www.cirt.gov.bd Open in urlscan Pro
103.48.16.54 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/#:~:text=Short%20Description%3A&text=Emot...
Effective URL:
https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Submission: On October 21 via manual (October 21st 2020, 11:26:27 pm UTC) from US

Summary HTTP 80 Redirects Links 22 Behaviour Indicators

Summary

This website contacted 11 IPs in 3 countries across 7 domains to perform 80 HTTP transactions. The main IP is 103.48.16.54, located in Bangladesh and belongs to BCC-BD Bangladesh Computer Council, BD. The main domain is www.cirt.gov.bd.
TLS certificate: Issued by Let's Encrypt Authority X3 on August 31st 2020. Valid for: 3 months.

This is the only time www.cirt.gov.bd was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
63	103.48.16.54 103.48.16.54	63932 (BCC-BD Ba...) (BCC-BD Bangladesh Computer Council)
3	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
1	2600:9000:207... 2600:9000:2070:a00:1c:8a07:5e80:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:821::2004	15169 (GOOGLE) (GOOGLE)
1	2600:9000:207... 2600:9000:2070:4c00:c:abe:f440:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:814::2004	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
1	2600:9000:209... 2600:9000:2093:9a00:c:a9b7:ddc0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:824::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81e::2003	15169 (GOOGLE) (GOOGLE)
1	3.127.132.197 3.127.132.197	16509 (AMAZON-02) (AMAZON-02)
80	11

63 103.48.16.54 (Bangladesh)

ASN63932 (BCC-BD Bangladesh Computer Council, BD)

www.cirt.gov.bd	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2070:a00:1c:8a07:5e80:93a1 (United States)

ASN16509 (AMAZON-02, US)

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:821::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2070:4c00:c:abe:f440:93a1 (United States)

ASN16509 (AMAZON-02, US)

buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:814::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2093:9a00:c:a9b7:ddc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.sharethis.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.127.132.197 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-132-197.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
63	cirt.gov.bd www.cirt.gov.bd	1 MB
6	gstatic.com fonts.gstatic.com www.gstatic.com	194 KB
3	sharethis.com platform-api.sharethis.com buttons-config.sharethis.com l.sharethis.com	32 KB
3	googleapis.com fonts.googleapis.com	3 KB
2	google-analytics.com google-analytics.com www.google-analytics.com	19 KB
2	google.com www.google.com	676 B
1	consensu.org c.sharethis.mgr.consensu.org
80	7

	Domain	Requested by
63	www.cirt.gov.bd	www.cirt.gov.bd
5	fonts.gstatic.com	fonts.googleapis.com
3	fonts.googleapis.com	www.cirt.gov.bd
2	www.google.com	www.cirt.gov.bd www.gstatic.com
1	l.sharethis.com	platform-api.sharethis.com
1	www.gstatic.com	www.google.com
1	www.google-analytics.com	google-analytics.com
1	c.sharethis.mgr.consensu.org	platform-api.sharethis.com
1	google-analytics.com	www.cirt.gov.bd
1	buttons-config.sharethis.com	platform-api.sharethis.com
1	platform-api.sharethis.com	www.cirt.gov.bd
80	11

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
www.linkedin.com
twitter.com
plusone.google.com
bangladesh.gov.bd
nea.bcc.gov.bd
www.ptd.gov.bd
a2i.gov.bd
www.pmo.gov.bd
mopa.gov.bd
www.ictd.gov.bd
first.org
www.apcert.org
www.antiphishing.org
www.oic-cert.org
www.trusted-introducer.org
ictd.gov.bd
www.bcc.gov.bd
play.google.com

Subject Issuer	Validity	Valid
www.cirt.gov.bd Let's Encrypt Authority X3	`2020-08-31` - `2020-11-29`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2020-09-22` - `2020-12-15`	3 months	crt.sh
sharethis.com Amazon	`2020-08-17` - `2021-09-16`	a year	crt.sh
www.google.com GTS CA 1O1	`2020-10-06` - `2020-12-29`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-09-22` - `2020-12-15`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-09-22` - `2020-12-15`	3 months	crt.sh
sharethis.mgr.consensu.org Amazon	`2020-05-05` - `2021-06-05`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Frame ID: 584151B7108CCB88EDF2D6410FE8E06B
Requests: 78 HTTP requests in this frame

Frame: https://c.sharethis.mgr.consensu.org/portal-v2.html
Frame ID: 89C9BFEFE83824B2E4C421781DD90F01
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdXeIAUAAAAACK2iDAcZDt4paRpMAcUh0TtReFF&co=aHR0cHM6Ly93d3cuY2lydC5nb3YuYmQ6NDQz&hl=en&v=T9w1ROdplctW2nVKvNJYXH8o&size=invisible&cb=r6dcf4o1syro
Frame ID: 329121CC135F8F077AF2B6366C820D82
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

80
Requests

100 %
HTTPS

82 %
IPv6

7
Domains

11
Subdomains

11
IPs

3
Countries

1411 kB
Transfer

3934 kB
Size

0
Cookies

22 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/bgdegovcirt/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/bgdegovcirt

Search URL Search Domain Scan URL

URL: https://twitter.com/bgdegovcirt

Search URL Search Domain Scan URL

URL: http://www.facebook.com/sharer.php?u=https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/&t=Indicator%20of%20compromise%20(IoC)%20of%20Emotet%20Malware

Search URL Search Domain Scan URL

URL: https://plusone.google.com/_/+1/confirm?hl=en-US&url=https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?original_referer=https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/&text=Indicator%20of%20compromise%20(IoC)%20of%20Emotet%20Malware&tw_p=tweetbutton&url=https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/&title=Indicator%20of%20compromise%20(IoC)%20of%20Emotet%20Malware&source=BGD%20e-GOV%20CIRT%20|%20Bangladesh%20e-Government%20Computer%20Incident%20Response%20Team

Search URL Search Domain Scan URL

URL: http://bangladesh.gov.bd/
Title: National Portal

Search URL Search Domain Scan URL

URL: http://nea.bcc.gov.bd/
Title: BNDA

Search URL Search Domain Scan URL

URL: http://www.ptd.gov.bd/
Title: Post & Telecom Division

Search URL Search Domain Scan URL

URL: https://a2i.gov.bd/
Title: Access to Information Project

Search URL Search Domain Scan URL

URL: http://www.pmo.gov.bd/
Title: Prime Minister's Office

Search URL Search Domain Scan URL

URL: http://mopa.gov.bd/
Title: Ministry of Public Administration

Search URL Search Domain Scan URL

URL: http://www.ictd.gov.bd/
Title: ICT Division

Search URL Search Domain Scan URL

URL: https://first.org/members/teams/bgd_e-gov_cirt

Search URL Search Domain Scan URL

URL: https://www.apcert.org/about/structure/members.html

Search URL Search Domain Scan URL

URL: http://www.antiphishing.org/

Search URL Search Domain Scan URL

URL: https://www.oic-cert.org/en/fullmembers.html

Search URL Search Domain Scan URL

URL: https://www.trusted-introducer.org/

Search URL Search Domain Scan URL

URL: http://ictd.gov.bd/

Search URL Search Domain Scan URL

URL: http://www.bcc.gov.bd/

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.cirt.axion.bdcirt
Title:

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

80 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/ 95 KB
18 KB 1602ms
567ms Document
text/html 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),

Reverse DNS

Software

Apache /

Resource Hash

d709c96f081cc8d56d263d663672ae508345870e8150926e7226c7e27ad0a11a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: www.cirt.gov.bd
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:07 GMT
Server: Apache
Referrer-Policy: unsafe-url
x-frame-options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Link: <https://www.cirt.gov.bd/?p=5180>; rel=shortlink
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 18517
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK style.min.css
www.cirt.gov.bd/wp-includes/css/dist/block-library/ 53 KB
8 KB 548ms
284ms Stylesheet
text/css 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-includes/css/dist/block-library/style.min.css?ver=5.5.1
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:07 GMT
Content-Encoding: gzip
Last-Modified: Tue, 01 Sep 2020 22:34:27 GMT
Server: Apache
ETag: "d293-5ae481f25c2c0-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 7907

