urlscan.io logo urlscan.io
SecurityTrails logo

academy.tcm-sec.com Open in urlscan Pro
2606:4700::6813:ee75  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://bit.ly/tcm-pmat
Effective URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Submission: On August 17 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 20 IPs in 3 countries across 16 domains to perform 74 HTTP transactions. The main IP is 2606:4700::6813:ee75, located in United States and belongs to CLOUDFLARENET, US. The main domain is academy.tcm-sec.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 1st 2022. Valid for: a year.
This is the only time academy.tcm-sec.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

1    67.199.248.10 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: bit.ly
bit.ly
7    2606:4700::6813:ee75 (United States)

ASN13335 (CLOUDFLARENET, US)
academy.tcm-sec.com
8    2606:4700:3032::ac43:8e97 (United States)

ASN13335 (CLOUDFLARENET, US)
fedora.teachablecdn.com
assets.teachablecdn.com
1    2a04:4e42:400::622 (United States)

ASN54113 (FASTLY, US)
fast.wistia.com
1    2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.recaptcha.net
3    2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
22    151.101.66.49 (United States)

ASN54113 (FASTLY, US)
process.fs.teachablecdn.com
6    151.101.194.49 (United States)

ASN54113 (FASTLY, US)
cdn.fs.teachablecdn.com
1    13.32.121.24 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-24.fra60.r.cloudfront.net
cdn.heapanalytics.com
6    2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
2    3.224.197.190 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-224-197-190.compute-1.amazonaws.com
eventable.teachable.cloud
1    142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net
www.googleadservices.com
1    2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
3    2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
4    2a00:1450:4001:812::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
4    2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    54.173.121.96 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-173-121-96.compute-1.amazonaws.com
heapanalytics.com
1    34.96.67.224 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 224.67.96.34.bc.googleusercontent.com
cdn.sift.com
1    34.102.232.42 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 42.232.102.34.bc.googleusercontent.com
hexagon-analytics.com
Apex Domain
Subdomains		 Transfer
36 teachablecdn.com
fedora.teachablecdn.com — Cisco Umbrella Rank: 97066
process.fs.teachablecdn.com — Cisco Umbrella Rank: 107782
cdn.fs.teachablecdn.com — Cisco Umbrella Rank: 190968
assets.teachablecdn.com — Cisco Umbrella Rank: 108254
12 MB
7 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 52
region1.google-analytics.com — Cisco Umbrella Rank: 2742
22 KB
7 tcm-sec.com
academy.tcm-sec.com
146 KB
4 google.de
www.google.de — Cisco Umbrella Rank: 5596
737 B
4 google.com
www.google.com — Cisco Umbrella Rank: 10
737 B
4 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 55
stats.g.doubleclick.net — Cisco Umbrella Rank: 118
2 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 94
173 KB
2 teachable.cloud
eventable.teachable.cloud — Cisco Umbrella Rank: 92897
140 B
2 heapanalytics.com
cdn.heapanalytics.com — Cisco Umbrella Rank: 3022
heapanalytics.com — Cisco Umbrella Rank: 2533
45 KB
1 hexagon-analytics.com
hexagon-analytics.com — Cisco Umbrella Rank: 5034
272 B
1 sift.com
cdn.sift.com — Cisco Umbrella Rank: 11183
20 KB
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 125
16 KB
1 gstatic.com
www.gstatic.com
154 KB
1 recaptcha.net
www.recaptcha.net — Cisco Umbrella Rank: 1886
971 B
1 wistia.com
fast.wistia.com — Cisco Umbrella Rank: 4683
114 KB
1 bit.ly
bit.ly — Cisco Umbrella Rank: 4554
259 B
74 16
Domain Requested by
22 process.fs.teachablecdn.com academy.tcm-sec.com
7 academy.tcm-sec.com 1 redirects academy.tcm-sec.com
fedora.teachablecdn.com
6 www.google-analytics.com academy.tcm-sec.com
www.google-analytics.com
6 cdn.fs.teachablecdn.com academy.tcm-sec.com
5 assets.teachablecdn.com academy.tcm-sec.com
4 www.google.de academy.tcm-sec.com
4 www.google.com academy.tcm-sec.com
3 stats.g.doubleclick.net www.google-analytics.com
3 www.googletagmanager.com academy.tcm-sec.com
www.googletagmanager.com
3 fedora.teachablecdn.com academy.tcm-sec.com
2 eventable.teachable.cloud fedora.teachablecdn.com
1 hexagon-analytics.com
1 cdn.sift.com academy.tcm-sec.com
1 heapanalytics.com academy.tcm-sec.com
1 region1.google-analytics.com www.googletagmanager.com
1 googleads.g.doubleclick.net www.googleadservices.com
1 www.googleadservices.com www.googletagmanager.com
1 www.gstatic.com www.recaptcha.net
1 cdn.heapanalytics.com academy.tcm-sec.com
1 www.recaptcha.net academy.tcm-sec.com
1 fast.wistia.com academy.tcm-sec.com
1 bit.ly 1 redirects
74 22
Subject Issuer Validity Valid
academy.tcm-sec.com
Cloudflare Inc ECC CA-3		 2022-08-01 -
2023-08-01		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-05-18 -
2023-05-18		 a year crt.sh
fast.wistia.com
GlobalSign Atlas R3 DV TLS CA H2 2021		 2021-12-24 -
2023-01-25		 a year crt.sh
misc.google.com
GTS CA 1C3		 2022-07-18 -
2022-10-10		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-07-18 -
2022-10-10		 3 months crt.sh
*.fs.teachablecdn.com
GlobalSign Atlas R3 DV TLS CA 2022 Q1		 2022-04-07 -
2023-05-09		 a year crt.sh
cdn.heapanalytics.com
Amazon		 2022-07-29 -
2023-08-27		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-07-18 -
2022-10-10		 3 months crt.sh
*.teachable.cloud
Amazon		 2021-10-08 -
2022-11-06		 a year crt.sh
www.googleadservices.com
GTS CA 1C3		 2022-07-18 -
2022-10-10		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-07-18 -
2022-10-10		 3 months crt.sh
www.google.com
GTS CA 1C3		 2022-07-18 -
2022-10-10		 3 months crt.sh
www.google.de
GTS CA 1C3		 2022-07-18 -
2022-10-10		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-07-18 -
2022-10-10		 3 months crt.sh
*.google.de
GTS CA 1C3		 2022-07-18 -
2022-10-10		 3 months crt.sh
heapanalytics.com
Amazon		 2021-12-09 -
2023-01-06		 a year crt.sh
*.sift.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-01-07 -
2023-01-20		 a year crt.sh
*.hexagon-analytics.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-19 -
2022-11-04		 a year crt.sh

This page contains 1 frames:

Primary Page: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Frame ID: CF96A2C7B6524339A25A06799A4BF0D0
Requests: 73 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Practical Malware Analysis & Triage | TCM Security, Inc.IncompleteCompletedIncomplete disabled

Page URL History Show full URLs

  1. https://bit.ly/tcm-pmat HTTP 301
    https://academy.tcm-sec.com/courses/practical-malware-analysis-triage HTTP 301
    https://academy.tcm-sec.com/p/practical-malware-analysis-triage Page URL

Detected technologies

Overall confidence: 75%
Detected patterns
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • heap-\d+\.js
Overall confidence: 100%
Detected patterns
  • cdn\.sift(?:science)?\.com/s\.js
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

74
Requests

100 %
HTTPS

57 %
IPv6

16
Domains

22
Subdomains

20
IPs

3
Countries

13425 kB
Transfer

16918 kB
Size

25
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://bit.ly/tcm-pmat HTTP 301
    https://academy.tcm-sec.com/courses/practical-malware-analysis-triage HTTP 301
    https://academy.tcm-sec.com/p/practical-malware-analysis-triage Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

74 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request practical-malware-analysis-triage
academy.tcm-sec.com/p/
Redirect Chain
  • https://bit.ly/tcm-pmat
  • https://academy.tcm-sec.com/courses/practical-malware-analysis-triage
  • https://academy.tcm-sec.com/p/practical-malware-analysis-triage
210 KB
25 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:ee75 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e1793f8b0e0d27890a78a270ab6e4043c83519851f48bfaf484ba01b785ebfe0
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=0, private, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
73bf02ffe8b39113-FRA
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 17 Aug 2022 02:34:37 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
strict-transport-security
max-age=0
vary
Accept-Encoding
x-content-type-options
nosniff
x-download-options
noopen
x-fedora-school-id
770707
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-request-id
cb487bb0-1aa1-47a2-acc0-fa84470cbff5
x-runtime
0.144335
x-xss-protection
1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
73bf02fea8229113-FRA
content-type
text/html; charset=utf-8
date
Wed, 17 Aug 2022 02:34:37 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location
https://academy.tcm-sec.com/p/practical-malware-analysis-triage
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
strict-transport-security
max-age=0
vary
Accept-Encoding
x-content-type-options
nosniff
x-download-options
noopen
x-fedora-school-id
770707
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-request-id
69f1a4cc-ca25-4621-b031-66ebaaae2595
x-runtime
0.051857
x-xss-protection
1; mode=block
pages-47a7c134d21218c7a18c3e5742d3086186841a506614ffc093debb8dda650235.css
fedora.teachablecdn.com/assets/ 		63 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fedora.teachablecdn.com/assets/pages-47a7c134d21218c7a18c3e5742d3086186841a506614ffc093debb8dda650235.css
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:8e97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
47a7c134d21218c7a18c3e5742d3086186841a506614ffc093debb8dda650235

