513d84f4c2436af3b10ba523fe5541351f036a95a4184d73
c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3
cea0a05c5af6e21a409875328ed2e3dba79131b7c41f8ea07d0e0e02c7b7b59e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cffa239e0a651773d575030a5d67aebb950b5249ebedcd007906ea548e50c039
d33fbf33d2895817029b01cf16d273104474646e4e441988ab4efcfa7563991b
db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9
db865c8f3642f3485829c0ee0008fe04a32cc66af70867b39f60395a7fed3984
dcea066e3d60b25dc4666b218fee29d96512dd0a490ace124ca36a256f63ebd7
ddc6aec4144b67f0a2a12d687f3c4b8a9faf7c445847d0e25dcb5bd1a9ba9018
ddf0e65e326bc99627ac2d1df7babf8780bb64fe4fa08bb1a0e5d772fb2e3c94
e0c2fd69b7d441b42045d474afe52d2bdbb81a44c8d73e2c8271e4114003d991
e22e3416c5b454c2fc3c8e8185b478647446789abbee258ec18a5791880eaf1b
e2a1c2c0322c2737e986c860da67fbb2b9e93b70527a943b8c35b9d6e81ebb42
e3136ed18810649908a21e1af3d5ed10eb6f0b06f8e7653362e2303870aaf8b8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e422b07ca1550e55cd90a518e910fd3cfb4d9337ea6092357f9761aa77ac9e33
eea847879675c779e243a8dad7945ae783ce7f68ea382c550a7ad741a33c2c68
f055e217bde76d711bd8b42af773f9f99b8a29d81ad9ed10b6379cc7e6c60452
f0edf4ed283d119399dcb7025914b6a68a187667085bcbc49fe91db20f952cc1
f24b8a75facaefbf62c9da8e20fb6d72d61f8c34415c13ede3cd72abe3c02741
f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

www.welivesecurity.com Open in urlscan Pro 2a02:26f0:480:f::213:7ed3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

82 Requests

96 %HTTPS

73 %IPv6

10 Domains

14 Subdomains

12 IPs

2 Countries

3036 kBTransfer

4569 kBSize

3 Cookies

37 Outgoing links

Redirected requests

82 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.welivesecurity.com Open in urlscan Pro
2a02:26f0:480:f::213:7ed3 Public Scan

Screenshot
Live screenshot

Full Image

82
Requests

96 %
HTTPS

73 %
IPv6

10
Domains

14
Subdomains

12
IPs

2
Countries

3036 kB
Transfer

4569 kB
Size

3
Cookies

82 HTTP transactions
0 data transactions