GET
H/1.1 200
OK style.min.css
www.cirt.gov.bd/wp-includes/css/dist/components/ 110 KB
16 KB 835ms
285ms Stylesheet
text/css 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-includes/css/dist/components/style.min.css?ver=5.5.1
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 7edb9d3a11eb713aba55c4ba00f4c21a31a13f27fa829ba03ed1b01404226c25

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:08 GMT
Content-Encoding: gzip
Last-Modified: Wed, 12 Aug 2020 09:53:49 GMT
Server: Apache
ETag: "1b6e5-5acab2a15a540-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 16029

GET
H2 200 css
fonts.googleapis.com/ 10 KB
931 B 22ms
15ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Noto+Serif%3A400%2C400i%2C700%2C700i&ver=5.5.1

Requested by

Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b3f7951a492498d0cba9ae1928f8df7285390466c318184ae1de3943d2b33e3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 21 Oct 2020 22:31:27 GMT
server: ESF
date: Wed, 21 Oct 2020 23:26:07 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 21 Oct 2020 23:26:07 GMT

GET
H/1.1 200
OK style.min.css
www.cirt.gov.bd/wp-includes/css/dist/block-editor/ 79 KB
11 KB 831ms
277ms Stylesheet
text/css 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-includes/css/dist/block-editor/style.min.css?ver=5.5.1
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: f50b6020859d6ab7ea03795ce4072fe993163454a0ddad3497eb873d77bbfbca

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:08 GMT
Content-Encoding: gzip
Last-Modified: Tue, 01 Sep 2020 22:34:27 GMT
Server: Apache
ETag: "13c2e-5ae481f25c2c0-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 10834

GET
H/1.1 200
OK style.min.css
www.cirt.gov.bd/wp-includes/css/dist/nux/ 2 KB
1012 B 835ms
277ms Stylesheet
text/css 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-includes/css/dist/nux/style.min.css?ver=5.5.1
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: b35458211222e1663db842be7af5e535d3bbeaf88c9b813e64745b0c64d0b613

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:08 GMT
Content-Encoding: gzip
Last-Modified: Wed, 12 Aug 2020 09:53:49 GMT
Server: Apache
ETag: "9ce-5acab2a15a540-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 692

GET
H/1.1 200
OK style.min.css
www.cirt.gov.bd/wp-includes/css/dist/editor/ 22 KB
4 KB 839ms
279ms Stylesheet
text/css 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-includes/css/dist/editor/style.min.css?ver=5.5.1
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 43a4ae9da9120dc8fd0f23f7ad19b7392a19652c139e5b8d23bbbff7bfed6235

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:08 GMT
Content-Encoding: gzip
Last-Modified: Wed, 12 Aug 2020 09:53:49 GMT
Server: Apache
ETag: "56f8-5acab2a15a540-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 3809

GET
H/1.1 200
OK blocks.style.build.css
www.cirt.gov.bd/wp-content/plugins/robo-gallery/includes/extensions/block/dist/ 0
264 B 841ms
279ms Stylesheet
text/css 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/plugins/robo-gallery/includes/extensions/block/dist/blocks.style.build.css?ver=2.8.34
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:08 GMT
Last-Modified: Wed, 19 Aug 2020 11:48:32 GMT
Server: Apache
ETag: "0-5ad39953f7912"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 0

GET
H/1.1 200
OK styles.css
www.cirt.gov.bd/wp-content/plugins/contact-form-7/includes/css/ 2 KB
1 KB 841ms
279ms Stylesheet
text/css 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.3
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: fbf8ab57db7f9981bd71d79c7daaa01a3c578ffa0aa8e9b4a9b2bfe2e9927427

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:08 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Oct 2020 10:35:25 GMT
Server: Apache
ETag: "780-5b22be7bfd540-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 730

GET
H/1.1 200
OK email-subscribers-public.css
www.cirt.gov.bd/wp-content/plugins/email-subscribers/lite/public/css/ 2 KB
990 B 1105ms
274ms Stylesheet
text/css 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/plugins/email-subscribers/lite/public/css/email-subscribers-public.css?ver=4.6.1
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 5803ac00778699dfa69a5f4fed086bf5c29164864bdb5b2f36fe0e3cc98736fb

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:08 GMT
Content-Encoding: gzip
Last-Modified: Mon, 19 Oct 2020 10:34:38 GMT
Server: Apache
ETag: "71e-5b203a943eb80-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 671

GET
H/1.1 200
OK settings.css
www.cirt.gov.bd/wp-content/plugins/revslider/rs-plugin/css/ 54 KB
9 KB 1112ms
277ms Stylesheet
text/css 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/plugins/revslider/rs-plugin/css/settings.css?ver=4.6.93
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 8cf272f71df4c1da72cc6cac3e29e1099160a69a96825a6491783b41ed68e217

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:08 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 Jul 2017 11:32:37 GMT
Server: Apache
ETag: "d789-554090e6cbf40-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 9093

GET
H/1.1 200
OK master-min.php
www.cirt.gov.bd/wp-content/themes/CIRT/css/ 954 KB
124 KB 1137ms
298ms Stylesheet
text/css 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/themes/CIRT/css/master-min.php?ver=5.5.1
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: aa1ea22a122ab3cc6260cbbe7aa4eac2470596461b5dd24414d93cbb74d922f2

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:08 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css;charset=UTF-8
Transfer-Encoding: chunked
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99

GET
H/1.1 200
OK style-sacramento.css
www.cirt.gov.bd/wp-content/themes/CIRT/css/ 5 KB
2 KB 1119ms
279ms Stylesheet
text/css 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/themes/CIRT/css/style-sacramento.css?ver=5.5.1
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 9ba8f9b4b7d5e1e4f8a5e5fa579f0d57dd9f487627ae88cd0f3c59d3c78d4d33

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:08 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 Jul 2017 11:32:37 GMT
Server: Apache
ETag: "1560-554090e6cbf40-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1619

GET
H2 200 css
fonts.googleapis.com/ 13 KB
1010 B 20ms
16ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A100%2C300%2C400%2C500%2C700%7CDomine%3A400%2C700&ver=5.5.1

Requested by

Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9915aa9d8f4c848b0190368f1f0d9eacc9a8511a3a55cc1e4f9f93bde77ea572

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 21 Oct 2020 23:26:07 GMT
server: ESF
date: Wed, 21 Oct 2020 23:26:07 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 21 Oct 2020 23:26:07 GMT

GET
H2 200 css
fonts.googleapis.com/ 4 KB
721 B 19ms
15ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat%3A400%2C700&ver=5.5.1

Requested by

Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a4088dbd5ae05ef25b50ae71d76c9dd70464744529a15d087babfd1ede1ba00f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 21 Oct 2020 22:27:20 GMT
server: ESF
date: Wed, 21 Oct 2020 23:26:07 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 21 Oct 2020 23:26:07 GMT

GET
H/1.1 200
OK c3.min.css
www.cirt.gov.bd/wp-content/themes/CIRT/Stats/ 2 KB
1 KB 1119ms
278ms Stylesheet
text/css 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/themes/CIRT/Stats/c3.min.css?ver=5.5.1
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 01456ebf5b68e69d252a44b04dafb83f467ddd63fa20e23e855334cdf1e846ce

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:08 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 Jul 2017 11:32:37 GMT
Server: Apache
ETag: "7fc-554090e6cbf40-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 805

GET
H/1.1 200
OK c3.min.fix.css
www.cirt.gov.bd/wp-content/themes/CIRT/Stats/ 70 B
399 B 1384ms
283ms Stylesheet
text/css 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/themes/CIRT/Stats/c3.min.fix.css?ver=5.5.1
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 583911782bea31cb83e4a9d59c3c51531ee8a19b7211f77000363d14a7c6bed9