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:37 GMT
via
1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3044562
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
text/css
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 12 Jul 2022 20:44:08 GMT
server
cloudflare
etag
W/"5321a13e89e32f91da264976afa309d2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uu5CxBkAXV4lCyWxFiaENFY%2FfSRtkv3o3FXgFWHPV7xxTgWPOkOKh4AVHijwYPYUCZ19cYeUVGB10BLA%2FdNfWIRQ65OLP2uF69dUwYiUPRMvGVMn4uBxm%2BLbLfMFbiwS4IhlhpP38FpWcuKNpH1U%2FzztRN38WQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
jH29yku0MiwfuBg_Y5WUnyi1zccYsiBm
cache-control
public, max-age=31536000
x-amz-cf-pop
FRA56-P5
cf-ray
73bf03023f0f92b9-FRA
x-amz-cf-id
v9i6023yIDsMrbH_ystb0ENys0RDOp6-RRpEW5kf9uusmVuNS0jV5A==
E-v1.js
fast.wistia.com/assets/external/ 		624 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fast.wistia.com/assets/external/E-v1.js
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::622 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
53ed6ce40eb7b1aeff1637b8fd585500e1b8acab072432eca0af64753d3243ea
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:37 GMT
content-encoding
br
vary
Accept-Encoding
age
1219
x-cache
HIT, HIT
content-length
115850
x-served-by
cache-iad-kjyo7100025-IAD, cache-hhn4035-HHN
access-control-allow-origin
*
x-browser-version
104
last-modified
Tue, 16 Aug 2022 14:22:23 GMT
x-timer
S1660703678.793952,VS0,VE0
etag
"62fba81f-1c48a"
strict-transport-security
max-age=0
content-type
application/javascript
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=3600
x-browser
chrome
x-ecma-v
modern
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
215, 65
api.js
www.recaptcha.net/recaptcha/ 		853 B
971 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.recaptcha.net/recaptcha/api.js
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
fadd034a1e35d0818d2b726068064fb5b0dfc96fe7c98f44379aebeb55715f76
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
558
x-xss-protection
1; mode=block
expires
Wed, 17 Aug 2022 02:34:37 GMT
pages--c6788e63b98d1b0599bc.js
fedora.teachablecdn.com/packs/ 		2 MB
538 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fedora.teachablecdn.com/packs/pages--c6788e63b98d1b0599bc.js
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:8e97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4b87974c302f1bf2dc303d3a222c2b7b85ab7a594f10b330ba9d1d553af5093a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:37 GMT
via
1.1 0247123ccdc6a2a86167d7f4de30885a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
106479
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
application/javascript
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 15 Aug 2022 20:51:45 GMT
server
cloudflare
etag
W/"3cc7f757e5969814602b6f0379af0ae8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YApwkEw%2F6M7a2DGBAYXNJ4NmEs7XTTNGTSg7OYQnGxISXeH5bPuy7x0D14n51RSl%2F5j%2BU1%2FU%2BqjDKtZ2aFuGbwDoXnDwXH4FGzEVM4rmFc1A8xsTxABGw%2Fwqc13UY00KCED65ehbKkGkKCs%2ByAowGbyDc%2BmRuA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
9tFCj0uMhg0r77YH.caB.lB_.rVF9aWO
cache-control
public, max-age=31536000
x-amz-cf-pop
DUS51-P2
cf-ray
73bf03023f1092b9-FRA
x-amz-cf-id
tNFujzBTZlEAnwxQkETO2har6AVZ_RUzFFMzo9VqWMv5QG7bgku2YQ==
js
www.googletagmanager.com/gtag/ 		172 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-739575465
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b197c058b7204124fa30fceb9f5b1b1890491cd410d140ed67be9a74615a1bf9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60903
x-xss-protection
0
last-modified
Wed, 17 Aug 2022 01:18:35 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 17 Aug 2022 02:34:38 GMT
js
www.googletagmanager.com/gtag/ 		109 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-140849018-1
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c8bb1521679627140a10cd1f70aac34d72f70a801dedf92f85590f1d8cf8750f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42864
x-xss-protection
0
expires
Wed, 17 Aug 2022 02:34:38 GMT
api.js
academy.tcm-sec.com/cdn-cgi/bm/cv/669835187/ 		35 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://academy.tcm-sec.com/cdn-cgi/bm/cv/669835187/api.js
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6813:ee75 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0d3118e306c6a26f1d2efcb698984e6922c5e7e155c94a84760e36e5592a3c11
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/p/practical-malware-analysis-triage
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=604800, public
cf-ray
73bf0303ae4b90ee-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
09147a6d0c824fdaa5acc7dbee13bd5c
process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=height:60/https://file-uploads.teachablecdn.com/c8250cc07e4e48f39cfe04767c5e3af1/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=height:60/https://file-uploads.teachablecdn.com/c8250cc07e4e48f39cfe04767c5e3af1/09147a6d0c824fdaa5acc7dbee13bd5c
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f47f8093820f68f7b8f8148c2e103b3f9229aad9e439b0a7f0c282057afd2b15

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 varnish, 1.1 varnish
age
1892648
x-cache
HIT, HIT
content-disposition
inline; filename="convert.png"
content-length
10713
x-served-by
cache-iad-kjyo7100101-IAD, cache-hhn4045-HHN
last-modified
Sat, 23 Jul 2022 00:00:35 GMT
x-file-name
convert.png
x-timer
S1660703678.091993,VS0,VE1
etag
"8a88b7c05a9510b2dc801a282e8b56a7"
access-control-max-age
21600
access-control-allow-methods
GET, POST
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=2401770
filestack-trace-id
1658811030-H3zZ9KkSra
accept-ranges
bytes
access-control-allow-headers
Content-Type, X-No-Stream
x-cache-hits
1, 1
gAymcqVNTYKvngiNT99V
cdn.fs.teachablecdn.com/ 		35 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.fs.teachablecdn.com/gAymcqVNTYKvngiNT99V
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d067b918c5ec8b264ea4e83526134a2622f125e988f4691f67e7c8da364adf2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 varnish, 1.1 varnish
age
1605497
x-cache
HIT, HIT
content-disposition
inline; filename="security-bg-1-730x400 (1).jpg"
content-length
35926
x-served-by
cache-iad-kiad7000129-IAD, cache-hhn4037-HHN
last-modified
Mon, 18 Oct 2021 03:37:41 GMT
x-file-name
security-bg-1-730x400 (1).jpg
x-timer
S1660703678.092669,VS0,VE1
etag
"36f6c3c80b5f4d97afe685b8c325f151"
access-control-max-age
21600
access-control-allow-methods
DELETE, GET, HEAD, POST, PUT
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=2678400
filestack-trace-id
1659098180-fYj5Xr5SKC
accept-ranges
bytes
access-control-allow-headers
Content-Type, X-No-Stream
x-cache-hits
1, 1
TGmWWVGZScGfYVNysFJH
cdn.fs.teachablecdn.com/ 		262 KB
262 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.fs.teachablecdn.com/TGmWWVGZScGfYVNysFJH
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ca097cadd739820cbb3dccd9da4c57f85a63087707c0db5f82ce860ba3bc6568

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 varnish, 1.1 varnish
age
678842
x-cache
HIT, HIT
content-disposition
inline; filename="B_PMAT_high quality_2-01.png"
content-length
267912
x-served-by
cache-iad-kcgs7200024-IAD, cache-hhn4037-HHN
last-modified
Mon, 18 Oct 2021 03:45:16 GMT
x-file-name
B_PMAT_high quality_2-01.png
x-timer
S1660703678.092972,VS0,VE2
etag
"e70cbaae38a16a3f337498b5a1d76937"
access-control-max-age
21600
access-control-allow-methods
DELETE, GET, HEAD, POST, PUT
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=2678400
filestack-trace-id
1660024836-KfkguOQgTa
accept-ranges
bytes
access-control-allow-headers
Content-Type, X-No-Stream
x-cache-hits
1, 1
koSf8RheQLgadP0bas3Q
cdn.fs.teachablecdn.com/ 		271 KB
271 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.fs.teachablecdn.com/koSf8RheQLgadP0bas3Q
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
860cf8fc7bbfd28a56009779ce877fcd9d001c7f639a218953a2f6ec50e17ab4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 varnish, 1.1 varnish
age
1513821
x-cache
HIT, HIT
content-disposition
inline; filename="TDV_M50_09.png"
content-length
277436
x-served-by
cache-iad-kiad7000153-IAD, cache-hhn4037-HHN
last-modified
Mon, 22 Nov 2021 21:13:06 GMT
x-file-name
TDV_M50_09.png
x-timer
S1660703678.092937,VS0,VE2
etag
"19df4ba1a590856141377075cf2e5d95"
access-control-max-age
21600
access-control-allow-methods
DELETE, GET, HEAD, POST, PUT
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=2678400
filestack-trace-id
1659189857-atJVh3TaCU
accept-ranges
bytes
access-control-allow-headers
Content-Type, X-No-Stream
x-cache-hits
1, 1
qvACxTzmQbuyg5dNVxJN
cdn.fs.teachablecdn.com/ 		235 KB
235 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.fs.teachablecdn.com/qvACxTzmQbuyg5dNVxJN
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
847f6130913876db62620be6597a66b9b1fdd45ba6ad80679353ffc57a70d9f6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 varnish, 1.1 varnish
age
1604347
x-cache
HIT, HIT
content-disposition
inline; filename="PMT_M54_09.png"
content-length
240640
x-served-by
cache-iad-kcgs7200026-IAD, cache-hhn4037-HHN
last-modified
Mon, 22 Nov 2021 21:13:21 GMT
x-file-name
PMT_M54_09.png
x-timer
S1660703678.092956,VS0,VE2
etag
"0e18fd3bc10539547de5b9b04f574fd0"
access-control-max-age
21600
access-control-allow-methods
DELETE, GET, HEAD, POST, PUT
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=2678400
filestack-trace-id
1656419960-Wk0sJPcZSD
accept-ranges
bytes
access-control-allow-headers
Content-Type, X-No-Stream
x-cache-hits
1, 1
MKlWcqQpSv6MC0Me6guM
cdn.fs.teachablecdn.com/ 		271 KB
271 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.fs.teachablecdn.com/MKlWcqQpSv6MC0Me6guM
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
860cf8fc7bbfd28a56009779ce877fcd9d001c7f639a218953a2f6ec50e17ab4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 varnish, 1.1 varnish
age
991207
x-cache
HIT, HIT
content-disposition
inline; filename="TDV_M50_09.png"
content-length
277436
x-served-by
cache-iad-kjyo7100068-IAD, cache-hhn4037-HHN
last-modified
Mon, 22 Nov 2021 21:13:37 GMT
x-file-name
TDV_M50_09.png
x-timer
S1660703678.092929,VS0,VE2
etag
"19df4ba1a590856141377075cf2e5d95"
access-control-max-age
21600
access-control-allow-methods
DELETE, GET, HEAD, POST, PUT
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=2678400
filestack-trace-id
1657033766-0BYZvz8dRm
accept-ranges
bytes
access-control-allow-headers
Content-Type, X-No-Stream
x-cache-hits
1, 1
chevron-down-solid-263093b97bd01b06adb0ad6caee9cc0ed3fd93607596fb8dee102ebd20d6d85e.svg
fedora.teachablecdn.com/assets/icons/ 		523 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fedora.teachablecdn.com/assets/icons/chevron-down-solid-263093b97bd01b06adb0ad6caee9cc0ed3fd93607596fb8dee102ebd20d6d85e.svg
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:8e97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
263093b97bd01b06adb0ad6caee9cc0ed3fd93607596fb8dee102ebd20d6d85e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 fc562aab29280948aa0691960bee3d6a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
10147626
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/svg+xml
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Fri, 09 Jul 2021 20:21:24 GMT
server
cloudflare
etag
W/"2c0862a67bfb8773d52c7833e17cd5ca"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vXtWQl6HpGRi4iDd7UJdXGZF2Xgd7DyWatJUHVVDCc9ObDvk4JPitni1q11xWr1Wvo9gHW1D4jzlbk5mQRHQfsM%2BhGVB3HousuOC52%2FtjSM5ipoM101TatoL5K3dQiLk4iZzfOFm1rYE4UNEf48XJBc4HjcDPw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
zucQLzGgwHEhfI.QCSVXEB9a3m2ZOO4z
cache-control
public, max-age=31536000
x-amz-cf-pop
FRA56-P5
cf-ray
73bf0303cc5b915c-FRA
x-amz-cf-id
Z1JlsgO0_gkgsn55aN9aCnOBf6fJPtEX1mP8oUbdBx50MIA0HAgH1Q==
bQ5yPjcXTLWaFB4vSQc9
cdn.fs.teachablecdn.com/ 		1 MB
1 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.fs.teachablecdn.com/bQ5yPjcXTLWaFB4vSQc9
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6db92c76523b5b8cc32e985f80000601253b74507a44101d50ea743719e21e07

