urlscan.io logo urlscan.io
SecurityTrails logo

blog.cystack.net Open in urlscan Pro
178.128.127.65  Public Scan

Go To Rescan Add Verdict Report
URL: https://blog.cystack.net/word-based-malware-attack/
Submission: On March 10 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 5 countries across 10 domains to perform 74 HTTP transactions. The main IP is 178.128.127.65, located in Singapore and belongs to DIGITALOCEAN-ASN, US. The main domain is blog.cystack.net.
TLS certificate: Issued by Let's Encrypt Authority X3 on February 19th 2020. Valid for: 3 months.
This is the only time blog.cystack.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

11    178.128.127.65 (Singapore)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: landing01.sin
blog.cystack.net
1    2a00:1450:4001:81d::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
19    2a00:1450:4001:819::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
lh4.googleusercontent.com
lh6.googleusercontent.com
18    2a00:1450:4001:824::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
lh3.googleusercontent.com
lh5.googleusercontent.com
1    2001:4de0:ac19::1:b:2b (Netherlands)

ASN20446 (HIGHWINDS3, US)
code.jquery.com
4    2606:4700::6811:4104 (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
2    2a00:1450:4001:81d::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)
connect.facebook.net
5    151.101.112.134 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
cystack.disqus.com
referrer.disqus.com
4    2606:4700::6810:50a6 (United States)

ASN13335 (CLOUDFLARENET, US)
c.disquscdn.com
2    151.101.64.134 (United States)

ASN54113 (FASTLY, US)
disqus.com
3    151.101.12.64 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
tempest.services.disqus.com
links.services.disqus.com
2    2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)
www.facebook.com
Domain Requested by
11 lh3.googleusercontent.com blog.cystack.net
11 blog.cystack.net blog.cystack.net
10 lh6.googleusercontent.com blog.cystack.net
9 lh4.googleusercontent.com blog.cystack.net
7 lh5.googleusercontent.com blog.cystack.net
4 referrer.disqus.com blog.cystack.net
4 c.disquscdn.com cystack.disqus.com
4 cdnjs.cloudflare.com blog.cystack.net
2 www.facebook.com blog.cystack.net
connect.facebook.net
2 tempest.services.disqus.com cystack.disqus.com
2 disqus.com cystack.disqus.com
2 connect.facebook.net blog.cystack.net
connect.facebook.net
2 www.google-analytics.com www.googletagmanager.com
blog.cystack.net
1 links.services.disqus.com c.disquscdn.com
1 cystack.disqus.com blog.cystack.net
1 code.jquery.com blog.cystack.net
1 www.googletagmanager.com blog.cystack.net
74 17
Subject Issuer Validity Valid
blog.cystack.net
Let's Encrypt Authority X3		 2020-02-19 -
2020-05-19		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-02-12 -
2020-05-06		 3 months crt.sh
*.googleusercontent.com
GTS CA 1O1		 2020-02-12 -
2020-05-06		 3 months crt.sh
jquery.org
COMODO RSA Domain Validation Secure Server CA		 2018-10-17 -
2020-10-16		 2 years crt.sh
ssl412106.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-12-05 -
2020-06-12		 6 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2020-01-16 -
2020-04-15		 3 months crt.sh
*.disqus.com
DigiCert SHA2 Secure Server CA		 2018-03-28 -
2020-04-27		 2 years crt.sh
ssl565697.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2020-02-02 -
2020-08-10		 6 months crt.sh
f.ssl.fastly.net
GlobalSign Organization Validation CA - SHA256 - G2		 2018-08-30 -
2020-12-02		 2 years crt.sh

This page contains 4 frames:

Primary Page: https://blog.cystack.net/word-based-malware-attack/
Frame ID: DA10892DC6C2695D6E6C3957183ABF57
Requests: 71 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=cystack&t_i=ghost-5c5296a25879070609443974&t_u=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&t_d=Word-based%20Malware%20Attack&t_t=Word-based%20Malware%20Attack&s_o=default
Frame ID: 271B6D2D9EC1350AFC1E534D68639A43
Requests: 1 HTTP requests in this frame

Frame: https://tempest.services.disqus.com/ads-iframe/google/?position=top&shortname=cystack&experiment=network_default&variant=fallthrough&service=dynamic&anchorColor=%2326a8ed&colorScheme=light&sourceUrl=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&typeface=sans-serif&canonicalUrl=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&disqus_version=a208fc5
Frame ID: 30DBF74331EA6A2425211B352B11C47A
Requests: 1 HTTP requests in this frame

Frame: https://tempest.services.disqus.com/ads-iframe/google/?position=bottom&shortname=cystack&experiment=network_default&variant=fallthrough&service=dynamic&anchorColor=%2326a8ed&colorScheme=light&sourceUrl=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&typeface=sans-serif&canonicalUrl=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&disqus_version=a208fc5
Frame ID: 57A9FCD77B1AA2D3EBC3CC076F1A096D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • meta generator /Ghost(?:\s([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • meta generator /Ghost(?:\s([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /Ubuntu/i
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

74
Requests

100 %
HTTPS

69 %
IPv6

10
Domains

17
Subdomains

13
IPs

5
Countries

2713 kB
Transfer

3173 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

74 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
blog.cystack.net/word-based-malware-attack/ 		43 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.128.127.65 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
landing01.sin
Software
nginx/1.14.0 (Ubuntu) / Express
Resource Hash
1bdf4a9eadc00a6a38b96ee006ca7d1ad50753391b0798f23d66bd64d2d26f21
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

:method
GET
:authority
blog.cystack.net
:scheme
https
:path
/word-based-malware-attack/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
document
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document