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:08 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 Jul 2017 11:32:37 GMT
Server: Apache
ETag: "46-554090e6cbf40-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 82

GET
H/1.1 200
OK style.css
www.cirt.gov.bd/wp-content/plugins/latest-posts/assets/css/ 763 B
602 B 1378ms
274ms Stylesheet
text/css 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/plugins/latest-posts/assets/css/style.css?ver=5.5.1
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: c87c28298b79a0982e1ecc1b5a648f1e2d1c82c6447ddddfbc27f0c0c37402c0

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:08 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 Jul 2017 11:32:37 GMT
Server: Apache
ETag: "2fb-554090e6cbf40-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 283

GET
H/1.1 200
OK jquery.js Show response
www.cirt.gov.bd/wp-includes/js/jquery/ 95 KB
33 KB 1391ms
280ms Script
application/javascript 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:08 GMT
Content-Encoding: gzip
Last-Modified: Tue, 21 May 2019 22:34:37 GMT
Server: Apache
ETag: "17a69-5896d742b7940-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 33776

GET
H/1.1 200
OK email-subscribers-public.js Show response
www.cirt.gov.bd/wp-content/plugins/email-subscribers/lite/public/js/ 3 KB
2 KB 1398ms
279ms Script
application/javascript 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/plugins/email-subscribers/lite/public/js/email-subscribers-public.js?ver=4.6.1
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 34e35f893b634d5439db39f3c4f202ddc21aaf406e5724e8c118d513f086752f

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:08 GMT
Content-Encoding: gzip
Last-Modified: Mon, 19 Oct 2020 10:34:38 GMT
Server: Apache
ETag: "dd8-5b203a943eb80-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 1458

GET
H/1.1 200
OK jquery.themepunch.tools.min.js Show response
www.cirt.gov.bd/wp-content/plugins/revslider/rs-plugin/js/ 98 KB
34 KB 1402ms
284ms Script
application/javascript 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/plugins/revslider/rs-plugin/js/jquery.themepunch.tools.min.js?ver=4.6.93
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 3179395361593c5afaf7f5d5c18b7c9c00ebabe5fa335d17f153ee39e2a4fe5e

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:08 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 Jul 2017 11:32:37 GMT
Server: Apache
ETag: "18882-554090e6cbf40-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 34329

GET
H/1.1 200
OK jquery.themepunch.revolution.min.js Show response
www.cirt.gov.bd/wp-content/plugins/revslider/rs-plugin/js/ 107 KB
26 KB 1655ms
278ms Script
application/javascript 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/plugins/revslider/rs-plugin/js/jquery.themepunch.revolution.min.js?ver=4.6.93
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 7e5efee0efab67664f43a04820573d1631e792052aeeedb3163b6d0579ec3e34

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:09 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 Jul 2017 11:32:37 GMT
Server: Apache
ETag: "1adcf-554090e6cbf40-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 26458

GET
H2 200 sharethis.js Show response
platform-api.sharethis.com/js/ 99 KB
31 KB 50ms
16ms Script
text/javascript 2600:9000:2070:a00:1c:8a07:5e80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://platform-api.sharethis.com/js/sharethis.js
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2070:a00:1c:8a07:5e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: ca435c33acbc343c9a3db08401ea0b95c724474a8deea44bb6cce17b005739a9

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 21 Oct 2020 23:25:51 GMT
content-encoding: gzip
age: 16
etag: W/"18c2e-6rpOsMxFDVyDuEwBnEXQU9fd1Kk"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
status: 200
edge-control: cache-maxage=60m,downstream-ttl=60m
cache-control: max-age=600, public
x-amz-cf-pop: HAM50-C3
x-amz-cf-id: NYBmjmNNHvjiA4-CYyCgO0R_kCl50cfFtEzCUu77oTtkREwTl4IdYA==
via: 1.1 8a1ff83d003e2ec239013528078f9675.cloudfront.net (CloudFront)

GET
H/1.1 200
OK shield-antibot.js Show response
www.cirt.gov.bd/wp-content/plugins/wp-simple-firewall/resources/js/ 3 KB
1 KB 1665ms
283ms Script
application/javascript 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/plugins/wp-simple-firewall/resources/js/shield-antibot.js?ver=9.2.1&mtime=1599370429
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: d24350e3a8c6e3963544189c3d0cfcd8c11e5dbac0de76aace83993b7d16dcf6

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:09 GMT
Content-Encoding: gzip
Last-Modified: Sun, 06 Sep 2020 05:33:49 GMT
Server: Apache
ETag: "c00-5ae9e7248e940-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 927

GET
H/1.1 200
OK wp-emoji-release.min.js Show response
www.cirt.gov.bd/wp-includes/js/ 14 KB
5 KB 349ms
277ms Script
application/javascript 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-includes/js/wp-emoji-release.min.js?ver=5.5.1
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 8cb438bd4d1961f80ade4f1a295ca7de253630adcdd10473932908e638908c5e

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:11 GMT
Content-Encoding: gzip
Last-Modified: Wed, 12 Aug 2020 09:53:49 GMT
Server: Apache
ETag: "37a6-5acab2a15a540-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 4671

GET
H/1.1 200
OK image-1.jpg
www.cirt.gov.bd/wp-content/uploads/2020/07/ 9 KB
10 KB 894ms
274ms Image
image/jpeg 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cirt.gov.bd/wp-content/uploads/2020/07/image-1.jpg
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 8bfa5e5c6ae405f1687c126b005a79819f548270587f7668fb37be5b9828c372

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:10 GMT
Last-Modified: Fri, 24 Jul 2020 14:28:38 GMT
Server: Apache
ETag: "253b-5ab30c9ebb180"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 9531

GET
H/1.1 200
OK fbb.png
www.cirt.gov.bd/wp-content/uploads/2017/05/ 58 KB
58 KB 448ms
278ms Image
image/png 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cirt.gov.bd/wp-content/uploads/2017/05/fbb.png
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: bd0c4882d7c1bddffc74aa8a9f513d39bd9d668b4e6de56d7f1b9c5345c97ffb

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:09 GMT
Last-Modified: Tue, 11 Jul 2017 11:32:36 GMT
Server: Apache
ETag: "e800-554090e5d7d00"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 59392

GET
H/1.1 200
OK linkedin-icon-31465.png
www.cirt.gov.bd/wp-content/uploads/2017/05/ 83 KB
83 KB 736ms
278ms Image
image/png 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cirt.gov.bd/wp-content/uploads/2017/05/linkedin-icon-31465.png
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 97842f23d8f587c3a81fbbf92fb7a9b2706da242afef75ce2e605c8463eef018

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:10 GMT
Last-Modified: Tue, 11 Jul 2017 11:32:36 GMT
Server: Apache
ETag: "14c13-554090e5d7d00"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 85011

GET
H/1.1 200
OK twitter-ico-file-twitter-icon-png-facebook-icon-png-twitter-21.png
www.cirt.gov.bd/wp-content/uploads/2017/06/ 52 KB
53 KB 719ms
277ms Image
image/png 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cirt.gov.bd/wp-content/uploads/2017/06/twitter-ico-file-twitter-icon-png-facebook-icon-png-twitter-21.png
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: d69fa454cbc5cdf6f051f0ab25056d98b4b0351f7efc3ac6e0d5c49a0e33ea11

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:10 GMT
Last-Modified: Tue, 11 Jul 2017 11:32:37 GMT
Server: Apache
ETag: "d182-554090e6cbf40"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 53634

GET
H/1.1 200
OK spinner.gif
www.cirt.gov.bd/wp-content/plugins/email-subscribers/lite/public/images/ 3 KB
3 KB 578ms
279ms Image
image/gif 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cirt.gov.bd/wp-content/plugins/email-subscribers/lite/public/images/spinner.gif
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 7837e876f1eef549b3250b78380ec2df00ad6da4da6c27667424b1636854df3c