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 varnish, 1.1 varnish
age
652722
x-cache
HIT, HIT
content-disposition
inline; filename="headshot.jpg"
content-length
1249300
x-served-by
cache-iad-kiad7000124-IAD, cache-hhn4037-HHN
last-modified
Mon, 18 Oct 2021 03:54:48 GMT
x-file-name
headshot.jpg
x-timer
S1660703678.092906,VS0,VE4
etag
"fdbf22ed296d4d89171559915fe67b57-1"
access-control-max-age
21600
access-control-allow-methods
DELETE, GET, HEAD, POST, PUT
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=2678400
filestack-trace-id
1652563227-oQAu0ciT1i
accept-ranges
bytes
access-control-allow-headers
Content-Type, X-No-Stream
x-cache-hits
1, 1
5d0949b474054798bee6d56f5e19b64d
process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:705/https://file-uploads.teachablecdn.com/956925ec734a46efbb0ac43c562eeff1/ 		698 KB
698 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:705/https://file-uploads.teachablecdn.com/956925ec734a46efbb0ac43c562eeff1/5d0949b474054798bee6d56f5e19b64d
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b9e1ccbe5697aaca1d43c18eaf9258964d47df799b2094b80c5ebf685037372d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 varnish, 1.1 varnish
age
1278295
x-cache
HIT, HIT
content-disposition
inline; filename="convert.png"
content-length
714669
x-served-by
cache-iad-kcgs7200143-IAD, cache-hhn4045-HHN
last-modified
Sun, 31 Jul 2022 00:00:14 GMT
x-file-name
convert.png
x-timer
S1660703678.092318,VS0,VE3
etag
"7983f97ee7bfb8f7597164151183fcf1"
access-control-max-age
21600
access-control-allow-methods
GET, POST
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=2478618
filestack-trace-id
1659425382-3YUHzfcaSq
accept-ranges
bytes
access-control-allow-headers
Content-Type, X-No-Stream
x-cache-hits
1, 1
QF5Gr0jFTniKkjgcqspg
process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:30,height:30/https://www.filepicker.io/api/file/ 		26 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:30,height:30/https://www.filepicker.io/api/file/QF5Gr0jFTniKkjgcqspg
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f887ac2f2783de9b512fa9cf46f43ccc13a622740f935d2d0fa12a1a8eb744af

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 varnish, 1.1 varnish
age
728089
x-cache
HIT, HIT
content-disposition
inline; filename="Heath Adams.jpg"
content-length
26388
x-served-by
cache-iad-kcgs7200152-IAD, cache-hhn4045-HHN
last-modified
Thu, 23 Jun 2022 00:00:08 GMT
x-file-name
Heath Adams.jpg
x-timer
S1660703678.092303,VS0,VE1
etag
"05e7ea1c0000834291d45df7d7ed723c"
access-control-max-age
21600
access-control-allow-methods
GET, POST
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=1947885
filestack-trace-id
1656672915-rKJBTyKMRE
accept-ranges
bytes
access-control-allow-headers
Content-Type, X-No-Stream
x-cache-hits
1, 1
2d37f6d87efc454499a71894d3e762b0
process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:705/https://file-uploads.teachablecdn.com/cea96d685f35459ca89c69b7212687f1/ 		696 KB
697 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:705/https://file-uploads.teachablecdn.com/cea96d685f35459ca89c69b7212687f1/2d37f6d87efc454499a71894d3e762b0
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
baa8b049e10902b041088a1d733535947c2b85cfdbddfd05cd93f4b9b4a9b74c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 varnish, 1.1 varnish
age
1259482
x-cache
HIT, HIT
content-disposition
inline; filename="convert.png"
content-length
712828
x-served-by
cache-iad-kcgs7200105-IAD, cache-hhn4045-HHN
last-modified
Thu, 30 Jun 2022 00:00:07 GMT
x-file-name
convert.png
x-timer
S1660703678.092252,VS0,VE1
etag
"43f9896378c40cce1a9d282fa5c4b5bc"
access-control-max-age
21600
access-control-allow-methods
GET, POST
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=992672
filestack-trace-id
1658232928-LsD6ONN7Qx
accept-ranges
bytes
access-control-allow-headers
Content-Type, X-No-Stream
x-cache-hits
1, 1
296a2b34f81544bfbbb1c4cf043c0db8
process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:705/https://file-uploads.teachablecdn.com/a748e3ca7d024358970ad77d2c73f3f1/ 		701 KB
701 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:705/https://file-uploads.teachablecdn.com/a748e3ca7d024358970ad77d2c73f3f1/296a2b34f81544bfbbb1c4cf043c0db8
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
be70a3e7dd44c9b1e32dc1124ec5d190e7cdc8017cca83d01557d0a4f3895f95