Response headers

status
200
server
nginx/1.14.0 (Ubuntu)
date
Tue, 10 Mar 2020 22:08:07 GMT
content-type
text/html; charset=utf-8
x-powered-by
Express
cache-control
public, max-age=0
etag
W/"abe9-bXkzvZEAZND1wV4ZJcQ/gkhzy0Q"
vary
Accept-Encoding
content-encoding
gzip
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
screen.css
blog.cystack.net/assets/built/ 		50 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.cystack.net/assets/built/screen.css?v=343448b432
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.128.127.65 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
landing01.sin
Software
nginx/1.14.0 (Ubuntu) / Express
Resource Hash
23bb080ce82285887825b931f109c847a81bbd7ac6c2397ccfdf3ddd5db577c6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Tue, 10 Mar 2020 22:08:07 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
server
nginx/1.14.0 (Ubuntu)
x-powered-by
Express
etag
W/"c6f7-7438674ba0"
x-frame-options
SAMEORIGIN
content-type
text/css; charset=UTF-8
status
200
cache-control
public, max-age=31536000
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes
x-content-type-options
nosniff
js
www.googletagmanager.com/gtag/ 		75 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-112171664-3
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
73fe8aed3d94fa4dbb267f13a0ce8f612ebed4b3057217127aa3dd2d482c8aab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 10 Mar 2020 22:08:07 GMT
content-encoding
br
status
200
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
28488
x-xss-protection
0
last-modified
Tue, 10 Mar 2020 21:00:23 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 10 Mar 2020 22:08:07 GMT
logo-white--1-.png
blog.cystack.net/content/images/2018/08/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.cystack.net/content/images/2018/08/logo-white--1-.png
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.128.127.65 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
landing01.sin
Software
nginx/1.14.0 (Ubuntu) / Express
Resource Hash
40420c474f8b6a5c4d07b6d9e9388f8d8599a406351655657d6a1d038ba742de
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:07 GMT
x-content-type-options
nosniff
last-modified
Wed, 29 Aug 2018 07:58:04 GMT
server
nginx/1.14.0 (Ubuntu)
x-powered-by
Express
etag
W/"21d6-16584b07ef1"
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
cache-control
public, max-age=31536000
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes
content-length
8662
ava.png
blog.cystack.net/content/images/size/w100/2019/02/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.cystack.net/content/images/size/w100/2019/02/ava.png
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.128.127.65 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
landing01.sin
Software
nginx/1.14.0 (Ubuntu) / Express
Resource Hash
4f3f0f99ace14dbfbf248037f656a4db80fd81bfb95934ab5df43562d9032bce
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:07 GMT
x-content-type-options
nosniff
last-modified
Fri, 15 Mar 2019 08:18:18 GMT
server
nginx/1.14.0 (Ubuntu)
x-powered-by
Express
etag
W/"1f2a-169806e2d94"
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
cache-control
public, max-age=31536000
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes
content-length
7978
malware-word-01.png
blog.cystack.net/content/images/size/w2000/2019/02/ 		114 KB
115 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.cystack.net/content/images/size/w2000/2019/02/malware-word-01.png
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.128.127.65 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
landing01.sin
Software
nginx/1.14.0 (Ubuntu) / Express
Resource Hash
c4f7874b308c98d3b0e9f367dba84019160a2f49da9b58b73895d208c0637ec3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:07 GMT
x-content-type-options
nosniff
last-modified
Fri, 15 Mar 2019 08:30:02 GMT
server
nginx/1.14.0 (Ubuntu)
x-powered-by
Express
etag
W/"1c881-1698078ebc5"
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
cache-control
public, max-age=31536000
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes
content-length
116865
bjugOf6LWhDm9aEGsttxKLmv_U4SnxicHJDgkTH4KxFLKFjl6JIM_9Cu8Obzoiut9FKN6OYkvSCmwJtwX5tVOQTRcEf3zUpgB9S7p2C6LopZcBSYtcI3GkqqycUkmNdrU5T2Bzn5
lh4.googleusercontent.com/ 		169 KB
169 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh4.googleusercontent.com/bjugOf6LWhDm9aEGsttxKLmv_U4SnxicHJDgkTH4KxFLKFjl6JIM_9Cu8Obzoiut9FKN6OYkvSCmwJtwX5tVOQTRcEf3zUpgB9S7p2C6LopZcBSYtcI3GkqqycUkmNdrU5T2Bzn5
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
938139f3b4d920432ab670785f526de90ba19653395b94bb737ecbd7fe1108bd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="8.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
172686
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
infection_chain_pic2.png
blog.cystack.net/content/images/2019/02/ 		307 KB
308 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.cystack.net/content/images/2019/02/infection_chain_pic2.png
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.128.127.65 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
landing01.sin
Software
nginx/1.14.0 (Ubuntu) / Express
Resource Hash
c2918bbe8f1e0d6961f86e9360dbd23cf788c67e5d515a7a7097ec37b4171d8b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:07 GMT
x-content-type-options
nosniff
last-modified
Sat, 02 Feb 2019 08:42:35 GMT
server
nginx/1.14.0 (Ubuntu)
x-powered-by
Express
etag
W/"4cbbe-168ad5faf34"
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
cache-control
public, max-age=31536000
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes
content-length
314302
qE9RjZ8Ow7z4hTIX4td0RnUvvs4ul2IC0hIMCuv4p6ztx2yfIuBBgs6NPn0fhTySG6_3PAe2sxc_k_oI4CWgK5w2ONWLWPiV_o-42p8ZwNVRv56HHWKcvD5pMXNhlYAXwE8DobWk
lh3.googleusercontent.com/ 		132 KB
132 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/qE9RjZ8Ow7z4hTIX4td0RnUvvs4ul2IC0hIMCuv4p6ztx2yfIuBBgs6NPn0fhTySG6_3PAe2sxc_k_oI4CWgK5w2ONWLWPiV_o-42p8ZwNVRv56HHWKcvD5pMXNhlYAXwE8DobWk
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
c99572f523c993dd04fbb421e353de057643e6680a35ec3bf9e06bbfd01aa229
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="9.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
135510
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
3LXoPXvsxryWp8HgzOg5YHCcqlFVixr0nB2agLZRi8mDp1gC8x52p3lKCj6ZKLRkC41PsGVey2jbhpV5wCcAVenhlyx5rvlWTbQrfW_t6ZEyVqt9djeGuOJxlnU1up9WNQkeCsqC
lh5.googleusercontent.com/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh5.googleusercontent.com/3LXoPXvsxryWp8HgzOg5YHCcqlFVixr0nB2agLZRi8mDp1gC8x52p3lKCj6ZKLRkC41PsGVey2jbhpV5wCcAVenhlyx5rvlWTbQrfW_t6ZEyVqt9djeGuOJxlnU1up9WNQkeCsqC
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
a0a44ca26b92de8577563146da0a012f52a4ff838dfaf90122d6f151cffd4249
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
6607
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
6g2Ciu3llMq-qfquKvrP2_WsMR7uUvmkQjuSbqBgNu3K5frv84FTCzCBe8jGzdjE4qlQP_kN57Th03pmTn2t9XfpGQ1R2kzAKHOSKG_ZwkLj86x2gTcXQXaka6S2N7V4SpQRyqqA
lh6.googleusercontent.com/ 		146 KB
146 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh6.googleusercontent.com/6g2Ciu3llMq-qfquKvrP2_WsMR7uUvmkQjuSbqBgNu3K5frv84FTCzCBe8jGzdjE4qlQP_kN57Th03pmTn2t9XfpGQ1R2kzAKHOSKG_ZwkLj86x2gTcXQXaka6S2N7V4SpQRyqqA
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
ea86f195eb330d67a0d57207032752d3bbf83a938f73fafdd6ee363e51fc1896
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="1.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
149254
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
wi6m9XV2w27E6wA95-afQMMOafVoIRxlpdp5-OSsyLFG4Z4bmzZI4bGUMxJM0Kv89xIlf6uPpsMtHdTWxE7xc-_7BVXosi5jmC0GF45-IlkBfBHqODBN0ra-kmuaKCzOlaYxvtKp
lh4.googleusercontent.com/ 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh4.googleusercontent.com/wi6m9XV2w27E6wA95-afQMMOafVoIRxlpdp5-OSsyLFG4Z4bmzZI4bGUMxJM0Kv89xIlf6uPpsMtHdTWxE7xc-_7BVXosi5jmC0GF45-IlkBfBHqODBN0ra-kmuaKCzOlaYxvtKp
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
b1b58b45a69e563772cb1805fdbe7cd23152ec51168aaa1dc8237dd83d2e992e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="4.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
23776
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
odk0iGxVj7x6USHYSsjYi8eXDa6XWb5QIwy2ypPgOTVWfMFHSDMxAXS8oIoLgv4hUV1ePm0xMWHWXq7kmV72ayYzyYOffEcg-mJjoQPMb_JRWWVIazo_nz7H4UG4v1ibXpU2vqeG
lh3.googleusercontent.com/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/odk0iGxVj7x6USHYSsjYi8eXDa6XWb5QIwy2ypPgOTVWfMFHSDMxAXS8oIoLgv4hUV1ePm0xMWHWXq7kmV72ayYzyYOffEcg-mJjoQPMb_JRWWVIazo_nz7H4UG4v1ibXpU2vqeG
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
e0eed0c25b9615705bf2647ea5dc193c022c9f80d3ee38550323bbdafbaddada
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
4580
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
AROVH4S2j7lWd-w-c2oA27Di5VJENHUtv7-521B01s09JxIiczMbf_QCs0WG6uVFh03EilBAAXRUSNR_PpyqKVYOppOC24o7tbHzm52NiFdcGnMBgNvCFtsxWuRAQPPGAGl0o0gY
lh5.googleusercontent.com/ 		68 KB
68 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh5.googleusercontent.com/AROVH4S2j7lWd-w-c2oA27Di5VJENHUtv7-521B01s09JxIiczMbf_QCs0WG6uVFh03EilBAAXRUSNR_PpyqKVYOppOC24o7tbHzm52NiFdcGnMBgNvCFtsxWuRAQPPGAGl0o0gY
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
c796e95334e19f80dc7c76bf6f5e28c53df3f1e62b64402c479c011a41e98757
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="3.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
69311
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
bYxcneqTHR3CnDj1mbpPUNzvWNM3nnSrmr-Jufg9IbCP_OHNIynDi1Z2NAJdeBGoN_0TGzcrCfXEumqDwW_Xs4UdggdbRkqJVIwb6DGIrjJMtUDynhfJdUAVEaEpkGfCCnkgIId5
lh5.googleusercontent.com/ 		57 KB
57 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh5.googleusercontent.com/bYxcneqTHR3CnDj1mbpPUNzvWNM3nnSrmr-Jufg9IbCP_OHNIynDi1Z2NAJdeBGoN_0TGzcrCfXEumqDwW_Xs4UdggdbRkqJVIwb6DGIrjJMtUDynhfJdUAVEaEpkGfCCnkgIId5
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
ee8e2c4dceb1fd84acb13db8d7f1c20b808178b671ec18bb14217219400b5a72