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:11 GMT
Last-Modified: Mon, 19 Oct 2020 10:34:38 GMT
Server: Apache
ETag: "c88-5b203a943eb80"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=92
Content-Length: 3208

GET
H/1.1 200
OK google-play-badge.png
www.cirt.gov.bd/wp-content/uploads/2017/05/ 14 KB
14 KB 291ms
291ms Image
image/png 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cirt.gov.bd/wp-content/uploads/2017/05/google-play-badge.png
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 215e46442382af6784b854e56f70c527d0d205a367c58567c308d3c3fbe31cc2

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:11 GMT
Last-Modified: Tue, 11 Jul 2017 11:32:36 GMT
Server: Apache
ETag: "3685-554090e5d7d00"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=91
Content-Length: 13957

GET
H/1.1 200
OK scripts.js Show response
www.cirt.gov.bd/wp-content/plugins/contact-form-7/includes/js/ 14 KB
4 KB 275ms
275ms Script
application/javascript 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.3
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 125ec330f66081e7dc9f2814e9ec18f4e2d0baa1936d497375eedfda7ac12e5c

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:09 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Oct 2020 10:35:25 GMT
Server: Apache
ETag: "37c8-5b22be7bfd540-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 3951

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 884 B
676 B 20ms
20ms Script
text/javascript 2a00:1450:4001:821::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6LdXeIAUAAAAACK2iDAcZDt4paRpMAcUh0TtReFF&ver=3.0

Requested by

Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0e2d1fc9d66a3a696612f741dcba24e6c6fbdf72b7722f02dc8496c0f28401b6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 21 Oct 2020 23:26:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 584
x-xss-protection: 1; mode=block
expires: Wed, 21 Oct 2020 23:26:09 GMT

GET
H/1.1 200
OK script.js Show response
www.cirt.gov.bd/wp-content/plugins/contact-form-7/modules/recaptcha/ 1 KB
796 B 283ms
279ms Script
application/javascript 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/plugins/contact-form-7/modules/recaptcha/script.js?ver=5.3
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: aef711d1643073ab593de1d958ee854d6f63339cb216eda43666fb9dfcebffd0

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:09 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Oct 2020 10:35:25 GMT
Server: Apache
ETag: "4f3-5b22be7bfd540-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 463

GET
H/1.1 200
OK dynjs.js Show response
www.cirt.gov.bd/wp-content/themes/CIRT/js/ 0
277 B 282ms
279ms Script
application/javascript 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/themes/CIRT/js/dynjs.js
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:09 GMT
Last-Modified: Wed, 21 Oct 2020 23:26:07 GMT
Server: Apache
ETag: "0-5b236abff3ad0"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 0

GET
H/1.1 200
OK jquery.plugins.js Show response
www.cirt.gov.bd/wp-content/themes/CIRT/js/ 162 KB
45 KB 292ms
289ms Script
application/javascript 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/themes/CIRT/js/jquery.plugins.js
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: c8618ef3cfd97f8c1afac9d3efaa3af96d8d193acadd275c0317980d15d78849

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:09 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 Jul 2017 11:32:37 GMT
Server: Apache
ETag: "286d9-554090e6cbf40-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 45670

GET
H/1.1 200
OK mediaelement-and-player.min.js Show response
www.cirt.gov.bd/wp-includes/js/mediaelement/ 157 KB
39 KB 285ms
282ms Script
application/javascript 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.13-9993131
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 282c86db3fc6cedcc79b172069ba09831ce0e6ba235d13bff382f57f0d3977ff

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:09 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Nov 2019 03:47:02 GMT
Server: Apache
ETag: "272c5-5973237b01980-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 39664

GET
H/1.1 200
OK mediaelement-migrate.min.js Show response
www.cirt.gov.bd/wp-includes/js/mediaelement/ 1 KB
878 B 281ms
278ms Script
application/javascript 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=5.5.1
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: b37a604b4add99725c3a9e6b0440fc4452f71139517e7d7deb452ed98499068c

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:09 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Nov 2019 03:47:02 GMT
Server: Apache
ETag: "4a9-5973237b01980-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 545

GET
H/1.1 200
OK california-custom.js Show response
www.cirt.gov.bd/wp-content/themes/CIRT/js/ 23 KB
7 KB 281ms
280ms Script
application/javascript 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/themes/CIRT/js/california-custom.js
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 23f964be5c2cb15c001004fcbc63258f543fe549137477fef976fc1ce7221e4a

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:10 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 Jul 2017 11:32:37 GMT
Server: Apache
ETag: "5daa-554090e6cbf40-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 6349

GET
H/1.1 200
OK c3.min.js Show response
www.cirt.gov.bd/wp-content/themes/CIRT/Stats/ 134 KB
35 KB 293ms
290ms Script
application/javascript 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/themes/CIRT/Stats/c3.min.js?ver=5.5.1
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: f08bac9f39bba953714ff6372cd33e9fd2cb63365826855cc27cca4ccf209d8e

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:10 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 Jul 2017 11:32:37 GMT
Server: Apache
ETag: "2183f-554090e6cbf40-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 35831

GET
H/1.1 200
OK c3.js Show response
www.cirt.gov.bd/wp-content/themes/CIRT/Stats/ 367 KB
63 KB 290ms
289ms Script
application/javascript 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/themes/CIRT/Stats/c3.js?ver=5.5.1
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: ab9762e7956a1497ec226045a282bc8f663bf1949733957d2cf4a9c5d2ff772b

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:10 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 Jul 2017 11:32:37 GMT
Server: Apache
ETag: "5bb10-554090e6cbf40-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95

GET
H/1.1 200
OK d3.v3.min.js Show response
www.cirt.gov.bd/wp-content/themes/CIRT/Stats/ 148 KB
53 KB 385ms
281ms Script
application/javascript 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/themes/CIRT/Stats/d3.v3.min.js?ver=5.5.1
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: a762ca217f7dc1d7eace1d35a067389856810b70e23487082f08bc01f54cdbd4

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:10 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 Jul 2017 11:32:37 GMT
Server: Apache
ETag: "250b1-554090e6cbf40-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 53514

GET
H/1.1 200
OK images.js Show response
www.cirt.gov.bd/wp-content/themes/CIRT/Stats/ 7 KB
2 KB 362ms
276ms Script
application/javascript 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/themes/CIRT/Stats/images.js?ver=5.5.1
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: d167c8471ed409718b02ccf62469d10342448ac6506a8d87afb4c66d9bdcdb3d

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:10 GMT
Content-Encoding: gzip
Last-Modified: Thu, 21 Mar 2019 08:34:05 GMT
Server: Apache
ETag: "1bfd-5849699de5940-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 1646

GET
H/1.1 200
OK new-tab.js Show response
www.cirt.gov.bd/wp-content/plugins/page-links-to/dist/ 24 KB
9 KB 296ms
279ms Script
application/javascript 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/plugins/page-links-to/dist/new-tab.js?ver=3.3.4
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: d455ab882af3a742e6c9680578e6a590681bda99e34847f550f1f41a7d167969

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:10 GMT
Content-Encoding: gzip
Last-Modified: Thu, 23 Jul 2020 11:44:38 GMT
Server: Apache
ETag: "609e-5ab1a6191d580-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 8819

GET
H/1.1 200
OK wp-embed.min.js Show response
www.cirt.gov.bd/wp-includes/js/ 1 KB
1 KB 307ms
283ms Script
application/javascript 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-includes/js/wp-embed.min.js?ver=5.5.1
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:10 GMT
Content-Encoding: gzip
Last-Modified: Wed, 01 Apr 2020 10:40:26 GMT
Server: Apache
ETag: "59a-5a2384fe79a80-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 769