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 varnish, 1.1 varnish
age
1478064
x-cache
HIT, MISS
content-disposition
inline; filename="convert.png"
content-length
717475
x-served-by
cache-iad-kcgs7200131-IAD, cache-hhn4045-HHN
last-modified
Thu, 30 Jun 2022 00:00:07 GMT
x-file-name
convert.png
x-timer
S1660703678.092271,VS0,VE121
etag
"a5776f164724b321954c1536084e452d"
access-control-max-age
21600
access-control-allow-methods
GET, POST
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=144568
filestack-trace-id
1659081032-I0q0NJ9QTF
accept-ranges
bytes
access-control-allow-headers
Content-Type, X-No-Stream
x-cache-hits
4, 0
9d2f1c4df3ee4596b027badc6f723b5b
process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:705/https://file-uploads.teachablecdn.com/5b4e4571eb7c47c89be66aa7072598f1/ 		695 KB
696 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:705/https://file-uploads.teachablecdn.com/5b4e4571eb7c47c89be66aa7072598f1/9d2f1c4df3ee4596b027badc6f723b5b
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ca6d2c2d470d44497e91ffc681e046ab4933b4c0f17d884d5813b8b2d7adc14d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 varnish, 1.1 varnish
age
1478063
x-cache
HIT, HIT
content-disposition
inline; filename="convert.png"
content-length
712190
x-served-by
cache-iad-kiad7000053-IAD, cache-hhn4045-HHN
last-modified
Thu, 30 Jun 2022 00:00:07 GMT
x-file-name
convert.png
x-timer
S1660703678.092285,VS0,VE1
etag
"047018afdda9679d59081705242428de"
access-control-max-age
21600
access-control-allow-methods
GET, POST
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=2198952
filestack-trace-id
1657026648-RwfFp39dSn
accept-ranges
bytes
access-control-allow-headers
Content-Type, X-No-Stream
x-cache-hits
1, 1
f017cfd1161b4a0ca5dc8fb5a54219ed
process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:705/https://file-uploads.teachablecdn.com/a625eecc19d74664a41728c4047497f1/ 		685 KB
685 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:705/https://file-uploads.teachablecdn.com/a625eecc19d74664a41728c4047497f1/f017cfd1161b4a0ca5dc8fb5a54219ed
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
3154eb29df9c613b7e015580dc090d372c61e42ffba8cd63f289260a196079d5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 varnish, 1.1 varnish
age
1257563
x-cache
HIT, HIT
content-disposition
inline; filename="convert.png"
content-length
701012
x-served-by
cache-iad-kiad7000160-IAD, cache-hhn4045-HHN
last-modified
Sun, 31 Jul 2022 00:00:15 GMT
x-file-name
convert.png
x-timer
S1660703678.110242,VS0,VE3
etag
"87766bdb2959bf7bfcfff6bd23cfc694"
access-control-max-age
21600
access-control-allow-methods
GET, POST
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=2457885
filestack-trace-id
1659446114-An3NZS7SHw
accept-ranges
bytes
access-control-allow-headers
Content-Type, X-No-Stream
x-cache-hits
1, 1
b25ab6d4f984403eb33ebac1b4f93be9
process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:705/https://file-uploads.teachablecdn.com/0378443291a24448a59e214c2b42daf1/ 		698 KB
698 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:705/https://file-uploads.teachablecdn.com/0378443291a24448a59e214c2b42daf1/b25ab6d4f984403eb33ebac1b4f93be9
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6a3d88f220ab02037ae284961796aeaaf088eeccde8526169da0cd325ea0640a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 varnish, 1.1 varnish
age
120386
x-cache
HIT, HIT
content-disposition
inline; filename="convert.png"
content-length
714436
x-served-by
cache-iad-kjyo7100104-IAD, cache-hhn4045-HHN
last-modified
Sun, 31 Jul 2022 00:00:15 GMT
x-file-name
convert.png
x-timer
S1660703678.110208,VS0,VE3
etag
"e43d314875d39976585af9c49b99a669"
access-control-max-age
21600
access-control-allow-methods
GET, POST
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=1320708
filestack-trace-id
1660583292-oXQknl0NS6
accept-ranges
bytes
access-control-allow-headers
Content-Type, X-No-Stream
x-cache-hits
1, 1
m1LelZHRTMyEL85kmU6w
process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:30,height:30/https://cdn.filestackcontent.com/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:30,height:30/https://cdn.filestackcontent.com/m1LelZHRTMyEL85kmU6w
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a2c8feaafda35d506cde90249bce2b3761a558cd949e82d9f0e0960968277ab2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 varnish, 1.1 varnish
age
647803
x-cache
HIT, HIT
content-disposition
inline; filename="cartoon me.png"
content-length
2194
x-served-by
cache-iad-kcgs7200170-IAD, cache-hhn4045-HHN
last-modified
Wed, 03 Aug 2022 00:00:07 GMT
x-file-name
cartoon me.png
x-timer
S1660703678.112041,VS0,VE1
etag
"aeb02a00c5109e0038df426242887679"
access-control-max-age
21600
access-control-allow-methods
GET, POST
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=2107326
filestack-trace-id
1660055874-Qbnx3yfT46
accept-ranges
bytes
access-control-allow-headers
Content-Type, X-No-Stream
x-cache-hits
1, 1
e2b90261e97c484f86e24a45072f40a4
process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:705/https://file-uploads.teachablecdn.com/75803aecc6544dff87a159aaded936f1/ 		686 KB
687 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:705/https://file-uploads.teachablecdn.com/75803aecc6544dff87a159aaded936f1/e2b90261e97c484f86e24a45072f40a4
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d797b3fa2f45f5c7cf598c127a170de3258cae6eaf21f42cb00939f4ba82abf8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 varnish, 1.1 varnish
age
1268074
x-cache
HIT, HIT
content-disposition
inline; filename="convert.png"
content-length
702610
x-served-by
cache-iad-kiad7000051-IAD, cache-hhn4045-HHN
last-modified
Sun, 31 Jul 2022 00:00:14 GMT
x-file-name
convert.png
x-timer
S1660703678.112023,VS0,VE2
etag
"33244ffb2356e86a8d11b20caf630e1b"
access-control-max-age
21600
access-control-allow-methods
GET, POST
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=2468396
filestack-trace-id
1659435604-3EKOYMmpQe
accept-ranges
bytes
access-control-allow-headers
Content-Type, X-No-Stream
x-cache-hits
1, 1
5HQGCtxMSxOIPtefv9S8
process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:30,height:30/https://cdn.filestackcontent.com/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:30,height:30/https://cdn.filestackcontent.com/5HQGCtxMSxOIPtefv9S8
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
7a5b6e998670df0273c4b67c4870df1c88ab69937aa7ecfdc50dc818b9aaa8c2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 varnish, 1.1 varnish
age
441259
x-cache
HIT, HIT
content-disposition
inline; filename="riley-trainer.png"
content-length
1448
x-served-by
cache-iad-kiad7000101-IAD, cache-hhn4045-HHN
last-modified
Tue, 12 Jul 2022 00:00:34 GMT
x-file-name
riley-trainer.png
x-timer
S1660703678.112007,VS0,VE1
etag
"77fcb72c561209ac9f086da0250cc48f"
access-control-max-age
21600
access-control-allow-methods
GET, POST
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=826796
filestack-trace-id
1659435604-vwi1TdU5Qy
accept-ranges
bytes
access-control-allow-headers
Content-Type, X-No-Stream
x-cache-hits
1, 1
987a11780f304270b1ff713ceed7517e
process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:705/https://file-uploads.teachablecdn.com/ca913777c7834117921514f999bce5f1/ 		691 KB
691 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:705/https://file-uploads.teachablecdn.com/ca913777c7834117921514f999bce5f1/987a11780f304270b1ff713ceed7517e
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
dcedb3812a6ae70a3ccd8c00a74c3e600673cadc29cfa54dbe94231ec947a5e9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 varnish, 1.1 varnish
age
1478065
x-cache
HIT, MISS
content-disposition
inline; filename="convert.png"
content-length
707437
x-served-by
cache-iad-kcgs7200051-IAD, cache-hhn4045-HHN
last-modified
Thu, 30 Jun 2022 00:00:08 GMT
x-file-name
convert.png
x-timer
S1660703678.111987,VS0,VE99
etag
"79cdab1aedb9a797b0b61c10bc051b20"
access-control-max-age
21600
access-control-allow-methods
GET, POST
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=139515
filestack-trace-id
1659086085-B1KSvB8HSQ
accept-ranges
bytes
access-control-allow-headers
Content-Type, X-No-Stream
x-cache-hits
1, 0
wfHWCNhjRDOPDY0jRupo
process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:30,height:30/https://cdn.filestackcontent.com/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:30,height:30/https://cdn.filestackcontent.com/wfHWCNhjRDOPDY0jRupo
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
38103eb92431874f325d7798693d904e79b2fbfc86ddd4f561babf16efff965f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 varnish, 1.1 varnish
age
1910037
x-cache
HIT, HIT
content-disposition
inline; filename="eskridge-headshot-2020-08-cropped.jpg"
content-length
17182
x-served-by
cache-iad-kiad7000166-IAD, cache-hhn4045-HHN
last-modified
Sat, 25 Jun 2022 00:00:24 GMT
x-file-name
eskridge-headshot-2020-08-cropped.jpg
x-timer
S1660703678.111971,VS0,VE1
etag
"2fd65003f737d694944c93bc9a8a6441"
access-control-max-age
21600
access-control-allow-methods
GET, POST
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=2383022
filestack-trace-id
1656410578-yXeX2nWFTM
accept-ranges
bytes
access-control-allow-headers
Content-Type, X-No-Stream
x-cache-hits
1, 1
5f2fe14cf2c34f789efa4605b5036732
process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:705/https://file-uploads.teachablecdn.com/76120cc74c4d42cca1cb433eaa3eaef1/ 		710 KB
710 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:705/https://file-uploads.teachablecdn.com/76120cc74c4d42cca1cb433eaa3eaef1/5f2fe14cf2c34f789efa4605b5036732
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f275bd520060f60bea214bfd1c7e135ff3b8c8c085c914f20c144c800a3e7e5b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 varnish, 1.1 varnish
age
677993
x-cache
HIT, HIT
content-disposition
inline; filename="convert.png"
content-length
726683
x-served-by
cache-iad-kjyo7100044-IAD, cache-hhn4045-HHN
last-modified
Sun, 31 Jul 2022 00:00:15 GMT
x-file-name
convert.png
x-timer
S1660703678.111953,VS0,VE1
etag
"3f1f426e111715454e2c82048ff35149"
access-control-max-age
21600
access-control-allow-methods
GET, POST
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=1878315
filestack-trace-id
1660025685-dLc27PLgQM
accept-ranges
bytes
access-control-allow-headers
Content-Type, X-No-Stream
x-cache-hits
1, 1
vQ2V5jYBSayglwVTbfZ1
process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:30,height:30/https://cdn.filestackcontent.com/ 		24 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:30,height:30/https://cdn.filestackcontent.com/vQ2V5jYBSayglwVTbfZ1
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
7046d0438404a622e7f8c06770dc9236bb97dabeb2661f2a44d386738b5f64c2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 varnish, 1.1 varnish
age
1277721
x-cache
HIT, HIT
content-disposition
inline; filename="20211018_102451.jpg"
content-length
24807
x-served-by
cache-iad-kiad7000168-IAD, cache-hhn4045-HHN
last-modified
Sat, 30 Jul 2022 00:00:21 GMT
x-file-name
20211018_102451.jpg
x-timer
S1660703678.111937,VS0,VE1
etag
"30c3a82ff6727e908cafe5235cf9bae7"
access-control-max-age
21600
access-control-allow-methods
GET, POST
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=2391643
filestack-trace-id
1659425957-mjSYhmT29w
accept-ranges
bytes
access-control-allow-headers
Content-Type, X-No-Stream
x-cache-hits
1, 1
c120987ce294445d87c5986f4bb8c557
process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:705/https://file-uploads.teachablecdn.com/2cf50f8f2d924b7b98be27cee1cb1ef1/ 		695 KB
696 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:705/https://file-uploads.teachablecdn.com/2cf50f8f2d924b7b98be27cee1cb1ef1/c120987ce294445d87c5986f4bb8c557
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
5caa7692d5182231b36c7073fa0bb292145bbd8e92646154572f29b57d455146