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="11.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
58184
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
-GK6TRqpBCnvN8a6uU5u5tnD9TEL1ti5EDPSNXDQEbXoQTT2JqEQXdm0vn5Mx7M96M2Cd-dNv2ate8zdx2FlwyRO3C57ppcR94jp4i_l8j3iQSOW1TC1KxfVRAaSJeDxxIK86gy3
lh4.googleusercontent.com/ 		39 KB
39 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh4.googleusercontent.com/-GK6TRqpBCnvN8a6uU5u5tnD9TEL1ti5EDPSNXDQEbXoQTT2JqEQXdm0vn5Mx7M96M2Cd-dNv2ate8zdx2FlwyRO3C57ppcR94jp4i_l8j3iQSOW1TC1KxfVRAaSJeDxxIK86gy3
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
3e019c3140635b583629c6aad4e6fb1e1950efb8823fc11157c638ec7766aa69
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
39938
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
P9v1TEt2YFKXf42yncUzqe7FLZkbZJtVnkqVXm6O-xg5FbIFFFp9vdXA5aaZ_3V5mQr7Q9BN4qR9PkJpW-zEeiCYLnr-CR2FWiptqBk6DlUFCi27nhN-CZr5QI3T1j8NICqiguGf
lh5.googleusercontent.com/ 		36 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh5.googleusercontent.com/P9v1TEt2YFKXf42yncUzqe7FLZkbZJtVnkqVXm6O-xg5FbIFFFp9vdXA5aaZ_3V5mQr7Q9BN4qR9PkJpW-zEeiCYLnr-CR2FWiptqBk6DlUFCi27nhN-CZr5QI3T1j8NICqiguGf
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
d9978f58741d65379a6c71fdd1ffc7d0ccbddf7dbdbb3aa75ca169987ed61979
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
36439
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
RTUBktEw1eQqKDBQLPxFGDpEN4mfUeIJTe-ocYiFlMCv8p7jS-OQY3iXhEcHFWdl3hVjKE-nDitqXRMIPTAGimReJB5--N97KKz_ZcjGo7F89IIAhkcX6hDP1aoFUNs_2m1bJ_Rs
lh6.googleusercontent.com/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh6.googleusercontent.com/RTUBktEw1eQqKDBQLPxFGDpEN4mfUeIJTe-ocYiFlMCv8p7jS-OQY3iXhEcHFWdl3hVjKE-nDitqXRMIPTAGimReJB5--N97KKz_ZcjGo7F89IIAhkcX6hDP1aoFUNs_2m1bJ_Rs
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
aad9c4fa6c3fc41ddfa51d2316aafaf70d98036dc60f5b1da9fbf36108d31549
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
5841
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
dINjNSUM7JjJ5GGtv1sh8-sgD430zZ19iZyXceKafMkkxJtnUXd68ZI0L6lxCOSkSfqpetFUwZ9Onz7Xa_BSHuxMcY6aqEB1utD6vyIo2eafah6L0RKtbhf6x5fsxx-3Sweg7Nfj
lh6.googleusercontent.com/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh6.googleusercontent.com/dINjNSUM7JjJ5GGtv1sh8-sgD430zZ19iZyXceKafMkkxJtnUXd68ZI0L6lxCOSkSfqpetFUwZ9Onz7Xa_BSHuxMcY6aqEB1utD6vyIo2eafah6L0RKtbhf6x5fsxx-3Sweg7Nfj
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
8fa4260bcea0b3bbd7dc6cd2eb6ca96f23e5509719f54a7d9092771217ca46f7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
19970
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
2tMGMeWhLnMLOfnMHJhu8LWP5HRa_MivlsZjGetZ4BGptJRXB61jMWiLef3CXnzhURNv1uQF4bDmyEigQHoUH2AuMTdGJ5l2NaQsqurUGgUzqnaKJZ1pyYpOpAth4bo5FjbRJfWl
lh3.googleusercontent.com/ 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/2tMGMeWhLnMLOfnMHJhu8LWP5HRa_MivlsZjGetZ4BGptJRXB61jMWiLef3CXnzhURNv1uQF4bDmyEigQHoUH2AuMTdGJ5l2NaQsqurUGgUzqnaKJZ1pyYpOpAth4bo5FjbRJfWl
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
d0fa9011ce2968202d0aeb67378e0068e701d94aed086209ee8a88cc247c863b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
23082
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
-fOUAoG_SNam8fWHlE_AAO1paCD5VEBMizIETgmx1n3uI0qjLNkiarF09ijoWBxvOPAkviOpjMI-jnLQ5WnB5EN1Q6psZmq3iqkjki_c5jz5j8tM7HV6EZfn6rRKDD_lHWvxakdT
lh6.googleusercontent.com/ 		27 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh6.googleusercontent.com/-fOUAoG_SNam8fWHlE_AAO1paCD5VEBMizIETgmx1n3uI0qjLNkiarF09ijoWBxvOPAkviOpjMI-jnLQ5WnB5EN1Q6psZmq3iqkjki_c5jz5j8tM7HV6EZfn6rRKDD_lHWvxakdT
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
b125fd5e2ef4a5920cb79d360f8bd46b5c82e74854928b28dcd1f738744ed63f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
27488
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
taSoklsXd17pvMViVjyt5_c6bl2a4lGLrbxVDIyigL-0Oxy_oj45R0aZUtS518VGl7FCGYlzEec7n8OjwL8IGxLpPHdmWC-Ll2Ipitbt-YZoxxtpAxQ3aHVd3xmRcD5IDU0S7r5R
lh3.googleusercontent.com/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/taSoklsXd17pvMViVjyt5_c6bl2a4lGLrbxVDIyigL-0Oxy_oj45R0aZUtS518VGl7FCGYlzEec7n8OjwL8IGxLpPHdmWC-Ll2Ipitbt-YZoxxtpAxQ3aHVd3xmRcD5IDU0S7r5R
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
3eaca3da027bffb2646ae481fd839f0d99a8c31ef3bb52386e33dca76c7e8a58
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
15347
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
JfQ68zWfEltp2XW_zFY1-0oV7aLvQVfdQcmclyLA_Pysra6Wv9h1STxbm4mBbQNCoMPbsaxbXCtF33YXe8VDDlYBXLma-j6I715Fex9JF5I5jn71UqETOR8YX65xYqDfaXzZbXw1
lh6.googleusercontent.com/ 		33 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh6.googleusercontent.com/JfQ68zWfEltp2XW_zFY1-0oV7aLvQVfdQcmclyLA_Pysra6Wv9h1STxbm4mBbQNCoMPbsaxbXCtF33YXe8VDDlYBXLma-j6I715Fex9JF5I5jn71UqETOR8YX65xYqDfaXzZbXw1
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
e568faaf457c89cdafecc62211edf4c7021d99fb00f12c06ab8b3c236792aec3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
33591
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
EFTwXK4SXO3ILaf-DwssDZdfBsILQfWwiRntWLGc-emPy3zsz_770Bq_HnzHruxH3x5MWaozCDpwCqErKxkLKPSnffpOUq5c00t1AALBRTmasJ7MndX7KgYqaFQRmUFRGN-cgFtU
lh3.googleusercontent.com/ 		40 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/EFTwXK4SXO3ILaf-DwssDZdfBsILQfWwiRntWLGc-emPy3zsz_770Bq_HnzHruxH3x5MWaozCDpwCqErKxkLKPSnffpOUq5c00t1AALBRTmasJ7MndX7KgYqaFQRmUFRGN-cgFtU
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
b1c16b3fa4d0c97a6af39b31f450020119e5d47f68f283199646c476f508a2de
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
41260
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
qQSUjgmVAN-217ZZyLppvf_WX6gPnIAz98lh8Fm4K0vY6kGV1i8rY62yV4uj07A15PlTraHv3u5Cg-QArDSVLyX4ViC9_VGnCF9P_XkVy5VkdX9HB2jnnpBUIjSsIOJfyxoCzTLW
lh4.googleusercontent.com/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh4.googleusercontent.com/qQSUjgmVAN-217ZZyLppvf_WX6gPnIAz98lh8Fm4K0vY6kGV1i8rY62yV4uj07A15PlTraHv3u5Cg-QArDSVLyX4ViC9_VGnCF9P_XkVy5VkdX9HB2jnnpBUIjSsIOJfyxoCzTLW
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
a37f9ff9a75b94d37e3b29507ac7f7fd9470205c046d265945d1941d5a42413d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
14134
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
quH2_AuoPE__Zpr2qKFsV1uoElKmSjkqFwPX9yGdffFO1jOBaXyvIeKUIFCfvwHwdKMfj0yXSR9WjGWwF4VqwCRgGt9FVX6FwtbPu-9K0vXjOPKBCQo2Yf9b1v4VFb7qmvfyCnfZ
lh3.googleusercontent.com/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/quH2_AuoPE__Zpr2qKFsV1uoElKmSjkqFwPX9yGdffFO1jOBaXyvIeKUIFCfvwHwdKMfj0yXSR9WjGWwF4VqwCRgGt9FVX6FwtbPu-9K0vXjOPKBCQo2Yf9b1v4VFb7qmvfyCnfZ
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
cf4e326031153798b54ee4553c64b0f73efa63c35e85317cd202ab7312564f1c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
13057
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
OnrWwVXZmtypWuID-Sv7EEurwyNd53oXayAyJeRm7MYymu7NplGJVQ6HN2_UVpP0HFohLiFfK1mD4EL1BJJzQk9HKv7s7NhmZwi3M-wLmT3PvQiPzE0QXclJaZg7u7t_GFMj53mm
lh3.googleusercontent.com/ 		34 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/OnrWwVXZmtypWuID-Sv7EEurwyNd53oXayAyJeRm7MYymu7NplGJVQ6HN2_UVpP0HFohLiFfK1mD4EL1BJJzQk9HKv7s7NhmZwi3M-wLmT3PvQiPzE0QXclJaZg7u7t_GFMj53mm
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
d83e70d6f5c3b6c343773c270f701e72cb0ff8851dfd32dab185a023c027ad8d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
35222
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
agKpp7ebYkt4oEH28uPSbqrQqvW43eGXazrMuMdbb8Ou3o6WXjPFy1zrpIPcNLT27OtZglZ6QYEOi6wLKQ5_vy5G1cfiWYjlwzfup14zCgzMRat8GSgE87ClJCw3qL22DVLJ2kjx
lh3.googleusercontent.com/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/agKpp7ebYkt4oEH28uPSbqrQqvW43eGXazrMuMdbb8Ou3o6WXjPFy1zrpIPcNLT27OtZglZ6QYEOi6wLKQ5_vy5G1cfiWYjlwzfup14zCgzMRat8GSgE87ClJCw3qL22DVLJ2kjx
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
0a23f51e0d0b4d8001000a7a2760ececf4c134a90a24133ac6a750b67eec115e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
1646
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
2UG6Sc0mibclUGdEBcxliMzEvRtB4HLB0cjlDbu0m08HJnAJlx_rt1ivI_bQgiksVtJRV3JX4y-tND07JrhchFmZLN5kVGpfpP7V7YtqF7lL_2z3tuxTulGQvtbO6tlkvI80W0_3
lh6.googleusercontent.com/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh6.googleusercontent.com/2UG6Sc0mibclUGdEBcxliMzEvRtB4HLB0cjlDbu0m08HJnAJlx_rt1ivI_bQgiksVtJRV3JX4y-tND07JrhchFmZLN5kVGpfpP7V7YtqF7lL_2z3tuxTulGQvtbO6tlkvI80W0_3
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
94b37b65d19a1a4563f974dff288547db10b35c942c9368833b030cccbe70c62
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
18553
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
e82IjjoQJUUrFfSxoB1ZsdGcdCDpVWfTJsiHc8WXig-zWbU9_UvnARL5k9yUG0jwLyzFifnHLj63xdEkAXiHnV8fkPLD23x19nc0hb5kAz8cWyevY4uwRQwxvUHv4ixMDPYW4tYs
lh4.googleusercontent.com/ 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh4.googleusercontent.com/e82IjjoQJUUrFfSxoB1ZsdGcdCDpVWfTJsiHc8WXig-zWbU9_UvnARL5k9yUG0jwLyzFifnHLj63xdEkAXiHnV8fkPLD23x19nc0hb5kAz8cWyevY4uwRQwxvUHv4ixMDPYW4tYs
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
f0080c23d89928398f69159ed0afa9695d2f2d0a293c72d3918161a02216bc60
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
29669
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
nJC6S5-Hby1rpQsTTZykrsij-qjDp4ZyMC25R9RaAE9UGDYChYpTMAzB9Jbft76VhmlVVo4J7ldkghvusGb4l0OmIsFdCuCyrL24DvPOx4Avix4xgfyu4cACtFfZiUj-mEsDXKHg
lh6.googleusercontent.com/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh6.googleusercontent.com/nJC6S5-Hby1rpQsTTZykrsij-qjDp4ZyMC25R9RaAE9UGDYChYpTMAzB9Jbft76VhmlVVo4J7ldkghvusGb4l0OmIsFdCuCyrL24DvPOx4Avix4xgfyu4cACtFfZiUj-mEsDXKHg
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
291fce3a90ca3660e038df66bc9e793f7293e36388f9e02b3ca9eafb6066644c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
21395
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
MwZ7_F45Hp4aI_Ts8U0FGSz4KYC2YGfoWRHe0RrpEl1adQLLPMdUlX179t1Ll6RJmnr1LxdrAuJV_ZvYqEnYZ2I_05Cp7O9Vei8SNa1XFTe_HgcKckAEjRlreWImrKTJbn3W_HsW
lh3.googleusercontent.com/ 		58 KB