GET
H/1.1 200
OK live-search.js Show response
www.cirt.gov.bd/wp-content/themes/CIRT/js/ 12 KB
3 KB 297ms
278ms Script
application/javascript 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/themes/CIRT/js/live-search.js
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 5c994bba8159223a93b182c0ddcaefed7a33f7dab291db40d11899da3d018aae

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:10 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 Jul 2017 11:32:37 GMT
Server: Apache
ETag: "31ad-554090e6cbf40-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 3135

GET
H/1.1 200
OK js_composer_front.min.js Show response
www.cirt.gov.bd/wp-content/plugins/js_composer/assets/js/dist/ 20 KB
6 KB 418ms
274ms Script
application/javascript 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.4.1
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 527beb6c2c7fb7390156ab5c7e269b74994831e1cae8a54bec16e6165b908fc4

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:10 GMT
Content-Encoding: gzip
Last-Modified: Sun, 27 Sep 2020 05:17:57 GMT
Server: Apache
ETag: "50d9-5b044ac356b40-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=92
Content-Length: 5834

GET
H2 200 58ac347c82a5e50012746034.js Show response
buttons-config.sharethis.com/js/ 30 B
380 B 432ms
396ms Script
text/javascript 2600:9000:2070:4c00:c:abe:f440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://buttons-config.sharethis.com/js/58ac347c82a5e50012746034.js
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2070:4c00:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 21 Oct 2020 23:26:10 GMT
via: 1.1 85e4c30db6ed9459bdead04635e1ab69.cloudfront.net (CloudFront)
last-modified: Tue, 21 Feb 2017 12:37:17 GMT
server: AmazonS3
x-amz-cf-pop: HAM50-C3
etag: "e6e1643313740711175f51662a65b42f"
x-cache: RefreshHit from cloudfront
content-type: text/javascript
status: 200
cache-control: max-age=60,public
accept-ranges: bytes
content-length: 30
x-amz-cf-id: lrU49KnXqdQK6tI3TvrG86nMFR9AwxQIxwICJM-ufX6XTodBvlNUbw==

GET
H2 200 analytics.js Show response
google-analytics.com/ 45 KB
19 KB 28ms
6ms Script
text/javascript 2a00:1450:4001:814::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://google-analytics.com/analytics.js

Requested by

Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Sep 2020 01:50:37 GMT
server: Golfe2
age: 7174
date: Wed, 21 Oct 2020 21:26:35 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18650
expires: Wed, 21 Oct 2020 23:26:35 GMT

GET
H/1.1 200
OK /
www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/ 37 KB
37 KB 791ms
622ms Image
text/html 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/

Requested by

Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:09 GMT
Content-Encoding: gzip
Referrer-Policy: unsafe-url
Server: Apache
Link: <https://www.cirt.gov.bd/?p=5180>; rel=shortlink
x-frame-options: SAMEORIGIN
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 18516
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5, max=96

GET
H/1.1 200
OK li-arrow.png
www.cirt.gov.bd/wp-content/themes/CIRT/images/ 172 B
439 B 278ms
277ms Image
image/png 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cirt.gov.bd/wp-content/themes/CIRT/images/li-arrow.png
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/wp-content/themes/CIRT/css/master-min.php?ver=5.5.1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 8f76d3bb023d40270f1f6c157bc8255252139e312ca50b75311486f7106e17ab

Request headers

Referer: https://www.cirt.gov.bd/wp-content/themes/CIRT/css/master-min.php?ver=5.5.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:11 GMT
Last-Modified: Tue, 11 Jul 2017 11:32:37 GMT
Server: Apache
ETag: "ac-554090e6cbf40"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=92
Content-Length: 172

GET
H/1.1 200
OK fontawesome-webfont.woff
www.cirt.gov.bd/wp-content/themes/CIRT/fonts/ 64 KB
64 KB 454ms
274ms Font
application/x-font-woff 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/themes/CIRT/fonts/fontawesome-webfont.woff?v=4.2.0
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/wp-content/themes/CIRT/css/master-min.php?ver=5.5.1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1

Request headers

Origin: https://www.cirt.gov.bd
Referer: https://www.cirt.gov.bd/wp-content/themes/CIRT/css/master-min.php?ver=5.5.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:09 GMT
Last-Modified: Tue, 11 Jul 2017 11:32:37 GMT
Server: Apache
ETag: "ffac-554090e6cbf40"
Content-Type: application/x-font-woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 65452

GET
H2 200 JTURjIg1_i6t8kCHKm45_dJE3gnD_vx3rCs.woff2
fonts.gstatic.com/s/montserrat/v15/ 13 KB
13 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_dJE3gnD_vx3rCs.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat%3A400%2C700&ver=5.5.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c6cf0709b8e52572cae1fb57128acd0a5a453c9ce99dc3712a1860ff90c6bf8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.cirt.gov.bd
Referer: https://fonts.googleapis.com/css?family=Montserrat%3A400%2C700&ver=5.5.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 21 Oct 2020 11:20:34 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:11:15 GMT
server: sffe
age: 43535
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13612
x-xss-protection: 0
expires: Thu, 21 Oct 2021 11:20:34 GMT

GET
H2 200 JTUSjIg1_i6t8kCHKm459WlhyyTh89Y.woff2
fonts.gstatic.com/s/montserrat/v15/ 13 KB
13 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v15/JTUSjIg1_i6t8kCHKm459WlhyyTh89Y.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat%3A400%2C700&ver=5.5.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0ce5a460ace775560c3344a43245687bdbec5cb8ee20d209ab9fa67f4e09a3e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.cirt.gov.bd
Referer: https://fonts.googleapis.com/css?family=Montserrat%3A400%2C700&ver=5.5.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 11:20:41 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:12:14 GMT
server: sffe
age: 216328
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13708
x-xss-protection: 0
expires: Tue, 19 Oct 2021 11:20:41 GMT

GET
H/1.1 200
OK linecons.woff
www.cirt.gov.bd/wp-content/themes/CIRT/fonts/ 27 KB
27 KB 548ms
281ms Font
application/x-font-woff 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/themes/CIRT/fonts/linecons.woff
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/wp-content/themes/CIRT/css/master-min.php?ver=5.5.1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 0e1076ec01481ada6dcbe8d22736b9c56cdfbd078620b589a60f5a11eee9152d

Request headers

Origin: https://www.cirt.gov.bd
Referer: https://www.cirt.gov.bd/wp-content/themes/CIRT/css/master-min.php?ver=5.5.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:09 GMT
Last-Modified: Tue, 11 Jul 2017 11:32:37 GMT
Server: Apache
ETag: "6aac-554090e6cbf40"
Content-Type: application/x-font-woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 27308

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A100%2C300%2C400%2C500%2C700%7CDomine%3A400%2C700&ver=5.5.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.cirt.gov.bd
Referer: https://fonts.googleapis.com/css?family=Roboto%3A100%2C300%2C400%2C500%2C700%7CDomine%3A400%2C700&ver=5.5.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 19 Oct 2020 20:01:08 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:58 GMT
server: sffe
age: 185101
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11020
x-xss-protection: 0
expires: Tue, 19 Oct 2021 20:01:08 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A100%2C300%2C400%2C500%2C700%7CDomine%3A400%2C700&ver=5.5.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.cirt.gov.bd
Referer: https://fonts.googleapis.com/css?family=Roboto%3A100%2C300%2C400%2C500%2C700%7CDomine%3A400%2C700&ver=5.5.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 15 Oct 2020 05:43:30 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:52 GMT
server: sffe
age: 582159
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11180
x-xss-protection: 0
expires: Fri, 15 Oct 2021 05:43:30 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A100%2C300%2C400%2C500%2C700%7CDomine%3A400%2C700&ver=5.5.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.cirt.gov.bd
Referer: https://fonts.googleapis.com/css?family=Roboto%3A100%2C300%2C400%2C500%2C700%7CDomine%3A400%2C700&ver=5.5.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 21 Oct 2020 11:20:33 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 43536
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11016
x-xss-protection: 0
expires: Thu, 21 Oct 2021 11:20:33 GMT