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 varnish, 1.1 varnish
age
563013
x-cache
HIT, HIT
content-disposition
inline; filename="convert.png"
content-length
712074
x-served-by
cache-iad-kiad7000144-IAD, cache-hhn4045-HHN
last-modified
Sun, 31 Jul 2022 00:00:14 GMT
x-file-name
convert.png
x-timer
S1660703678.111941,VS0,VE3
etag
"62849551436a2c2ba095a5204fc307e7"
access-control-max-age
21600
access-control-allow-methods
GET, POST
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=1763336
filestack-trace-id
1660140663-R0fytebMQM
accept-ranges
bytes
access-control-allow-headers
Content-Type, X-No-Stream
x-cache-hits
1, 1
1683e47b8ce942e4a5bc9520add0a7f4
process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:705/https://file-uploads.teachablecdn.com/6339e68638d24a4a9d4dfa9badd264f1/ 		667 KB
668 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:705/https://file-uploads.teachablecdn.com/6339e68638d24a4a9d4dfa9badd264f1/1683e47b8ce942e4a5bc9520add0a7f4
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b6c5f3412cc179862779c904f4c36735e83213ec2cb3967e67908a8fd5f4f9a2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 varnish, 1.1 varnish
age
1478063
x-cache
HIT, MISS
content-disposition
inline; filename="convert.png"
content-length
682918
x-served-by
cache-iad-kiad7000131-IAD, cache-hhn4045-HHN
last-modified
Thu, 30 Jun 2022 00:00:07 GMT
x-file-name
convert.png
x-timer
S1660703678.111903,VS0,VE98
etag
"9fe723e5cd0103d7686b6f4f17122264"
access-control-max-age
21600
access-control-allow-methods
GET, POST
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=129802
filestack-trace-id
1659095798-8b7MJtsHQY
accept-ranges
bytes
access-control-allow-headers
Content-Type, X-No-Stream
x-cache-hits
1, 0
f17cdf5bb7cc45d395d3c1e727204895
process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:30,height:30/https://file-uploads.teachablecdn.com/19a1a0222e0a425fb2ac0187a7c9abf1/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:30,height:30/https://file-uploads.teachablecdn.com/19a1a0222e0a425fb2ac0187a7c9abf1/f17cdf5bb7cc45d395d3c1e727204895
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0d4e96dda38bac6f972c4c3cc2a923aa461162757a33801aa80b735562c59f0c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 varnish, 1.1 varnish
age
1268072
x-cache
HIT, HIT
content-disposition
inline; filename="convert.png"
content-length
2480
x-served-by
cache-iad-kiad7000028-IAD, cache-hhn4045-HHN
last-modified
Wed, 27 Jul 2022 00:00:18 GMT
x-file-name
convert.png
x-timer
S1660703678.111876,VS0,VE1
etag
"0ce62cd23a139e86cbb5f0c8082b0eab"
access-control-max-age
21600
access-control-allow-methods
GET, POST
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=2122795
filestack-trace-id
1659435605-0d3nTtGSgq
accept-ranges
bytes
access-control-allow-headers
Content-Type, X-No-Stream
x-cache-hits
2, 1
46e69eed100e450aa40db445163dd37e
process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:705/https://file-uploads.teachablecdn.com/bbdf31356f1842078fadddec98a1a3f1/ 		662 KB
663 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:705/https://file-uploads.teachablecdn.com/bbdf31356f1842078fadddec98a1a3f1/46e69eed100e450aa40db445163dd37e
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
41cf900209d7c32c874e4dfcfca3659caa74a5e4d1615d238a2eff59e9c255b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 varnish, 1.1 varnish
age
1737271
x-cache
HIT, HIT
content-disposition
inline; filename="convert.png"
content-length
678175
x-served-by
cache-iad-kiad7000052-IAD, cache-hhn4045-HHN
last-modified
Mon, 27 Jun 2022 06:25:42 GMT
x-file-name
convert.png
x-timer
S1660703678.111864,VS0,VE1
etag
"60cef0763dab9e1f6e85ac565d92a57d"
access-control-max-age
21600
access-control-allow-methods
GET, POST
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=2454702
filestack-trace-id
1656511697-HECWtjzETc
accept-ranges
bytes
access-control-allow-headers
Content-Type, X-No-Stream
x-cache-hits
1, 1
f3c93a2c8bf041f5b4fdc8ebae7fd0f5
process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:30,height:30/https://file-uploads.teachablecdn.com/39de98626f2b4bc686e29e7446a168f1/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:30,height:30/https://file-uploads.teachablecdn.com/39de98626f2b4bc686e29e7446a168f1/f3c93a2c8bf041f5b4fdc8ebae7fd0f5
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
579dc862c02e0e48d3ed0b94d2252ce2357b4d874494621795d099509d016e87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 varnish, 1.1 varnish
age
1522175
x-cache
HIT, HIT
content-disposition
inline; filename="convert.png"
content-length
3058
x-served-by
cache-iad-kjyo7100096-IAD, cache-hhn4045-HHN
last-modified
Thu, 28 Jul 2022 00:00:08 GMT
x-file-name
convert.png
x-timer
S1660703678.111844,VS0,VE1
etag
"3c4cfbee1d2a257599ca79443a975f03"
access-control-max-age
21600
access-control-allow-methods
GET, POST
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=2463297
filestack-trace-id
1659181503-Fde3Gx4RCK
accept-ranges
bytes
access-control-allow-headers
Content-Type, X-No-Stream
x-cache-hits
1, 1
f85789de5a324cb9bcdcca9ed9871d47
process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:705/https://file-uploads.teachablecdn.com/e6576bf49e5f429e8dd694cb0c3f65f1/ 		689 KB
690 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:705/https://file-uploads.teachablecdn.com/e6576bf49e5f429e8dd694cb0c3f65f1/f85789de5a324cb9bcdcca9ed9871d47
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
7b7c2690c9ca4cbe06aca9ba77e639a6724e9a9d116df6188447758fa12ca171

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 varnish, 1.1 varnish
age
1478063
x-cache
HIT, MISS
content-disposition
inline; filename="convert.png"
content-length
706031
x-served-by
cache-iad-kjyo7100062-IAD, cache-hhn4045-HHN
last-modified
Thu, 30 Jun 2022 00:00:08 GMT
x-file-name
convert.png
x-timer
S1660703678.111830,VS0,VE186
etag
"8a4ef65802a66c594854d3f93f947a41"
access-control-max-age
21600
access-control-allow-methods
GET, POST
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=117484
filestack-trace-id
1659108116-4G85gTXhS3
accept-ranges
bytes
access-control-allow-headers
Content-Type, X-No-Stream
x-cache-hits
1, 0
a9737a9021b44f1e92887d6dd08fc941
process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:705/https://file-uploads.teachablecdn.com/5e37125588be4c5aa18154f114476cf1/ 		690 KB
691 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://process.fs.teachablecdn.com/ADNupMnWyR7kCWRvm76Laz/resize=width:705/https://file-uploads.teachablecdn.com/5e37125588be4c5aa18154f114476cf1/a9737a9021b44f1e92887d6dd08fc941
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
efa5c224b5bb9179538601dacc986518df24869e453693c901c4ea6ef2fde733

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 varnish, 1.1 varnish
age
1478063
x-cache
HIT, MISS
content-disposition
inline; filename="convert.png"
content-length
707070
x-served-by
cache-iad-kcgs7200141-IAD, cache-hhn4045-HHN
last-modified
Thu, 30 Jun 2022 00:00:07 GMT
x-file-name
convert.png
x-timer
S1660703678.111810,VS0,VE136
etag
"89aa60d82dc2efe4a28247f1dd4d9604"
access-control-max-age
21600
access-control-allow-methods
GET, POST
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=66987
filestack-trace-id
1659158613-Q1eC58xrS7
accept-ranges
bytes
access-control-allow-headers
Content-Type, X-No-Stream
x-cache-hits
1, 0
analytics.js
academy.tcm-sec.com/ 		462 KB
108 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://academy.tcm-sec.com/analytics.js
Requested by
Host: fedora.teachablecdn.com
URL: https://fedora.teachablecdn.com/packs/pages--c6788e63b98d1b0599bc.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6813:ee75 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c365154080aea66d173c32b657e68ceace8f4dc593f9a1e681a224fba8e70fe
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/p/practical-malware-analysis-triage
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
x-permitted-cross-domain-policies
none
age
157626
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 23 Mar 2021 20:22:36 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
x-download-options
noopen
content-type
application/javascript
vary
Accept-Encoding
cache-control
public, max-age=31536000
cf-ray
73bf0303ae4c90ee-FRA
expires
Thu, 17 Aug 2023 02:34:38 GMT
heap-318805607.js
cdn.heapanalytics.com/js/ 		115 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.heapanalytics.com/js/heap-318805607.js
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-24.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
fc978b9a445fbf02daa00cc849478d636f6ebd1995d565e2add0c7de150c35fb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:32:39 GMT
content-encoding
gzip
server
nginx
age
119
etag
W/"1cdfc-M0wRD3tXcgZE6Qwwzu408A"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
via
1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
cache-control
public, max-age=120
x-amz-cf-pop
FRA60-P1
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-id
eaT2fsk138RhmfXNuWA6k-Ci8BUGvrDVWM2uuSOggWBwyFiWgTDoNg==
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
5558
date
Wed, 17 Aug 2022 01:02:00 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Wed, 17 Aug 2022 03:02:00 GMT
proximanova-regular-webfont.woff
assets.teachablecdn.com/fonts/proxima-nova/ 		24 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.teachablecdn.com/fonts/proxima-nova/proximanova-regular-webfont.woff?1307578394
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:8e97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ebda27da1972d2a59b09aeed9f9124fbba73a685904ad5b7bd3433eb0ddea151

Request headers

Referer
https://academy.tcm-sec.com/
Origin
https://academy.tcm-sec.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 96ab38d99b79d57e5c7e9b8a07c0fad2.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
10147754
x-amz-server-side-encryption
AES256
cf-ray
73bf03040ae99113-FRA
x-cache
Hit from cloudfront
access-control-allow-methods
GET
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 13 Dec 2021 20:42:10 GMT
server
cloudflare
etag
W/"20b5e0eef2ef704cbe593f8ed37af8fd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nI%2F%2BA4p9tNxOJo2IPkh%2BqX0xnjzdoronwDobh6RBEFHoBbPkEabBJyMntSCDqHgscEbmE2tK6DGqVticOjTT9yfpbJvgFt9JLAJVmKnMEpo6F%2FqmsJknsqnGbhcGqgWbZzR2lPZ%2BvA3vo0yWhgoMR0He9fhqnw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
tKlvV3gwhIARc_hMX696ksCnt9NwYZ6f
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-amz-cf-pop
FRA2-C1
content-type
application/font-woff
x-amz-cf-id
0HxKofAwUvYe5IZa8FeNtrnWz9cK_6duIR29ZLkmdGUl2-EPRsD2aQ==
recaptcha__de.js
www.gstatic.com/recaptcha/releases/mq0-U1BHZ5YTcoDC-CvsLPNc/ 		386 KB
154 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/mq0-U1BHZ5YTcoDC-CvsLPNc/recaptcha__de.js
Requested by
Host: www.recaptcha.net
URL: https://www.recaptcha.net/recaptcha/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5cde27396c8c483c599d4162e29f219dbad91728edacc8f91410cc818a91046b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://academy.tcm-sec.com/
Origin
https://academy.tcm-sec.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 00:35:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
7169
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
157356
x-xss-protection
0
last-modified
Mon, 08 Aug 2022 08:12:45 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 17 Aug 2023 00:35:09 GMT
proximanova-bold-webfont.woff
assets.teachablecdn.com/fonts/proxima-nova/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.teachablecdn.com/fonts/proxima-nova/proximanova-bold-webfont.woff?1307578394
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:8e97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2123e5ea1ef093069cf54eee5341feb955d2451f4f91bfabc085a54cfbdf57c8