58 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/MwZ7_F45Hp4aI_Ts8U0FGSz4KYC2YGfoWRHe0RrpEl1adQLLPMdUlX179t1Ll6RJmnr1LxdrAuJV_ZvYqEnYZ2I_05Cp7O9Vei8SNa1XFTe_HgcKckAEjRlreWImrKTJbn3W_HsW
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
b973dbacba46f18beb721090307dca0b87b3e133798f2ff897add4252ce519f8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
59035
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
Q8Gno3gV2vNNJqDGRzB1Z1Vddltcq1XzQWz0oA_H-05jbc2XSpYTZLCi9CWJ6dZ0doxvX-dN41Oq4MfcUQwXz1jBqSTPsk09XHroe1ot4-TIQAA8YxX8nYsyPdeNkXeVTJoax6ib
lh3.googleusercontent.com/ 		29 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/Q8Gno3gV2vNNJqDGRzB1Z1Vddltcq1XzQWz0oA_H-05jbc2XSpYTZLCi9CWJ6dZ0doxvX-dN41Oq4MfcUQwXz1jBqSTPsk09XHroe1ot4-TIQAA8YxX8nYsyPdeNkXeVTJoax6ib
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
1180832ce8d99e590e178aa5dfcef5b5ad4226b48ed2c3252c3cc508b2779701
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
30140
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
XZoiyctNfdBJ8Z1Fh8P5alhhyD_pfdZVJnzrS-XAaPHbybwafx_ZV5VbCl0HmwZyGmCs7Qbp8XTvseZDFIEI_wiGLPw5fKm-31whqiTh5Cm1ujOnOBzxbQ6xz_UZGlGLepnN7-6m
lh5.googleusercontent.com/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh5.googleusercontent.com/XZoiyctNfdBJ8Z1Fh8P5alhhyD_pfdZVJnzrS-XAaPHbybwafx_ZV5VbCl0HmwZyGmCs7Qbp8XTvseZDFIEI_wiGLPw5fKm-31whqiTh5Cm1ujOnOBzxbQ6xz_UZGlGLepnN7-6m
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
a1024a4adea9d77130531d37c7f965a358f774b8ad4b9b93602e389a37e9ee3b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
21041
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
hNj7KtUzZ2HQb8-KXzkV8OYSL13i5F1FjBn4vm-DVVB11s1nL_-WGiFoLv5OC9lAODdTb7UH1Cb3y3yA_Fa7ZrniMAj5X5UgEsQOv4dRU0_PKikfW3XhsD-LZgIY0ZT02a19TTKP
lh5.googleusercontent.com/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh5.googleusercontent.com/hNj7KtUzZ2HQb8-KXzkV8OYSL13i5F1FjBn4vm-DVVB11s1nL_-WGiFoLv5OC9lAODdTb7UH1Cb3y3yA_Fa7ZrniMAj5X5UgEsQOv4dRU0_PKikfW3XhsD-LZgIY0ZT02a19TTKP
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
d6bd5df49f177bef434a1c200f67fe3e4c66c43629e75b127d3bcb52d877eb42
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
13728
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
ZDaFWvO3zLu1_rpBGrrmfosHjQo6TEFIKCtbMyrF9AqP2iTj1nVtrMMkdtSELxYxqL6tMekrW0IoJyTvyNKXECmxWDcjt4rs_aWXZzkkgB1lalREHOt0UAR47nShXm8tdFOMBf_L
lh6.googleusercontent.com/ 		58 KB
58 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh6.googleusercontent.com/ZDaFWvO3zLu1_rpBGrrmfosHjQo6TEFIKCtbMyrF9AqP2iTj1nVtrMMkdtSELxYxqL6tMekrW0IoJyTvyNKXECmxWDcjt4rs_aWXZzkkgB1lalREHOt0UAR47nShXm8tdFOMBf_L
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
bdd643791f0267d93eb3ae59daf6ab30d86348df1e182f34d192d34dd7e2bcb8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
59144
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
wLAHbQ6HgE2o3q17WB3m4LxeofGGfkKbdY6agLj_s4MU6OD5MTUrWbsksk3ndMULiXus8ELSKrKh75zoJXW3ZuNFhxnjwkTFgiryoQqXxUzBTILdrjoo9sbEUnevicL216eYNYyB
lh3.googleusercontent.com/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh3.googleusercontent.com/wLAHbQ6HgE2o3q17WB3m4LxeofGGfkKbdY6agLj_s4MU6OD5MTUrWbsksk3ndMULiXus8ELSKrKh75zoJXW3ZuNFhxnjwkTFgiryoQqXxUzBTILdrjoo9sbEUnevicL216eYNYyB
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
f836c3444dcebc2a7fafc18634dc0c5e5186517f0dfbeac03e3277edf4f5c921
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
5842
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
JBlNmcYleKE1dFWLTifErYoyXXUnbvA-LuUkoqyMhb8NcUB2P4DuqQLZNW6v_eZBMImVNKX-aoN-rMW28YszpGIhtlYolaTAvpnqWUO6Ts1-_qcwjqHtxE-wabFGjuMQ5mIqYWmk
lh6.googleusercontent.com/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh6.googleusercontent.com/JBlNmcYleKE1dFWLTifErYoyXXUnbvA-LuUkoqyMhb8NcUB2P4DuqQLZNW6v_eZBMImVNKX-aoN-rMW28YszpGIhtlYolaTAvpnqWUO6Ts1-_qcwjqHtxE-wabFGjuMQ5mIqYWmk
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
7f0bb7c26d61cc5feb0a0bdc1b8347b139e2cf507ccfc9329c19cc4fc600ffa9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:09 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
9790
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:09 GMT
AcTpugqLQlOkbaPDTsfUz9Qmil9Ob7r8x0YqRwHayC30GC-lt2sgMeCH1uCvMiOV59LATgwIP1qLv6YQsSevRcqx7i9JRRn-enwxbfYCsB5UdO4-SLUPssU9wVzdhTjvqxnS2Gct
lh6.googleusercontent.com/ 		57 KB
57 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh6.googleusercontent.com/AcTpugqLQlOkbaPDTsfUz9Qmil9Ob7r8x0YqRwHayC30GC-lt2sgMeCH1uCvMiOV59LATgwIP1qLv6YQsSevRcqx7i9JRRn-enwxbfYCsB5UdO4-SLUPssU9wVzdhTjvqxnS2Gct
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
c893dc94f884c3c02abc40505def7686f42c795c09ac967e9f5028f6b05088b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
58695
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
HWTWR0LmsEwPHkhNQ-yvGrBNgi-euIUpUQ09SnX5LAX8Jyjr3RPAk3v8hZ-dvj-cC-G5yvjndoj5mJCV8TW00cFSnHk_aX1QyQXOWjITa6wx9C7BCZxQNK1akFrqWZAkxKIZVXll
lh4.googleusercontent.com/ 		27 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh4.googleusercontent.com/HWTWR0LmsEwPHkhNQ-yvGrBNgi-euIUpUQ09SnX5LAX8Jyjr3RPAk3v8hZ-dvj-cC-G5yvjndoj5mJCV8TW00cFSnHk_aX1QyQXOWjITa6wx9C7BCZxQNK1akFrqWZAkxKIZVXll
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
6883a8c5bc041902eabd4a32847245d85845b7e9b7fb935982e49f62e7cd528b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:09 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
27224
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:09 GMT
xiaLbhGEfgswgSPduyMLxuQ4Imd96u-c1zhgPiHBjNrfHBENsNXZRFtcflBHksy-64yx8-KFhA7s0BjNhWF48usWz7bYWX1bMlQLxCZoZH4s9RwPxb-cNayRzktuCItJ5I8nDPx9
lh4.googleusercontent.com/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh4.googleusercontent.com/xiaLbhGEfgswgSPduyMLxuQ4Imd96u-c1zhgPiHBjNrfHBENsNXZRFtcflBHksy-64yx8-KFhA7s0BjNhWF48usWz7bYWX1bMlQLxCZoZH4s9RwPxb-cNayRzktuCItJ5I8nDPx9
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
5fd47d5110dbca09fbe89de037285c40548600315b336b9063159033224fb54c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:09 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
7515
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:09 GMT
e6_pqShB02SU4CJhD3qG-X3_uQ_VZoUKBGnpdltiojaZPmzeL1wx7kNRiT2RxNmfVcTJxvA1b_qOW0WBCzccOfAiEJsoKVgwjxj6xdfwDdQN7Yn48AFXad48OP2OuGq4J8xOQvDb
lh5.googleusercontent.com/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh5.googleusercontent.com/e6_pqShB02SU4CJhD3qG-X3_uQ_VZoUKBGnpdltiojaZPmzeL1wx7kNRiT2RxNmfVcTJxvA1b_qOW0WBCzccOfAiEJsoKVgwjxj6xdfwDdQN7Yn48AFXad48OP2OuGq4J8xOQvDb
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
334276456770fcd7d7187c4d986d0b0dfe7e047439cce169e1f57fdfef697eb3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
7256
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:08 GMT
lrWh5xMifyBGFOmgfraBssgfdPF-jG2J8WGuczP4LT_Ay2yoKII1nRRIVm1AC6FphshiUCM9IvgbAQI2qziOA5tLX5MN4hKPgDoiqlaYgCMsoudtEYJraCMxlw1gwajyYHkHPP9O
lh4.googleusercontent.com/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh4.googleusercontent.com/lrWh5xMifyBGFOmgfraBssgfdPF-jG2J8WGuczP4LT_Ay2yoKII1nRRIVm1AC6FphshiUCM9IvgbAQI2qziOA5tLX5MN4hKPgDoiqlaYgCMsoudtEYJraCMxlw1gwajyYHkHPP9O
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
6b0efa56d57140f36a300e97aff15d8ac4e76fa68a12dfa869cf32c30fb00d1a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:09 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
13232
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:09 GMT
pXqbCFZKF0DF7jAN2M-lbZM55PsMxfxYd5yN_sifgXU5SLR0JuvZs4MOH6A4HAfJldBoGG3lhCoMf9p2Bsn0UU4VmuK2KU7WFnL6aBe6hVdeJlEegXIf5gR4zULnS_X8Fr8rW3es
lh4.googleusercontent.com/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh4.googleusercontent.com/pXqbCFZKF0DF7jAN2M-lbZM55PsMxfxYd5yN_sifgXU5SLR0JuvZs4MOH6A4HAfJldBoGG3lhCoMf9p2Bsn0UU4VmuK2KU7WFnL6aBe6hVdeJlEegXIf5gR4zULnS_X8Fr8rW3es
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
75df4f6d6b0335c6d83f895f58d3a1544d885d005508741d2320ecccc0844f39
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:09 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename="pasted image 0.png"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
20994
x-xss-protection
0
server
fife
etag
"v2"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 11 Mar 2020 22:08:09 GMT
PHAR-01-3.png
blog.cystack.net/content/images/size/w1000/2019/03/ 		161 KB
162 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.cystack.net/content/images/size/w1000/2019/03/PHAR-01-3.png
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.128.127.65 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
landing01.sin
Software
nginx/1.14.0 (Ubuntu) / Express
Resource Hash
64ab72c774099ded90ddaf0aa7004a01cb747c10ab5afd85e44a7260313959a9
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:07 GMT
x-content-type-options
nosniff
last-modified
Fri, 15 Mar 2019 08:18:42 GMT
server
nginx/1.14.0 (Ubuntu)
x-powered-by
Express
etag
W/"2855b-169806e8aed"
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
cache-control
public, max-age=31536000
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes
content-length
165211
theanhnguyen.png
blog.cystack.net/content/images/size/w100/2018/11/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.cystack.net/content/images/size/w100/2018/11/theanhnguyen.png
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.128.127.65 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
landing01.sin
Software
nginx/1.14.0 (Ubuntu) / Express
Resource Hash
79f8d3575cb7317a031accaeb3444bef4c77d5b5e938080ba0618e531a9d2fcb
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:07 GMT
x-content-type-options
nosniff
last-modified
Fri, 15 Mar 2019 08:18:17 GMT
server
nginx/1.14.0 (Ubuntu)
x-powered-by
Express
etag
W/"2135-169806e2c2c"
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
cache-control
public, max-age=31536000
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes
content-length
8501
drupal-RCE-01-1-.png
blog.cystack.net/content/images/size/w1000/2019/02/ 		282 KB
283 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.cystack.net/content/images/size/w1000/2019/02/drupal-RCE-01-1-.png