GET
H/1.1 200
OK first-logo-home-1.png
www.cirt.gov.bd/wp-content/uploads/2017/07/ 18 KB
18 KB 276ms
276ms Image
image/png 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cirt.gov.bd/wp-content/uploads/2017/07/first-logo-home-1.png
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 47e0af86bac1746d9f505d80d0252db1e8b5442ad274238e60f9e099ba1931b5

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:11 GMT
Last-Modified: Tue, 11 Jul 2017 11:32:36 GMT
Server: Apache
ETag: "463c-554090e5d7d00"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 17980

GET
H/1.1 200
OK APCERT-logo.jpg
www.cirt.gov.bd/wp-content/uploads/2017/08/ 10 KB
10 KB 279ms
278ms Image
image/jpeg 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cirt.gov.bd/wp-content/uploads/2017/08/APCERT-logo.jpg
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: ee973a6809c66427826c61013e5f61886cf0d28f432735945b0dc734386d47e8

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:11 GMT
Last-Modified: Sun, 27 Aug 2017 07:37:25 GMT
Server: Apache
ETag: "2744-557b73fd35740"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=91
Content-Length: 10052

GET
H/1.1 200
OK APWG-LOGO-IN-COLOR.jpg
www.cirt.gov.bd/wp-content/uploads/2017/03/ 22 KB
23 KB 283ms
283ms Image
image/jpeg 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cirt.gov.bd/wp-content/uploads/2017/03/APWG-LOGO-IN-COLOR.jpg
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: d1533a615c170f6e8dd1c1bb9013daa813998206f6f9e41051bb260c698ca680

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:11 GMT
Last-Modified: Tue, 11 Jul 2017 11:32:37 GMT
Server: Apache
ETag: "58fb-554090e6cbf40"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=90
Content-Length: 22779

GET
H/1.1 200
OK oic-cert-logo.png
www.cirt.gov.bd/wp-content/uploads/2017/07/ 8 KB
8 KB 278ms
278ms Image
image/png 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cirt.gov.bd/wp-content/uploads/2017/07/oic-cert-logo.png
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 04695ff8223ec73fabb2e1a005398a743279ff5dd2e3bffa39923d12dd803794

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:11 GMT
Last-Modified: Thu, 20 Jul 2017 09:45:22 GMT
Server: Apache
ETag: "1ecc-554bc9b70d080"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=91
Content-Length: 7884

GET
H/1.1 200
OK TI-Accredited_120x120.jpg
www.cirt.gov.bd/wp-content/uploads/2019/01/ 16 KB
17 KB 274ms
274ms Image
image/jpeg 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cirt.gov.bd/wp-content/uploads/2019/01/TI-Accredited_120x120.jpg
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: df66761bba1d80b52f102275c5019f690b700c458d6fe9682980efce816db371

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:11 GMT
Last-Modified: Tue, 15 Jan 2019 10:47:57 GMT
Server: Apache
ETag: "4194-57f7ce4ed9140"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=89
Content-Length: 16788

GET
H/1.1 200
OK DigitalBangladesh.png
www.cirt.gov.bd/wp-content/uploads/2017/04/ 14 KB
14 KB 276ms
276ms Image
image/png 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cirt.gov.bd/wp-content/uploads/2017/04/DigitalBangladesh.png
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 8ddf7a68d3c48573feac92a05a2944580d0e2cda35c00ac37afe938ecf2e65a3

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:11 GMT
Last-Modified: Tue, 11 Jul 2017 11:32:36 GMT
Server: Apache
ETag: "381b-554090e5d7d00"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=91
Content-Length: 14363

GET
H/1.1 200
OK ICTDivision.png
www.cirt.gov.bd/wp-content/uploads/2017/04/ 15 KB
15 KB 279ms
278ms Image
image/png 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cirt.gov.bd/wp-content/uploads/2017/04/ICTDivision.png
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 5a9adc540cc8d07389bf5d19a467e7f7133227c2a23ed90f6407c4b75f3022b8

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:11 GMT
Last-Modified: Tue, 11 Jul 2017 11:32:36 GMT
Server: Apache
ETag: "3b1f-554090e5d7d00"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=90
Content-Length: 15135

GET
H/1.1 200
OK BangladeshComputerCouncil.png
www.cirt.gov.bd/wp-content/uploads/2017/04/ 11 KB
11 KB 277ms
277ms Image
image/png 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cirt.gov.bd/wp-content/uploads/2017/04/BangladeshComputerCouncil.png
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 5522930fbc9a4341051b08cb2614dc1e0ec2c8f5b7e4b464074cd1934dd4ebb4

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:11 GMT
Last-Modified: Tue, 11 Jul 2017 11:32:36 GMT
Server: Apache
ETag: "2ba9-554090e5d7d00"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 11177

GET
H/1.1 200
OK BGD_logo_large-4.png
www.cirt.gov.bd/wp-content/uploads/2016/05/ 106 KB
107 KB 278ms
277ms Image
image/png 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cirt.gov.bd/wp-content/uploads/2016/05/BGD_logo_large-4.png
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: bd0bc3a50b2a560c0c63ca3e99df183d5f809828f935810eb6d6b91aa81de552

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:11 GMT
Last-Modified: Tue, 11 Jul 2017 11:32:37 GMT
Server: Apache
ETag: "1a94b-554090e6cbf40"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=90
Content-Length: 108875

GET
H2 200 portal-v2.html
c.sharethis.mgr.consensu.org/ Frame 89C9 0
0 46ms
14ms Document
text/html 2600:9000:2093:9a00:c:a9b7:ddc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.sharethis.mgr.consensu.org/portal-v2.html
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2093:9a00:c:a9b7:ddc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: c.sharethis.mgr.consensu.org
:scheme: https
:path: /portal-v2.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/

Response headers

status: 200
content-type: text/html; charset=utf-8
accept-ranges: bytes
content-encoding: gzip
last-modified: Thu, 01 Oct 2020 18:27:43 GMT
cache-control: max-age=3600, public
date: Wed, 21 Oct 2020 22:38:06 GMT
etag: W/"83a-174e56b8518"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 afb36b97df2ff6c76fed5bd6ee23619b.cloudfront.net (CloudFront)
x-amz-cf-pop: HAM50-C1
x-amz-cf-id: bkUoxfqpYTsJ0GESIfh_M_VPDQrqb15UHkqzXmkPniqVr05neW4eWg==
age: 2883

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
207 B 12ms
12ms XHR
text/plain 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j86&a=41936417&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cirt.gov.bd%2Fpossible-indicator-of-compromise-ioc-of-emotet-malware%2F&ul=en-us&de=UTF-8&dt=Indicator%20of%20compromise%20(IoC)%20of%20Emotet%20Malware%20%7C%20BGD%20e-GOV%20CIRT%20%7C%20Bangladesh%20e-Government%20Computer%20Incident%20Response%20Team&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1547292942&gjid=980969416&cid=1163030391.1603322770&tid=UA-159566226-1&_gid=1466400068.1603322770&_r=1&_slc=1&z=1751690080

Requested by

Host: google-analytics.com
URL: https://google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 21 Oct 2020 23:26:09 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: text/plain
access-control-allow-origin: https://www.cirt.gov.bd
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/T9w1ROdplctW2nVKvNJYXH8o/ 341 KB
134 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:81e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/T9w1ROdplctW2nVKvNJYXH8o/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LdXeIAUAAAAACK2iDAcZDt4paRpMAcUh0TtReFF&ver=3.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54f3aa37078dcd01911c9da1a5fd753b5834dde5acfd90c5bd55243bba87cf6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.cirt.gov.bd
Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 21 Oct 2020 22:55:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1864
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 136962
x-xss-protection: 0
last-modified: Mon, 12 Oct 2020 04:11:53 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 21 Oct 2021 22:55:05 GMT