Request headers

Referer
https://academy.tcm-sec.com/
Origin
https://academy.tcm-sec.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 1cc446ef4692d8e752b16c07f2f58a58.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1105424
x-amz-server-side-encryption
AES256
cf-ray
73bf03041af79113-FRA
x-cache
Hit from cloudfront
access-control-allow-methods
GET
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 18 May 2022 03:53:08 GMT
server
cloudflare
etag
W/"4d586ea0e3d15ec648bfc84bfb56181a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3%2FOW5njHhskTwJv83O8ZhmFsKKWaQ0pcAibioRsgmGOp38gmPtTEUkBRzEvCSUlKPRcCzf9WPpiDKS7wpKS1P327G7rONLnRmZQowiju32%2Fg7v2Kf6XjHp%2B5m1KE3LT0B%2B6f0yynS2DUT%2FKRsLgBtQyOp4KiyA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
v1QKsfSSsYqHfZm2ZAdpxSf4kCW7hZ2g
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-amz-cf-pop
FRA53-C1
content-type
application/font-woff
x-amz-cf-id
cUNU89psfQfd_OxkmCpdyzpBmT9RNI4yfScSk6c8KwnPDlvc4IV-vA==
proximanova-semibold-webfont.woff
assets.teachablecdn.com/fonts/proxima-nova/ 		24 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.teachablecdn.com/fonts/proxima-nova/proximanova-semibold-webfont.woff?1307578394
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:8e97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a2108a98309ea936244b711b68b758be0278500e047a5200d1eca370c65e6f38

Request headers

Referer
https://academy.tcm-sec.com/
Origin
https://academy.tcm-sec.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 172e63b20fb363ed969de28ae3937e20.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
10147754
x-amz-server-side-encryption
AES256
cf-ray
73bf03041af89113-FRA
x-cache
Hit from cloudfront
access-control-allow-methods
GET
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Fri, 11 Mar 2022 15:51:01 GMT
server
cloudflare
etag
W/"767e848cc38bd0b4536edb739db09cf1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n5xPuvKY0XhDWET4ruV8LaruLT1iyQLU7W6FGulZgABuNuD1QXiluqsI14EC%2FznuFL9UcyKDY3BEu9%2Big2YDV0jRixNXLdMGKlnXHd7TMg1eL5JPsNpiOqqDfM1VSaMRdRBcgE%2Fbi%2BV%2FJAMbIqGVkk7VhG5xIg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
YqOVjRyyozYy2Y1eUd8DAAcTnexKvUUk
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-amz-cf-pop
FRA2-C1
content-type
application/font-woff
x-amz-cf-id
KuP8JMk1ijyOK8E3fH9oW2MVP9W2l0TiQ1GPsKE-nB5oCnsfkPA5jw==
proximanova-light-webfont.woff
assets.teachablecdn.com/fonts/proxima-nova/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.teachablecdn.com/fonts/proxima-nova/proximanova-light-webfont.woff?1307578394
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:8e97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f39c4a89353f1407cabb2631698d3db1603ba2be84e3a482a667585080b9637

Request headers

Referer
https://academy.tcm-sec.com/
Origin
https://academy.tcm-sec.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 5076c8187f430eebe5e26fc594d6125a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
10147754
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
font/woff
access-control-allow-methods
GET
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
24240
last-modified
Tue, 12 Oct 2021 17:35:38 GMT
server
cloudflare
etag
"535887f2ccd123d7394212a0e9178eba"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dERbf0pE0hm44yBv8c6Aw%2BYzKiEt1sYun7Q39SeAXMLpmFGBIizKEQeLYJD57kXoXa8hay14y304a10JAVPnk5Dtz%2FIYAvFDhyubW6r1NpxlrFfDGTT8LB%2BY8KxsjGKFY9gbZsGLkj%2FM3GwIGxPDNLgEM8509A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
ovVgruK1z0dP.iml57RoarOe4jE_vdxH
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
cf-ray
73bf03041af99113-FRA
x-amz-cf-id
AzZXgDtw58WQpCYx_prBnmVjP5Nt_kPPJ_6uHyXP3aUKCRMkVvcr8w==
proximanova-regitalic-webfont.woff
assets.teachablecdn.com/fonts/proxima-nova/ 		26 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.teachablecdn.com/fonts/proxima-nova/proximanova-regitalic-webfont.woff?1307578394
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:8e97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5c9aea21cdc724c955cf01821d3578222795d2c8bebb4d4fd86572f8c532313a

Request headers

Referer
https://academy.tcm-sec.com/
Origin
https://academy.tcm-sec.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
via
1.1 eca56eada7885f8195ee4db13cd72cc2.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
137233
x-amz-server-side-encryption
AES256
cf-ray
73bf03041afb9113-FRA
x-cache
Hit from cloudfront
access-control-allow-methods
GET
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 18 May 2022 03:53:08 GMT
server
cloudflare
etag
W/"b843c0e796eb013b80bd8510fb819c9b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VbedyL%2BzAzj%2F7WiSFe6v42zMCWtMna6xSRGpeOowb4kdC0FlWuvHLZ8urI5lAXPob%2Fz6gNfB7iN%2FbyukVHNV3EAxvTL3AGLUIyY5js5xU%2FUwffwAyNXD058jgWtbLwd%2BHSKDT0a3KsgN641RRjkf5QbVGZp0jA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
SW7bzMVQ82wLxLZ.262pihqxNf.fzKHe
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-amz-cf-pop
DUS51-P1
content-type
application/font-woff
x-amz-cf-id
hoPWK-wvuLZtUvPBonWXR8P9ZUnbYPx7-illhjIGiaCJZHtn96-bIA==
/
eventable.teachable.cloud/add/fedora-student/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://eventable.teachable.cloud/add/fedora-student/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.224.197.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-224-197-190.compute-1.amazonaws.com
Software
uvicorn /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://academy.tcm-sec.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
DELETE, GET, OPTIONS, PATCH, POST, PUT
access-control-allow-origin
*
access-control-max-age
600
content-length
2
content-type
text/plain; charset=utf-8
date
Wed, 17 Aug 2022 02:34:38 GMT
server
uvicorn
/
eventable.teachable.cloud/add/fedora-student/ 		4 B
140 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://eventable.teachable.cloud/add/fedora-student/
Requested by
Host: fedora.teachablecdn.com
URL: https://fedora.teachablecdn.com/packs/pages--c6788e63b98d1b0599bc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.224.197.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-224-197-190.compute-1.amazonaws.com
Software
uvicorn /
Resource Hash
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b

Request headers

Referer
https://academy.tcm-sec.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
application/json

Response headers

access-control-allow-origin
*
date
Wed, 17 Aug 2022 02:34:38 GMT
access-control-allow-credentials
true
server
uvicorn
content-length
4
content-type
application/json
vat_adjusted_prices
academy.tcm-sec.com/api/v2/pricing_plans/ 		89 B
733 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://academy.tcm-sec.com/api/v2/pricing_plans/vat_adjusted_prices?product_ids[]=3494033
Requested by
Host: fedora.teachablecdn.com
URL: https://fedora.teachablecdn.com/packs/pages--c6788e63b98d1b0599bc.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6813:ee75 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a18f05f405713318170377be291f70238e61474659b1f876f9ff5bf205f3c32d
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://academy.tcm-sec.com/p/practical-malware-analysis-triage
x-csrf-token
YgJxYqzPG27/pYMGtGrzhxNGErgfNQLRlk7X7ZobtE+4feg8Wt2frWlW7h1afYqhJP8Al6QBRI82pQVjukaZEg==
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
content-type
application/json

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-fedora-school-id
770707
x-permitted-cross-domain-policies
none
cf-cache-status
DYNAMIC
access-control-allow-methods
GET
strict-transport-security
max-age=0
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
69a03e90-b831-4783-a180-6fdf6507f11b
x-runtime
0.025257
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"a18f05f405713318170377be291f7023"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
1728000
x-download-options
noopen
content-type
application/json; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
max-age=0, private, must-revalidate
cf-ray
73bf03045eb490ee-FRA
access-control-allow-headers
X-Requested-With, X-Prototype-Version, Content-Type
vat_adjusted_prices
academy.tcm-sec.com/api/v2/pricing_plans/ 		1 KB
826 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://academy.tcm-sec.com/api/v2/pricing_plans/vat_adjusted_prices?product_ids[]=2474215&product_ids[]=2474209&product_ids[]=2474363&product_ids[]=2636267&product_ids[]=3009976&product_ids[]=3214862&product_ids[]=3233100&product_ids[]=3493929&product_ids[]=3509819&product_ids[]=3620671&product_ids[]=4047886&product_ids[]=4105565&product_ids[]=3245052&product_ids[]=3234228
Requested by
Host: fedora.teachablecdn.com
URL: https://fedora.teachablecdn.com/packs/pages--c6788e63b98d1b0599bc.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6813:ee75 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ac0be7205df4601f8c42a442b74c74daf8ab53a4c20144b9406c5618e66f49a1
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://academy.tcm-sec.com/p/practical-malware-analysis-triage
x-csrf-token
YgJxYqzPG27/pYMGtGrzhxNGErgfNQLRlk7X7ZobtE+4feg8Wt2frWlW7h1afYqhJP8Al6QBRI82pQVjukaZEg==
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
content-type
application/json