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.128.127.65 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
landing01.sin
Software
nginx/1.14.0 (Ubuntu) / Express
Resource Hash
418906ccda62acc10155c9dd5bbadb2f410bf957180ef1e217d1c934e0a3dc01
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:07 GMT
x-content-type-options
nosniff
last-modified
Fri, 15 Mar 2019 08:18:43 GMT
server
nginx/1.14.0 (Ubuntu)
x-powered-by
Express
etag
W/"4696c-169806e91e5"
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
cache-control
public, max-age=31536000
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes
content-length
289132
duy.png
blog.cystack.net/content/images/size/w100/2018/11/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.cystack.net/content/images/size/w100/2018/11/duy.png
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.128.127.65 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
landing01.sin
Software
nginx/1.14.0 (Ubuntu) / Express
Resource Hash
c8cf0aa1b81bdb5862247c32319e5c67e5a9a03e4f8142b141ae9c9ed9817039
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:07 GMT
x-content-type-options
nosniff
last-modified
Fri, 15 Mar 2019 08:18:39 GMT
server
nginx/1.14.0 (Ubuntu)
x-powered-by
Express
etag
W/"26b4-169806e81d9"
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
cache-control
public, max-age=31536000
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes
content-length
9908
jquery-3.4.1.min.js
code.jquery.com/ 		86 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.4.1.min.js
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:4de0:ac19::1:b:2b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
Origin
https://blog.cystack.net
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 10 Mar 2020 22:08:07 GMT
Content-Encoding
gzip
Last-Modified
Wed, 01 May 2019 21:14:27 GMT
Server
nginx
ETag
W/"5cca0c33-15851"
Vary
Accept-Encoding
X-HW
1583878087.dop167.fr8.shc,1583878087.dop167.fr8.t,1583878087.cds159.fr8.c
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000, public
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
30638
casper.js
blog.cystack.net/assets/built/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.cystack.net/assets/built/casper.js?v=343448b432
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.128.127.65 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
landing01.sin
Software
nginx/1.14.0 (Ubuntu) / Express
Resource Hash
aaff77f553f847519fd6b1bd8b913dea2cda339b1bf4e7c18cf4822c9c3fb035
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 10 Mar 2020 22:08:07 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
server
nginx/1.14.0 (Ubuntu)
x-powered-by
Express
etag
W/"df6-7438674ba0"
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
status
200
cache-control
public, max-age=31536000
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes
x-content-type-options
nosniff
prism.min.js
cdnjs.cloudflare.com/ajax/libs/prism/1.14.0/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/prism/1.14.0/prism.min.js
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4104 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d31b32c0a8e01c38bf802c3d9fdadbc563b7ece9dc2439ea3cf318ae5476919
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 10 Mar 2020 22:08:07 GMT
content-encoding
br
cf-cache-status
HIT
age
904851
cf-ray
57205a40687a6479-FRA
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified
Thu, 17 May 2018 09:25:15 GMT
server
cloudflare
etag
W/"5afd4a7b-2ff6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Sun, 28 Feb 2021 22:08:07 GMT
cache-control
public, max-age=30672000
timing-allow-origin
*
served-in-seconds
0.002
prism-css.min.js
cdnjs.cloudflare.com/ajax/libs/prism/1.14.0/components/ 		1 KB
561 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/prism/1.14.0/components/prism-css.min.js
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4104 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
19f4315558fec76fd1c12ba59f2efe0daaa6dc3d294a8bae37da4b98f279e550
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 10 Mar 2020 22:08:07 GMT
content-encoding
br
cf-cache-status
HIT
age
11372021
cf-ray
57205a40687c6479-FRA
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified
Thu, 17 May 2018 09:25:15 GMT
server
cloudflare
etag
W/"5afd4a7b-417"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Sun, 28 Feb 2021 22:08:07 GMT
cache-control
public, max-age=30672000
timing-allow-origin
*
served-in-seconds
0.001
prism-javascript.min.js
cdnjs.cloudflare.com/ajax/libs/prism/1.14.0/components/ 		2 KB
857 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/prism/1.14.0/components/prism-javascript.min.js
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4104 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd71b6019dc666c726cf32b771c270cc96df4c498b20b4c9e936383599b55593
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 10 Mar 2020 22:08:07 GMT
content-encoding
br
cf-cache-status
HIT
age
11359707
cf-ray
57205a40687d6479-FRA
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified
Thu, 17 May 2018 09:25:15 GMT
server
cloudflare
etag
W/"5afd4a7b-656"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Sun, 28 Feb 2021 22:08:07 GMT
cache-control
public, max-age=30672000
timing-allow-origin
*
served-in-seconds
0.001
prism-sass.min.js
cdnjs.cloudflare.com/ajax/libs/prism/1.14.0/components/ 		1 KB
548 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/prism/1.14.0/components/prism-sass.min.js
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4104 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
72291cc08077def8d5530f1ec7fe813a016fbe99de8eddf9105bc294c848153c
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 10 Mar 2020 22:08:07 GMT
content-encoding
br
cf-cache-status
HIT
age
28502026
cf-ray
57205a40687f6479-FRA
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified
Thu, 17 May 2018 09:26:22 GMT
server
cloudflare
etag
W/"5afd4abe-400"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Sun, 28 Feb 2021 22:08:07 GMT
cache-control
public, max-age=30672000
timing-allow-origin
*
served-in-seconds
0.001
analytics.js
www.google-analytics.com/ 		44 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-112171664-3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 06 Feb 2020 00:21:02 GMT
server
Golfe2
age
5677
date
Tue, 10 Mar 2020 20:33:31 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
18174
expires
Tue, 10 Mar 2020 22:33:31 GMT
fbevents.js
connect.facebook.net/en_US/ 		126 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-27=":443"; ma=3600
content-length
30466
x-xss-protection
0
pragma
public
x-fb-debug
KympOLIjo9IpAzz4LF79/Mg5/KO0DLekYnkzMyCSCUiQEtc1mLhhSYd35u2V3udBfpuQXyBtl9nSo5oNVA4kBA==
x-fb-trip-id
2080452462
date
Tue, 10 Mar 2020 22:08:08 GMT, Tue, 10 Mar 2020 22:08:08 GMT
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
expires
Sat, 01 Jan 2000 00:00:00 GMT
embed.js
cystack.disqus.com/ 		67 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cystack.disqus.com/embed.js
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.134 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
2b20993c3ff3bec5052c616d139a85d9fc3146acc1a4314387abe5801651cf3a
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Tue, 10 Mar 2020 22:08:07 GMT
Content-Encoding
gzip
Server
openresty
Age
0
Vary
Accept-Encoding
Strict-Transport-Security
max-age=300; includeSubdomains
Content-Type
application/javascript; charset=utf-8
Cache-Control
private, max-age=60
X-Service
router
Connection
keep-alive
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length
22285
lounge.91790a929b2fba6bf8967d2204d948d5.css
c.disquscdn.com/next/embed/styles/ 		0
21 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/styles/lounge.91790a929b2fba6bf8967d2204d948d5.css
Requested by
Host: cystack.disqus.com
URL: https://cystack.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:50a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
509138
cf-ray
57205a47093497fc-FRA
status
200
vary
Accept-Encoding
content-length
21803
x-xss-protection
1; mode=block
last-modified
Wed, 04 Mar 2020 23:13:11 GMT
server
cloudflare
etag
"5e603607-552b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=300; includeSubdomains
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 05 Mar 2021 00:42:22 GMT
common.bundle.b9167d06dc7bd01b59d6d6332d6aafa1.js
c.disquscdn.com/next/embed/ 		0
89 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/common.bundle.b9167d06dc7bd01b59d6d6332d6aafa1.js
Requested by
Host: cystack.disqus.com
URL: https://cystack.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:50a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
2795169
cf-ray
57205a47093597fc-FRA
status
200
vary
Accept-Encoding
content-length
90471
x-xss-protection
1; mode=block
last-modified
Tue, 04 Feb 2020 01:14:10 GMT
server
cloudflare
etag
"5e38c562-16167"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=300; includeSubdomains
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 03 Feb 2021 22:39:15 GMT
lounge.bundle.b9f55e00ac59a682cfbac91eadf883d4.js
c.disquscdn.com/next/embed/ 		0
108 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/lounge.bundle.b9f55e00ac59a682cfbac91eadf883d4.js
Requested by
Host: cystack.disqus.com
URL: https://cystack.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:50a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
6002
cf-ray
57205a47093697fc-FRA
status
200
vary
Accept-Encoding
content-length
110691
x-xss-protection
1; mode=block
last-modified
Tue, 10 Mar 2020 20:05:01 GMT
server
cloudflare
etag
"5e67f2ed-1b063"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=300; includeSubdomains
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 10 Mar 2021 20:27:59 GMT
config.js
disqus.com/next/ 		0
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://disqus.com/next/config.js
Requested by
Host: cystack.disqus.com
URL: https://cystack.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.64.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers

Timing-Allow-Origin
*
Date
Tue, 10 Mar 2020 22:08:08 GMT
X-Content-Type-Options
nosniff
Server
nginx
Age
39
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin
*
Cache-Control
public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Strict-Transport-Security
max-age=300; includeSubdomains
Content-Type
application/javascript; charset=UTF-8
Content-Length
5529
X-XSS-Protection
1; mode=block
/
disqus.com/embed/comments/ Frame 271B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://disqus.com/embed/comments/?base=default&f=cystack&t_i=ghost-5c5296a25879070609443974&t_u=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&t_d=Word-based%20Malware%20Attack&t_t=Word-based%20Malware%20Attack&s_o=default
Requested by
Host: cystack.disqus.com
URL: https://cystack.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.64.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ 'unsafe-inline' https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ https://apis.google.com https://www.google.com/recaptcha/ https://disqus.com
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
disqus.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://blog.cystack.net/word-based-malware-attack/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://blog.cystack.net/word-based-malware-attack/

Response headers

Server
nginx
Content-Type
text/html; charset=utf-8
Content-Security-Policy
script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ 'unsafe-inline' https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ https://apis.google.com https://www.google.com/recaptcha/ https://disqus.com
Last-Modified
Fri, 14 Feb 2020 02:17:10 GMT
ETag
W/"lounge:view:7415270133.3dff8a4ad885b09ffa332e8b8f9eac0f.2"
Link
<https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control
stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Timing-Allow-Origin
*
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Content-Encoding
gzip
Content-Length
5955
Date
Tue, 10 Mar 2020 22:08:08 GMT
Age
26
Connection
keep-alive
Vary
Accept-Encoding
Strict-Transport-Security
max-age=300; includeSubdomains
/
tempest.services.disqus.com/ads-iframe/google/ Frame 30DB 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tempest.services.disqus.com/ads-iframe/google/?position=top&shortname=cystack&experiment=network_default&variant=fallthrough&service=dynamic&anchorColor=%2326a8ed&colorScheme=light&sourceUrl=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&typeface=sans-serif&canonicalUrl=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&disqus_version=a208fc5
Requested by
Host: cystack.disqus.com
URL: https://cystack.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.12.64 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash

Request headers

Host
tempest.services.disqus.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://blog.cystack.net/word-based-malware-attack/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://blog.cystack.net/word-based-malware-attack/

Response headers

Server
openresty
Content-Type
text/html; charset=utf-8
Cache-Control
public, max-age=300
X-Service
router
Content-Encoding
gzip
Content-Length
9162
Date
Tue, 10 Mar 2020 22:08:08 GMT
Age
0
Connection
keep-alive
Vary
Accept-Encoding
event.gif
referrer.disqus.com/juggler/ 		43 B
295 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://referrer.disqus.com/juggler/event.gif?imp=3i6fhnu1t4u950&experiment=network_default&variant=fallthrough&service=dynamic&area=top&product=embed&forum=cystack&zone=thread&version=9588e8f45d4bfec92623177d8dc19cd1&page_url=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&page_referrer=&object_type=provider&event=activity&ad_product_name=iab_display&ad_product_layout=iab_display&bin=embed%3Apromoted_discovery%3Adynamic%3Anetwork_default%3Afallthrough&section=default&verb=call&adjective=1&forum_id=5304971
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.134 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Tue, 10 Mar 2020 22:08:08 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
nginx
Content-Type
image/gif
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
alfie.f51946af45e0b561c60f768335c9eb79.js
c.disquscdn.com/next/embed/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/alfie.f51946af45e0b561c60f768335c9eb79.js
Requested by
Host: cystack.disqus.com
URL: https://cystack.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:50a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eda8f00e9255746e7620848227aca122053845c9b4a90f1b3e26b4cd99af9e25
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 10 Mar 2020 22:08:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
19837225
cf-ray
57205a458f9597fc-FRA
status
200
vary
Accept-Encoding
content-length
6605
x-xss-protection
1; mode=block
last-modified
Wed, 15 May 2019 00:01:52 GMT
server
cloudflare
etag
"5cdb56f0-19cd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=300; includeSubdomains
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 19 May 2020 02:07:22 GMT
ping
links.services.disqus.com/api/ 		282 B
908 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://links.services.disqus.com/api/ping?format=jsonp&key=cfdfcf52dffd0a702a61bad27507376d&loc=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&subId=5304971&v=1&jsonp=vglnk_jsonp_15838780885970
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie.f51946af45e0b561c60f768335c9eb79.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.12.64 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
ec3cba4b28cd3d52e2f4178ecb980d8c418236072bc7fe2b569648f25b4f4dc4

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
Origin
https://blog.cystack.net
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 10 Mar 2020 22:08:08 GMT
Server
Apache-Coyote/1.1
P3P
CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin
https://blog.cystack.net
Cache-Control
no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/javascript;charset=UTF-8
Content-Length
282
Expires
Thu, 01 Jan 1970 00:00:00 GMT
collect
www.google-analytics.com/r/ 		35 B
111 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/r/collect?v=1&_v=j81&a=575118575&t=pageview&_s=1&dl=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&ul=en-us&de=UTF-8&dt=Word-based%20Malware%20Attack&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=753985879&gjid=2125286879&cid=2118970928.1583878089&tid=UA-112171664-3&_gid=728594793.1583878089&_r=1&gtm=2ou2q2&z=1571021171
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Tue, 10 Mar 2020 22:08:08 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
163582237627718
connect.facebook.net/signals/config/ 		447 KB
113 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/163582237627718?v=2.9.15&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9a3f947226178c13f16fb29cace09e40f80b6a8a5d0d9026177202870a15e56c
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-27=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
HhpG32529Xi79Fcbv8qSoBd53/YWKamTqJxnjNFbV+FpLxPK+GdUAHAi92u/uQxsOkuuE0s7bZJXb4AVQ9nUGw==
x-fb-trip-id
2080452462
date
Tue, 10 Mar 2020 22:08:08 GMT, Tue, 10 Mar 2020 22:08:08 GMT
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
tempest.services.disqus.com/ads-iframe/google/ Frame 57A9 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tempest.services.disqus.com/ads-iframe/google/?position=bottom&shortname=cystack&experiment=network_default&variant=fallthrough&service=dynamic&anchorColor=%2326a8ed&colorScheme=light&sourceUrl=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&typeface=sans-serif&canonicalUrl=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&disqus_version=a208fc5
Requested by
Host: cystack.disqus.com
URL: https://cystack.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.12.64 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash

Request headers

Host
tempest.services.disqus.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://blog.cystack.net/word-based-malware-attack/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
trc_cookie_storage=disqus-widget-safetylevel20longtail09%253Asession-data%3Dv2_80495629bb4ca9a1cad897e531ad607c_718b6a5d-9ae2-4034-82ce-381a8f7db41e-tuct5619548_1583878088_1583878088_CIi3jgYQktQ_GN7P9rOMLiABKAEwFjjqxgdA34YQSLbL-AFQ____________AVgAYABo-LaWudTB3cIr%7Ctaboola%2520global%253Alocal-storage-keys%3D%255B%2522disqus-widget-safetylevel20longtail09%253Asession-data%2522%252C%2522taboola%2520global%253Auser-id%2522%255D%7Ctaboola%2520global%253Auser-id%3D718b6a5d-9ae2-4034-82ce-381a8f7db41e-tuct5619548
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://blog.cystack.net/word-based-malware-attack/

Response headers

Server
openresty
Content-Type
text/html; charset=utf-8
Cache-Control
public, max-age=300
X-Service
router
Content-Encoding
gzip
Content-Length
9164
Date
Tue, 10 Mar 2020 22:08:09 GMT
Age
0
Connection
keep-alive
Vary
Accept-Encoding
event.gif
referrer.disqus.com/juggler/ 		43 B
295 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://referrer.disqus.com/juggler/event.gif?imp=3i6fhnu1t4u950&experiment=network_default&variant=fallthrough&service=dynamic&area=top&product=embed&forum=cystack&zone=thread&version=9588e8f45d4bfec92623177d8dc19cd1&page_url=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&page_referrer=&object_type=advertisement&event=activity&ad_product_name=iab_display&ad_product_layout=iab_display&bin=embed%3Apromoted_discovery%3Adynamic%3Anetwork_default%3Afallthrough&object_id=%5B184193%5D&section=default&verb=load&advertisement_id=184193&forum_id=5304971
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.134 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Tue, 10 Mar 2020 22:08:09 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
nginx
Content-Type
image/gif
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
event.gif
referrer.disqus.com/juggler/ 		43 B
295 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://referrer.disqus.com/juggler/event.gif?imp=3i6fhnu1t4u950&experiment=network_default&variant=fallthrough&service=dynamic&area=bottom&product=embed&forum=cystack&zone=thread&version=9588e8f45d4bfec92623177d8dc19cd1&page_url=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&page_referrer=&object_type=provider&event=activity&ad_product_name=iab_display&ad_product_layout=iab_display&bin=embed%3Apromoted_discovery%3Adynamic%3Anetwork_default%3Afallthrough&section=default&verb=call&adjective=1&forum_id=5304971
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.134 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Tue, 10 Mar 2020 22:08:09 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
nginx
Content-Type
image/gif
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
/
www.facebook.com/tr/ 		44 B
348 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=163582237627718&ev=PageView&dl=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&rl=&if=false&ts=1583878088936&sw=1600&sh=1200&v=2.9.15&r=stable&ec=0&o=30&fbp=fb.1.1583878088935.1946867926&it=1583878088830&coo=false&rqm=GET
Requested by
Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 22:08:09 GMT, Tue, 10 Mar 2020 22:08:09 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-27=":443"; ma=3600
content-length
44
expires
Tue, 10 Mar 2020 22:08:09 GMT
event.gif
referrer.disqus.com/juggler/ 		43 B
295 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://referrer.disqus.com/juggler/event.gif?imp=3i6fhnu1t4u950&experiment=network_default&variant=fallthrough&service=dynamic&area=bottom&product=embed&forum=cystack&zone=thread&version=9588e8f45d4bfec92623177d8dc19cd1&page_url=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&page_referrer=&object_type=advertisement&event=activity&ad_product_name=iab_display&ad_product_layout=iab_display&bin=embed%3Apromoted_discovery%3Adynamic%3Anetwork_default%3Afallthrough&object_id=%5B184193%5D&section=default&verb=load&advertisement_id=184193&forum_id=5304971
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.134 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Tue, 10 Mar 2020 22:08:09 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
nginx
Content-Type
image/gif
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
/
www.facebook.com/tr/ 		0
83 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://blog.cystack.net/word-based-malware-attack/
Origin
https://blog.cystack.net
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryjvpMBRUQQm7a9uly