GET
H/1.1 204
No Content pview Show response
l.sharethis.com/ 0
337 B 102ms
24ms XHR
text/plain 3.127.132.197
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://l.sharethis.com/pview?event=pview&hostname=www.cirt.gov.bd&location=%2Fpossible-indicator-of-compromise-ioc-of-emotet-malware%2F&product=ga&url=https%3A%2F%2Fwww.cirt.gov.bd%2Fpossible-indicator-of-compromise-ioc-of-emotet-malware%2F&source=sharethis.js&fcmp=false&fcmpv2=false&has_segmentio=false&title=Indicator%20of%20compromise%20(IoC)%20of%20Emotet%20Malware%20%7C%20BGD%20e-GOV%20CIRT%20%7C%20Bangladesh%20e-Government%20Computer%20Incident%20Response%20Team&cms=unknown&publisher=58ac347c82a5e50012746034&sop=true&bsamesite=true&consentDomain=.consensu.org&consent_duration=198&gdpr_domain=.consensu.org&gdpr_domain_v1=.consensu.org&version=st_sop.js&lang=en
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.132.197 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-132-197.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:09 GMT
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: https://www.cirt.gov.bd
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK graph1.json Show response
www.cirt.gov.bd/wp-content/uploads/graphs/ 136 B
410 B 296ms
278ms XHR
application/json 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/uploads/graphs/graph1.json
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/wp-content/themes/CIRT/Stats/d3.v3.min.js?ver=5.5.1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 6552fa2665d7c42619e64d82b24316ec87a2059e7509190dd91862031b828a14

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:11 GMT
Last-Modified: Wed, 21 Oct 2020 21:15:01 GMT
Server: Apache
ETag: "88-5b234d729913a"
Content-Type: application/json
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 136

GET
H/1.1 200
OK graph2.json Show response
www.cirt.gov.bd/wp-content/uploads/graphs/ 333 B
608 B 327ms
283ms XHR
application/json 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/uploads/graphs/graph2.json
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/wp-content/themes/CIRT/Stats/d3.v3.min.js?ver=5.5.1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 271a06f5a49d9aebd4f4fa6b07abc2fbfa736cd0899365e0de5e90e8ce386961

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:11 GMT
Last-Modified: Wed, 21 Oct 2020 21:15:01 GMT
Server: Apache
ETag: "14d-5b234d729913a"
Content-Type: application/json
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=92
Content-Length: 333

GET
H/1.1 200
OK graph3.json Show response
www.cirt.gov.bd/wp-content/uploads/graphs/ 405 B
680 B 342ms
285ms XHR
application/json 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/uploads/graphs/graph3.json
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: 8b6cad686b6ea2937cc6eada60b13b7cd220a57b79de1821dc1d600d2be0c94f

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:11 GMT
Last-Modified: Wed, 21 Oct 2020 21:15:01 GMT
Server: Apache
ETag: "195-5b234d729913a"
Content-Type: application/json
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 405

GET
H/1.1 200
OK graph4.json Show response
www.cirt.gov.bd/wp-content/uploads/graphs/ 9 KB
9 KB 360ms
276ms XHR
application/json 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/uploads/graphs/graph4.json
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: b11c9c33b7302284b5c7fd1d372c26941c7fc402cf4ee149820d36221e5c32f9

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:11 GMT
Last-Modified: Wed, 21 Oct 2020 21:15:01 GMT
Server: Apache
ETag: "2426-5b234d729a0da"
Content-Type: application/json
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 9254

GET
H/1.1 200
OK graph5.json Show response
www.cirt.gov.bd/wp-content/uploads/graphs/ 825 B
1 KB 470ms
273ms XHR
application/json 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/uploads/graphs/graph5.json
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: fb8ce130b6ee41a64e4a2ea1e79c5a02ccb11fdf8bb3908592cbe378a8f1c33d

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:11 GMT
Last-Modified: Wed, 21 Oct 2020 21:15:01 GMT
Server: Apache
ETag: "339-5b234d729a0da"
Content-Type: application/json
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=91
Content-Length: 825

GET
H/1.1 200
OK graph6.json Show response
www.cirt.gov.bd/wp-content/uploads/graphs/ 126 B
400 B 547ms
276ms XHR
application/json 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/uploads/graphs/graph6.json
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: d9464cbc3cf119cb760ddd755497dc1d06c50e522edde278475d77c6829c5536

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:11 GMT
Last-Modified: Wed, 21 Oct 2020 21:15:01 GMT
Server: Apache
ETag: "7e-5b234d729a0da"
Content-Type: application/json
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 126

GET
H2 200 anchor
www.google.com/recaptcha/api2/ Frame 3291 0
0 25ms
24ms Document
text/html 2a00:1450:4001:821::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdXeIAUAAAAACK2iDAcZDt4paRpMAcUh0TtReFF&co=aHR0cHM6Ly93d3cuY2lydC5nb3YuYmQ6NDQz&hl=en&v=T9w1ROdplctW2nVKvNJYXH8o&size=invisible&cb=r6dcf4o1syro

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/T9w1ROdplctW2nVKvNJYXH8o/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-rtuDrLm9J1dPHH9jK97H+A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LdXeIAUAAAAACK2iDAcZDt4paRpMAcUh0TtReFF&co=aHR0cHM6Ly93d3cuY2lydC5nb3YuYmQ6NDQz&hl=en&v=T9w1ROdplctW2nVKvNJYXH8o&size=invisible&cb=r6dcf4o1syro
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 21 Oct 2020 23:26:11 GMT
content-security-policy: script-src 'report-sample' 'nonce-rtuDrLm9J1dPHH9jK97H+A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 10316
server: GSE
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK graph4.json Show response
www.cirt.gov.bd/wp-content/uploads/graphs/ 9 KB
9 KB 289ms
274ms XHR
application/json 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/uploads/graphs/graph4.json
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/wp-content/themes/CIRT/Stats/d3.v3.min.js?ver=5.5.1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: b11c9c33b7302284b5c7fd1d372c26941c7fc402cf4ee149820d36221e5c32f9

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:11 GMT
Last-Modified: Wed, 21 Oct 2020 21:15:01 GMT
Server: Apache
ETag: "2426-5b234d729a0da"
Content-Type: application/json
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=90
Content-Length: 9254

GET
H/1.1 200
OK graph5.json Show response
www.cirt.gov.bd/wp-content/uploads/graphs/ 825 B
1 KB 278ms
276ms XHR
application/json 103.48.16.54
BCC-BD Bangladesh...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cirt.gov.bd/wp-content/uploads/graphs/graph5.json
Requested by: Host: www.cirt.gov.bd
URL: https://www.cirt.gov.bd/wp-content/themes/CIRT/Stats/d3.v3.min.js?ver=5.5.1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.48.16.54 , Bangladesh, ASN63932 (BCC-BD Bangladesh Computer Council, BD),
Reverse DNS
Software: Apache /
Resource Hash: fb8ce130b6ee41a64e4a2ea1e79c5a02ccb11fdf8bb3908592cbe378a8f1c33d

Request headers

Referer: https://www.cirt.gov.bd/possible-indicator-of-compromise-ioc-of-emotet-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 21 Oct 2020 23:26:11 GMT
Last-Modified: Wed, 21 Oct 2020 21:15:01 GMT
Server: Apache
ETag: "339-5b234d729a0da"
Content-Type: application/json
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=92
Content-Length: 825