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-fedora-school-id
770707
x-permitted-cross-domain-policies
none
cf-cache-status
DYNAMIC
access-control-allow-methods
GET
strict-transport-security
max-age=0
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
a74c80b5-0eb2-4d42-abc0-6e85902d770f
x-runtime
0.053285
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"ac0be7205df4601f8c42a442b74c74da"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
1728000
x-download-options
noopen
content-type
application/json; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
max-age=0, private, must-revalidate
cf-ray
73bf03045eb690ee-FRA
access-control-allow-headers
X-Requested-With, X-Prototype-Version, Content-Type
conversion_async.js
www.googleadservices.com/pagead/ 		40 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-739575465
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
ffb169c682184887e61fbb92375424273436b8638ffb1b98779b24842a72cdbf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15380
x-xss-protection
0
server
cafe
etag
14955335288317425560
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 17 Aug 2022 02:34:38 GMT
js
www.googletagmanager.com/gtag/ 		199 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-MSQ5G329C3&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-140849018-1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f6a00b16ca1c815faad496ec40e4d37ed3f98bbaa107ae66bd5c2c2a8cf96a1a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
72569
x-xss-protection
0
expires
Wed, 17 Aug 2022 02:34:38 GMT
result
academy.tcm-sec.com/cdn-cgi/bm/cv/ 		0
454 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://academy.tcm-sec.com/cdn-cgi/bm/cv/result?req_id=73bf02ffe8b39113
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/cdn-cgi/bm/cv/669835187/api.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6813:ee75 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://academy.tcm-sec.com/p/practical-malware-analysis-triage
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 17 Aug 2022 02:34:38 GMT
server
cloudflare
cf-ray
73bf03055f4a90ee-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
ecommerce.js
www.google-analytics.com/plugins/ua/ 		1 KB
763 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/plugins/ua/ecommerce.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:02:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1919
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
738
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Wed, 17 Aug 2022 03:02:39 GMT
ec.js
www.google-analytics.com/plugins/ua/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/plugins/ua/ec.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:00:18 GMT
content-encoding
br
x-content-type-options
nosniff
age
2060
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1129
x-xss-protection
0
last-modified
Thu, 30 Dec 2021 12:48:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Wed, 17 Aug 2022 03:00:18 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/739575465/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/739575465/?random=1660703678421&cv=9&fst=1660703678421&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa8f0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Facademy.tcm-sec.com%2Fp%2Fpractical-malware-analysis-triage&tiba=Practical%20Malware%20Analysis%20%26%20Triage%20%7C%20TCM%20Security%2C%20Inc.&auid=255276417.1660703678&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a9fcaabb4d63ae32b7932be2936f10c54de694f64e6cce1bb19277007edc458e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 17 Aug 2022 02:34:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1085
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.google-analytics.com/g/ 		0
349 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-MSQ5G329C3&gtm=2oe8f0&_p=327708577&cid=1915023363.1660703678&ul=en-us&sr=1600x1200&_z=ccd.v9B&_s=1&sid=1660703678&sct=1&seg=0&dl=https%3A%2F%2Facademy.tcm-sec.com%2Fp%2Fpractical-malware-analysis-triage&dt=Practical%20Malware%20Analysis%20%26%20Triage%20%7C%20TCM%20Security%2C%20Inc.&en=page_view&_fv=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-MSQ5G329C3&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 17 Aug 2022 02:34:38 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://academy.tcm-sec.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		4 B
24 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=0&a=327708577&t=pageview&_s=1&dl=https%3A%2F%2Facademy.tcm-sec.com%2Fp%2Fpractical-malware-analysis-triage&ul=en-us&de=UTF-8&dt=Practical%20Malware%20Analysis%20%26%20Triage%20%7C%20TCM%20Security%2C%20Inc.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBACEIZBAAAAC~&jid=808423539&gjid=975283454&cid=1915023363.1660703678&tid=UA-44397410-1&_gid=836395137.1660703678&_r=1&_slc=1&z=736956715
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://academy.tcm-sec.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 17 Aug 2022 02:34:38 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://academy.tcm-sec.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		4 B
24 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=0&a=327708577&t=pageview&_s=1&dl=https%3A%2F%2Facademy.tcm-sec.com%2Fp%2Fpractical-malware-analysis-triage&ul=en-us&de=UTF-8&dt=Practical%20Malware%20Analysis%20%26%20Triage%20%7C%20TCM%20Security%2C%20Inc.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDACEIZBAAAAC~&jid=156917983&gjid=144873874&cid=1915023363.1660703678&tid=UA-44397410-4&_gid=836395137.1660703678&_r=1&_slc=1&z=418919756
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://academy.tcm-sec.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 17 Aug 2022 02:34:38 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://academy.tcm-sec.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=327708577&t=pageview&_s=1&dl=https%3A%2F%2Facademy.tcm-sec.com%2Fp%2Fpractical-malware-analysis-triage&ul=en-us&de=UTF-8&dt=Practical%20Malware%20Analysis%20%26%20Triage%20%7C%20TCM%20Security%2C%20Inc.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDACUIZBAAAAC~&jid=1139509597&gjid=1424785231&cid=1915023363.1660703678&tid=UA-140849018-1&_gid=836395137.1660703678&_r=1&gtm=2ou8f0&z=790558671
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://academy.tcm-sec.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 17 Aug 2022 02:34:38 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://academy.tcm-sec.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
444 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-44397410-1&cid=1915023363.1660703678&jid=808423539&gjid=975283454&_gid=836395137.1660703678&_u=aGBACEIYBAAAAC~&z=774189522
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://academy.tcm-sec.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Wed, 17 Aug 2022 02:34:38 GMT
content-type
text/plain
access-control-allow-origin
https://academy.tcm-sec.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/739575465/ 		42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/739575465/?random=1660703678421&cv=9&fst=1660701600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa8f0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Facademy.tcm-sec.com%2Fp%2Fpractical-malware-analysis-triage&tiba=Practical%20Malware%20Analysis%20%26%20Triage%20%7C%20TCM%20Security%2C%20Inc.&async=1&fmt=3&is_vtc=1&random=3384253393&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 17 Aug 2022 02:34:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/739575465/ 		42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/739575465/?random=1660703678421&cv=9&fst=1660701600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa8f0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Facademy.tcm-sec.com%2Fp%2Fpractical-malware-analysis-triage&tiba=Practical%20Malware%20Analysis%20%26%20Triage%20%7C%20TCM%20Security%2C%20Inc.&async=1&fmt=3&is_vtc=1&random=3384253393&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 17 Aug 2022 02:34:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
70 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-44397410-4&cid=1915023363.1660703678&jid=156917983&gjid=144873874&_gid=836395137.1660703678&_u=aGDACEIZBAAAAC~&z=1570667960
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://academy.tcm-sec.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Wed, 17 Aug 2022 02:34:38 GMT
content-type
text/plain
access-control-allow-origin
https://academy.tcm-sec.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
70 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-140849018-1&cid=1915023363.1660703678&jid=1139509597&gjid=1424785231&_gid=836395137.1660703678&_u=aGDACUIZBAAAAC~&z=1300111028
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://academy.tcm-sec.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Wed, 17 Aug 2022 02:34:38 GMT
content-type
text/plain
access-control-allow-origin
https://academy.tcm-sec.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-44397410-1&cid=1915023363.1660703678&jid=808423539&_u=aGBACEIYBAAAAC~&z=1221607609
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 17 Aug 2022 02:34:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-44397410-1&cid=1915023363.1660703678&jid=808423539&_u=aGBACEIYBAAAAC~&z=1221607609
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 17 Aug 2022 02:34:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-44397410-4&cid=1915023363.1660703678&jid=156917983&_u=aGDACEIZBAAAAC~&z=819197131
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 17 Aug 2022 02:34:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-44397410-4&cid=1915023363.1660703678&jid=156917983&_u=aGDACEIZBAAAAC~&z=819197131
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 17 Aug 2022 02:34:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-140849018-1&cid=1915023363.1660703678&jid=1139509597&_u=aGDACUIZBAAAAC~&z=1988673245
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 17 Aug 2022 02:34:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-140849018-1&cid=1915023363.1660703678&jid=1139509597&_u=aGDACUIZBAAAAC~&z=1988673245
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 17 Aug 2022 02:34:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
h
heapanalytics.com/ 		37 B
259 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://heapanalytics.com/h?a=318805607&u=1785286616106578&v=5292212806341413&s=4027417439412987&b=web&tv=4.0&z=0&h=%2Fp%2Fpractical-malware-analysis-triage&d=academy.tcm-sec.com&t=Practical%20Malware%20Analysis%20%26%20Triage%20%7C%20TCM%20Security%2C%20Inc.&ts=1660703678614&st=1660703678616
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.173.121.96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-173-121-96.compute-1.amazonaws.com
Software
nginx /
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 17 Aug 2022 02:34:38 GMT
server
nginx
etag
W/"25-PqzQEyMQ6kTK11azeKO8Bw"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-length
37
s.js
cdn.sift.com/ 		61 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.sift.com/s.js
Requested by
Host: academy.tcm-sec.com
URL: https://academy.tcm-sec.com/p/practical-malware-analysis-triage
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.67.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
224.67.96.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
7921df86278b7fa9be0cbd78d9990071763ec4e9e88aaff2c3d466723090b8ae

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Tue, 16 Aug 2022 16:06:31 GMT
content-encoding
gzip
age
37688
x-guploader-uploadid
ADPycdsBgYIDNfkhirClTIc2E36aehxwsc64RyrbrS5sHGY6RkJs5QN_y-ycin1zVkr7SSxLiZe9JtCZnV23OcCi_27oDg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20452
last-modified
Thu, 09 Apr 2020 21:59:13 GMT
server
UploadServer
etag
"07cb8203158abb26b3c18318350e7b36"
vary
Accept-Encoding
x-goog-hash
crc32c=fIrBTA==, md5=B8uCAxWKuyazwYMYNQ57Ng==
x-goog-generation
1586469553682331
cache-control
public, max-age=86400
x-goog-stored-content-length
20452
accept-ranges
bytes
content-type
application/javascript
expires
Wed, 17 Aug 2022 16:06:31 GMT
917893.gif
hexagon-analytics.com/images/ 		43 B
272 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hexagon-analytics.com/images/917893.gif?bk=2e541754ec&tm=28&r=439884197&v=105&cs=UTF-8&h=academy.tcm-sec.com&l=en-US&S=ec3fe898127970b4cc8407bf159f58a8&uu=ccaff2454856aec3c7479a965476c2f&t=Practical%20Malware%20Analysis%20%26%20Triage%20%7C%20TCM%20Security%2C%20Inc.&u=https%3A%2F%2Facademy.tcm-sec.com%2Fp%2Fpractical-malware-analysis-triage&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F104.0.5112.79%20Safari%2F537.36&nm=4&mh=fe407dda3b01b3e3c72476fe7bf9f870&np=3&ph=596d9e73a4a75c4ceee60ad7b54864b3&sh=1200&sw=1600&cd=24&p=Win32&to=0&d=0&ce=true&tp=0&ol=true&pr=Gecko&ps=20030107&vd=Google%20Inc.&vs=&hc=4&je=false&ss=true&ls=true&in=true&db=false&tl=false&tr=false&ts=false&tb=false&ab=false&cf=64d58bfddb44af6942e7931de5174ca7&z=z
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.232.42 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
42.232.102.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://academy.tcm-sec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 17 Aug 2022 02:34:39 GMT
via
1.1 google
x-content-type-options
nosniff
server
nginx
content-type
image/gif
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 01 Jan 1970 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