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
server
proxygen-bolt
access-control-allow-origin
https://blog.cystack.net
date
Tue, 10 Mar 2020 22:08:09 GMT
content-type
text/plain
status
200
access-control-allow-credentials
true
alt-svc
h3-27=":443"; ma=3600
content-length
0

Verdicts & Comments Add Verdict or Comment

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| google_tag_manager object| dataLayer function| gtag string| GoogleAnalyticsObject function| ga function| fbq function| _fbq function| disqus_config function| $ function| jQuery object| DISQUS object| Casper function| getParameterByName object| action object| _self object| Prism string| vglnk_self function| vl_cB function| vl_disable undefined| vglnk_jsonp_15838780885970 object| vglnk object| google_tag_data object| gaplugins object| gaGlobal object| gaData

2 Cookies

Domain/Path Name / Value
.taboola.com/ Name: t_gid
Value: 718b6a5d-9ae2-4034-82ce-381a8f7db41e-tuct5619548
tempest.services.disqus.com/ Name: trc_cookie_storage
Value: disqus-widget-safetylevel20longtail09%253Asession-data%3Dv2_80495629bb4ca9a1cad897e531ad607c_718b6a5d-9ae2-4034-82ce-381a8f7db41e-tuct5619548_1583878088_1583878089_CIi3jgYQktQ_GPzS9rOMLiACKAEwFjjqxgdA34YQSLbL-AFQ____________AVgAYABo-LaWudTB3cIr%7Ctaboola%2520global%253Alocal-storage-keys%3D%255B%2522disqus-widget-safetylevel20longtail09%253Asession-data%2522%252C%2522taboola%2520global%253Auser-id%2522%255D%7Ctaboola%2520global%253Auser-id%3D718b6a5d-9ae2-4034-82ce-381a8f7db41e-tuct5619548

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blog.cystack.net
c.disquscdn.com
cdnjs.cloudflare.com
code.jquery.com
connect.facebook.net
cystack.disqus.com
disqus.com
lh3.googleusercontent.com
lh4.googleusercontent.com
lh5.googleusercontent.com
lh6.googleusercontent.com
links.services.disqus.com
referrer.disqus.com
tempest.services.disqus.com
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
151.101.112.134
151.101.12.64
151.101.64.134
178.128.127.65
2001:4de0:ac19::1:b:2b
2606:4700::6810:50a6
2606:4700::6811:4104
2a00:1450:4001:819::2001
2a00:1450:4001:81d::2008
2a00:1450:4001:81d::200e
2a00:1450:4001:824::2001
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0a23f51e0d0b4d8001000a7a2760ececf4c134a90a24133ac6a750b67eec115e
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1180832ce8d99e590e178aa5dfcef5b5ad4226b48ed2c3252c3cc508b2779701
19f4315558fec76fd1c12ba59f2efe0daaa6dc3d294a8bae37da4b98f279e550
1bdf4a9eadc00a6a38b96ee006ca7d1ad50753391b0798f23d66bd64d2d26f21
23bb080ce82285887825b931f109c847a81bbd7ac6c2397ccfdf3ddd5db577c6
291fce3a90ca3660e038df66bc9e793f7293e36388f9e02b3ca9eafb6066644c
2b20993c3ff3bec5052c616d139a85d9fc3146acc1a4314387abe5801651cf3a
334276456770fcd7d7187c4d986d0b0dfe7e047439cce169e1f57fdfef697eb3
3e019c3140635b583629c6aad4e6fb1e1950efb8823fc11157c638ec7766aa69
3eaca3da027bffb2646ae481fd839f0d99a8c31ef3bb52386e33dca76c7e8a58
40420c474f8b6a5c4d07b6d9e9388f8d8599a406351655657d6a1d038ba742de
418906ccda62acc10155c9dd5bbadb2f410bf957180ef1e217d1c934e0a3dc01
4f3f0f99ace14dbfbf248037f656a4db80fd81bfb95934ab5df43562d9032bce
5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685
5fd47d5110dbca09fbe89de037285c40548600315b336b9063159033224fb54c
64ab72c774099ded90ddaf0aa7004a01cb747c10ab5afd85e44a7260313959a9
6883a8c5bc041902eabd4a32847245d85845b7e9b7fb935982e49f62e7cd528b
6b0efa56d57140f36a300e97aff15d8ac4e76fa68a12dfa869cf32c30fb00d1a
72291cc08077def8d5530f1ec7fe813a016fbe99de8eddf9105bc294c848153c
73fe8aed3d94fa4dbb267f13a0ce8f612ebed4b3057217127aa3dd2d482c8aab
75df4f6d6b0335c6d83f895f58d3a1544d885d005508741d2320ecccc0844f39
79f8d3575cb7317a031accaeb3444bef4c77d5b5e938080ba0618e531a9d2fcb
7f0bb7c26d61cc5feb0a0bdc1b8347b139e2cf507ccfc9329c19cc4fc600ffa9
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8d31b32c0a8e01c38bf802c3d9fdadbc563b7ece9dc2439ea3cf318ae5476919
8fa4260bcea0b3bbd7dc6cd2eb6ca96f23e5509719f54a7d9092771217ca46f7
938139f3b4d920432ab670785f526de90ba19653395b94bb737ecbd7fe1108bd
94b37b65d19a1a4563f974dff288547db10b35c942c9368833b030cccbe70c62
9a3f947226178c13f16fb29cace09e40f80b6a8a5d0d9026177202870a15e56c
a0a44ca26b92de8577563146da0a012f52a4ff838dfaf90122d6f151cffd4249
a1024a4adea9d77130531d37c7f965a358f774b8ad4b9b93602e389a37e9ee3b
a37f9ff9a75b94d37e3b29507ac7f7fd9470205c046d265945d1941d5a42413d
aad9c4fa6c3fc41ddfa51d2316aafaf70d98036dc60f5b1da9fbf36108d31549
aaff77f553f847519fd6b1bd8b913dea2cda339b1bf4e7c18cf4822c9c3fb035
b125fd5e2ef4a5920cb79d360f8bd46b5c82e74854928b28dcd1f738744ed63f
b1b58b45a69e563772cb1805fdbe7cd23152ec51168aaa1dc8237dd83d2e992e
b1c16b3fa4d0c97a6af39b31f450020119e5d47f68f283199646c476f508a2de
b973dbacba46f18beb721090307dca0b87b3e133798f2ff897add4252ce519f8
bdd643791f0267d93eb3ae59daf6ab30d86348df1e182f34d192d34dd7e2bcb8
c2918bbe8f1e0d6961f86e9360dbd23cf788c67e5d515a7a7097ec37b4171d8b
c4f7874b308c98d3b0e9f367dba84019160a2f49da9b58b73895d208c0637ec3
c796e95334e19f80dc7c76bf6f5e28c53df3f1e62b64402c479c011a41e98757
c893dc94f884c3c02abc40505def7686f42c795c09ac967e9f5028f6b05088b9
c8cf0aa1b81bdb5862247c32319e5c67e5a9a03e4f8142b141ae9c9ed9817039
c99572f523c993dd04fbb421e353de057643e6680a35ec3bf9e06bbfd01aa229
cd71b6019dc666c726cf32b771c270cc96df4c498b20b4c9e936383599b55593
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf4e326031153798b54ee4553c64b0f73efa63c35e85317cd202ab7312564f1c
d0fa9011ce2968202d0aeb67378e0068e701d94aed086209ee8a88cc247c863b
d6bd5df49f177bef434a1c200f67fe3e4c66c43629e75b127d3bcb52d877eb42
d83e70d6f5c3b6c343773c270f701e72cb0ff8851dfd32dab185a023c027ad8d
d9978f58741d65379a6c71fdd1ffc7d0ccbddf7dbdbb3aa75ca169987ed61979
e0eed0c25b9615705bf2647ea5dc193c022c9f80d3ee38550323bbdafbaddada
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e568faaf457c89cdafecc62211edf4c7021d99fb00f12c06ab8b3c236792aec3
ea86f195eb330d67a0d57207032752d3bbf83a938f73fafdd6ee363e51fc1896
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
ec3cba4b28cd3d52e2f4178ecb980d8c418236072bc7fe2b569648f25b4f4dc4
eda8f00e9255746e7620848227aca122053845c9b4a90f1b3e26b4cd99af9e25
ee8e2c4dceb1fd84acb13db8d7f1c20b808178b671ec18bb14217219400b5a72
f0080c23d89928398f69159ed0afa9695d2f2d0a293c72d3918161a02216bc60
f836c3444dcebc2a7fafc18634dc0c5e5186517f0dfbeac03e3277edf4f5c921