Verdicts & Comments Add Verdict or Comment

119 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

buttons-config.sharethis.com
c.sharethis.mgr.consensu.org
fonts.googleapis.com
fonts.gstatic.com
google-analytics.com
l.sharethis.com
platform-api.sharethis.com
www.cirt.gov.bd
www.google-analytics.com
www.google.com
www.gstatic.com
103.48.16.54
2600:9000:2070:4c00:c:abe:f440:93a1
2600:9000:2070:a00:1c:8a07:5e80:93a1
2600:9000:2093:9a00:c:a9b7:ddc0:93a1
2a00:1450:4001:802::200a
2a00:1450:4001:808::2003
2a00:1450:4001:814::2004
2a00:1450:4001:81e::2003
2a00:1450:4001:821::2004
2a00:1450:4001:824::200e
3.127.132.197
01456ebf5b68e69d252a44b04dafb83f467ddd63fa20e23e855334cdf1e846ce
04695ff8223ec73fabb2e1a005398a743279ff5dd2e3bffa39923d12dd803794
0ce5a460ace775560c3344a43245687bdbec5cb8ee20d209ab9fa67f4e09a3e8
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
0e1076ec01481ada6dcbe8d22736b9c56cdfbd078620b589a60f5a11eee9152d
0e2d1fc9d66a3a696612f741dcba24e6c6fbdf72b7722f02dc8496c0f28401b6
125ec330f66081e7dc9f2814e9ec18f4e2d0baa1936d497375eedfda7ac12e5c
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
215e46442382af6784b854e56f70c527d0d205a367c58567c308d3c3fbe31cc2
23f964be5c2cb15c001004fcbc63258f543fe549137477fef976fc1ce7221e4a
271a06f5a49d9aebd4f4fa6b07abc2fbfa736cd0899365e0de5e90e8ce386961
282c86db3fc6cedcc79b172069ba09831ce0e6ba235d13bff382f57f0d3977ff
2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f
3179395361593c5afaf7f5d5c18b7c9c00ebabe5fa335d17f153ee39e2a4fe5e
34e35f893b634d5439db39f3c4f202ddc21aaf406e5724e8c118d513f086752f
43a4ae9da9120dc8fd0f23f7ad19b7392a19652c139e5b8d23bbbff7bfed6235
47e0af86bac1746d9f505d80d0252db1e8b5442ad274238e60f9e099ba1931b5
4c6cf0709b8e52572cae1fb57128acd0a5a453c9ce99dc3712a1860ff90c6bf8
527beb6c2c7fb7390156ab5c7e269b74994831e1cae8a54bec16e6165b908fc4
54f3aa37078dcd01911c9da1a5fd753b5834dde5acfd90c5bd55243bba87cf6d
5522930fbc9a4341051b08cb2614dc1e0ec2c8f5b7e4b464074cd1934dd4ebb4
5803ac00778699dfa69a5f4fed086bf5c29164864bdb5b2f36fe0e3cc98736fb
583911782bea31cb83e4a9d59c3c51531ee8a19b7211f77000363d14a7c6bed9
5a9adc540cc8d07389bf5d19a467e7f7133227c2a23ed90f6407c4b75f3022b8
5c994bba8159223a93b182c0ddcaefed7a33f7dab291db40d11899da3d018aae
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
6552fa2665d7c42619e64d82b24316ec87a2059e7509190dd91862031b828a14
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
7837e876f1eef549b3250b78380ec2df00ad6da4da6c27667424b1636854df3c
7e5efee0efab67664f43a04820573d1631e792052aeeedb3163b6d0579ec3e34
7edb9d3a11eb713aba55c4ba00f4c21a31a13f27fa829ba03ed1b01404226c25
8b6cad686b6ea2937cc6eada60b13b7cd220a57b79de1821dc1d600d2be0c94f
8bfa5e5c6ae405f1687c126b005a79819f548270587f7668fb37be5b9828c372
8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af
8cb438bd4d1961f80ade4f1a295ca7de253630adcdd10473932908e638908c5e
8cf272f71df4c1da72cc6cac3e29e1099160a69a96825a6491783b41ed68e217
8ddf7a68d3c48573feac92a05a2944580d0e2cda35c00ac37afe938ecf2e65a3
8f76d3bb023d40270f1f6c157bc8255252139e312ca50b75311486f7106e17ab
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
97842f23d8f587c3a81fbbf92fb7a9b2706da242afef75ce2e605c8463eef018
9915aa9d8f4c848b0190368f1f0d9eacc9a8511a3a55cc1e4f9f93bde77ea572
9ba8f9b4b7d5e1e4f8a5e5fa579f0d57dd9f487627ae88cd0f3c59d3c78d4d33
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a4088dbd5ae05ef25b50ae71d76c9dd70464744529a15d087babfd1ede1ba00f
a762ca217f7dc1d7eace1d35a067389856810b70e23487082f08bc01f54cdbd4
aa1ea22a122ab3cc6260cbbe7aa4eac2470596461b5dd24414d93cbb74d922f2
ab9762e7956a1497ec226045a282bc8f663bf1949733957d2cf4a9c5d2ff772b
aef711d1643073ab593de1d958ee854d6f63339cb216eda43666fb9dfcebffd0
b11c9c33b7302284b5c7fd1d372c26941c7fc402cf4ee149820d36221e5c32f9
b35458211222e1663db842be7af5e535d3bbeaf88c9b813e64745b0c64d0b613
b37a604b4add99725c3a9e6b0440fc4452f71139517e7d7deb452ed98499068c
b3f7951a492498d0cba9ae1928f8df7285390466c318184ae1de3943d2b33e3d
bd0bc3a50b2a560c0c63ca3e99df183d5f809828f935810eb6d6b91aa81de552
bd0c4882d7c1bddffc74aa8a9f513d39bd9d668b4e6de56d7f1b9c5345c97ffb
c8618ef3cfd97f8c1afac9d3efaa3af96d8d193acadd275c0317980d15d78849
c87c28298b79a0982e1ecc1b5a648f1e2d1c82c6447ddddfbc27f0c0c37402c0
ca435c33acbc343c9a3db08401ea0b95c724474a8deea44bb6cce17b005739a9
d1533a615c170f6e8dd1c1bb9013daa813998206f6f9e41051bb260c698ca680
d167c8471ed409718b02ccf62469d10342448ac6506a8d87afb4c66d9bdcdb3d
d24350e3a8c6e3963544189c3d0cfcd8c11e5dbac0de76aace83993b7d16dcf6
d455ab882af3a742e6c9680578e6a590681bda99e34847f550f1f41a7d167969
d69fa454cbc5cdf6f051f0ab25056d98b4b0351f7efc3ac6e0d5c49a0e33ea11
d709c96f081cc8d56d263d663672ae508345870e8150926e7226c7e27ad0a11a
d9464cbc3cf119cb760ddd755497dc1d06c50e522edde278475d77c6829c5536
df66761bba1d80b52f102275c5019f690b700c458d6fe9682980efce816db371
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee973a6809c66427826c61013e5f61886cf0d28f432735945b0dc734386d47e8
f08bac9f39bba953714ff6372cd33e9fd2cb63365826855cc27cca4ccf209d8e
f50b6020859d6ab7ea03795ce4072fe993163454a0ddad3497eb873d77bbfbca
fb8ce130b6ee41a64e4a2ea1e79c5a02ccb11fdf8bb3908592cbe378a8f1c33d
fbf8ab57db7f9981bd71d79c7daaa01a3c578ffa0aa8e9b4a9b2bfe2e9927427

www.cirt.gov.bd Open in urlscan Pro 103.48.16.54 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

80 Requests

100 %HTTPS

82 %IPv6

7 Domains

11 Subdomains

11 IPs

3 Countries

1411 kBTransfer

3934 kBSize

0 Cookies

22 Outgoing links

Redirected requests

80 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.cirt.gov.bd Open in urlscan Pro
103.48.16.54 Public Scan

Screenshot
Live screenshot

Full Image

80
Requests

100 %
HTTPS

82 %
IPv6

7
Domains

11
Subdomains

11
IPs

3
Countries

1411 kB
Transfer

3934 kB
Size

0
Cookies

80 HTTP transactions
0 data transactions