58 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| Wistia string| _wistiaElemId object| _wq object| wistiaEmbeds object| SENTRY_RELEASE object| teachableIcons object| __core-js_shared__ boolean| __EMOTION_REACT_11__ object| Base64 object| filestackInternals object| __SENTRY__ object| fedoraAnalytics function| trackTeachableGAEvent function| analyticsOptions function| trackEvent object| a function| _ object| heap boolean| heapShouldTrackUser string| _user_id string| _session_id object| _sift function| gtag object| dataLayer function| checkDarkMode function| toggleDarkMode string| GoogleAnalyticsObject function| ga object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| __CF$cv$params object| analytics object| iris object| a0_0x433e function| a0_0x3d7e object| google_tag_manager object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO function| onYouTubeIframeAPIReady object| recaptcha function| __siftFlashCB undefined| Sift object| PluginDetect

25 Cookies

Domain/Path Name / Value
.bit.ly/ Name: _bit
Value: m7h2yA-fbf1e6cc82cf2a57ed-007
academy.tcm-sec.com/ Name: ahoy_visitor
Value: 3596b8ce-1219-4967-9ac1-25c9ff5e70c7
academy.tcm-sec.com/ Name: ahoy_visit
Value: 20ad5d13-bd5a-4b43-a585-4c3ffcc12174
academy.tcm-sec.com/ Name: ahoy_track
Value: true
.tcm-sec.com/ Name: _afid
Value: 3596b8ce-1219-4967-9ac1-25c9ff5e70c7
.tcm-sec.com/ Name: aid
Value: 3596b8ce-1219-4967-9ac1-25c9ff5e70c7
academy.tcm-sec.com/ Name: site_preview
Value: logged_out
academy.tcm-sec.com/ Name: _session_id
Value: e483a4ddfc365abc83a6a3952a1b6132
.academy.tcm-sec.com/ Name: __cfruid
Value: 26e90eb5a181f413021a6e4761aa960f377ce4ad-1660703677
academy.tcm-sec.com/ Name: aid
Value: 3596b8ce-1219-4967-9ac1-25c9ff5e70c7
.tcm-sec.com/ Name: ajs_user_id
Value: null
.tcm-sec.com/ Name: ajs_group_id
Value: null
.tcm-sec.com/ Name: ajs_anonymous_id
Value: %22cff3cb38-10f8-4497-a2c1-16f5209a6e6f%22
.tcm-sec.com/ Name: _gcl_au
Value: 1.1.255276417.1660703678
.academy.tcm-sec.com/ Name: __cf_bm
Value: WpVqyClhk.wVOobBoTVlJdJio.rmY_EnhypIeTN7GJ0-1660703678-0-ARrkv/x3MqGHETAuxGr2m7WyQ8KWcsMblO/sLWya5WYfa/s+wdNsmxp8GAa4paCdvweDGooqS4nB2jWwVZys2F+WarfiiBnevYvRVVFnD+bLtkVgSJlPxqMJxIRMdvgm2nsjQ3KYrbYh3dZYnZ7E2XtMt7rOCjgGiOPxwIurmn4+
.tcm-sec.com/ Name: _gid
Value: GA1.2.836395137.1660703678
.tcm-sec.com/ Name: _ga_MSQ5G329C3
Value: GS1.1.1660703678.1.0.1660703678.0.0.0
.tcm-sec.com/ Name: _gat_fedoraTracker
Value: 1
.tcm-sec.com/ Name: _ga
Value: GA1.2.1915023363.1660703678
.tcm-sec.com/ Name: _gat_teachableTracker
Value: 1
.tcm-sec.com/ Name: _gat_gtag_UA_140849018_1
Value: 1
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.tcm-sec.com/ Name: _hp2_id.318805607
Value: %7B%22userId%22%3A%221785286616106578%22%2C%22pageviewId%22%3A%225292212806341413%22%2C%22sessionId%22%3A%224027417439412987%22%2C%22identity%22%3Anull%2C%22trackerVersion%22%3A%224.0%22%7D
.tcm-sec.com/ Name: _hp2_ses_props.318805607
Value: %7B%22ts%22%3A1660703678614%2C%22d%22%3A%22academy.tcm-sec.com%22%2C%22h%22%3A%22%2Fp%2Fpractical-malware-analysis-triage%22%7D
.tcm-sec.com/ Name: __ssid
Value: ccaff2454856aec3c7479a965476c2f

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

academy.tcm-sec.com
assets.teachablecdn.com
bit.ly
cdn.fs.teachablecdn.com
cdn.heapanalytics.com
cdn.sift.com
eventable.teachable.cloud
fast.wistia.com
fedora.teachablecdn.com
googleads.g.doubleclick.net
heapanalytics.com
hexagon-analytics.com
process.fs.teachablecdn.com
region1.google-analytics.com
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.recaptcha.net
13.32.121.24
142.250.185.66
151.101.194.49
151.101.66.49
2001:4860:4802:34::36
2606:4700:3032::ac43:8e97
2606:4700::6813:ee75
2a00:1450:4001:802::2003
2a00:1450:4001:80b::2003
2a00:1450:4001:80f::200e
2a00:1450:4001:811::2002
2a00:1450:4001:811::2003
2a00:1450:4001:812::2004
2a00:1450:4001:82f::2008
2a00:1450:400c:c00::9b
2a04:4e42:400::622
3.224.197.190
34.102.232.42
34.96.67.224
54.173.121.96
67.199.248.10
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
0d3118e306c6a26f1d2efcb698984e6922c5e7e155c94a84760e36e5592a3c11
0d4e96dda38bac6f972c4c3cc2a923aa461162757a33801aa80b735562c59f0c
2123e5ea1ef093069cf54eee5341feb955d2451f4f91bfabc085a54cfbdf57c8
263093b97bd01b06adb0ad6caee9cc0ed3fd93607596fb8dee102ebd20d6d85e
3154eb29df9c613b7e015580dc090d372c61e42ffba8cd63f289260a196079d5
38103eb92431874f325d7798693d904e79b2fbfc86ddd4f561babf16efff965f
3c365154080aea66d173c32b657e68ceace8f4dc593f9a1e681a224fba8e70fe
41cf900209d7c32c874e4dfcfca3659caa74a5e4d1615d238a2eff59e9c255b1
47a7c134d21218c7a18c3e5742d3086186841a506614ffc093debb8dda650235
4b87974c302f1bf2dc303d3a222c2b7b85ab7a594f10b330ba9d1d553af5093a
53ed6ce40eb7b1aeff1637b8fd585500e1b8acab072432eca0af64753d3243ea
579dc862c02e0e48d3ed0b94d2252ce2357b4d874494621795d099509d016e87
5c9aea21cdc724c955cf01821d3578222795d2c8bebb4d4fd86572f8c532313a
5caa7692d5182231b36c7073fa0bb292145bbd8e92646154572f29b57d455146
5cde27396c8c483c599d4162e29f219dbad91728edacc8f91410cc818a91046b
6a3d88f220ab02037ae284961796aeaaf088eeccde8526169da0cd325ea0640a
6d067b918c5ec8b264ea4e83526134a2622f125e988f4691f67e7c8da364adf2
6db92c76523b5b8cc32e985f80000601253b74507a44101d50ea743719e21e07
7046d0438404a622e7f8c06770dc9236bb97dabeb2661f2a44d386738b5f64c2
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
7921df86278b7fa9be0cbd78d9990071763ec4e9e88aaff2c3d466723090b8ae
7a5b6e998670df0273c4b67c4870df1c88ab69937aa7ecfdc50dc818b9aaa8c2
7b7c2690c9ca4cbe06aca9ba77e639a6724e9a9d116df6188447758fa12ca171
7f39c4a89353f1407cabb2631698d3db1603ba2be84e3a482a667585080b9637
847f6130913876db62620be6597a66b9b1fdd45ba6ad80679353ffc57a70d9f6
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
860cf8fc7bbfd28a56009779ce877fcd9d001c7f639a218953a2f6ec50e17ab4
8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a18f05f405713318170377be291f70238e61474659b1f876f9ff5bf205f3c32d
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2108a98309ea936244b711b68b758be0278500e047a5200d1eca370c65e6f38
a2c8feaafda35d506cde90249bce2b3761a558cd949e82d9f0e0960968277ab2
a9fcaabb4d63ae32b7932be2936f10c54de694f64e6cce1bb19277007edc458e
ac0be7205df4601f8c42a442b74c74daf8ab53a4c20144b9406c5618e66f49a1
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b197c058b7204124fa30fceb9f5b1b1890491cd410d140ed67be9a74615a1bf9
b6c5f3412cc179862779c904f4c36735e83213ec2cb3967e67908a8fd5f4f9a2
b9e1ccbe5697aaca1d43c18eaf9258964d47df799b2094b80c5ebf685037372d
baa8b049e10902b041088a1d733535947c2b85cfdbddfd05cd93f4b9b4a9b74c
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
be70a3e7dd44c9b1e32dc1124ec5d190e7cdc8017cca83d01557d0a4f3895f95
c8bb1521679627140a10cd1f70aac34d72f70a801dedf92f85590f1d8cf8750f
ca097cadd739820cbb3dccd9da4c57f85a63087707c0db5f82ce860ba3bc6568
ca6d2c2d470d44497e91ffc681e046ab4933b4c0f17d884d5813b8b2d7adc14d
d797b3fa2f45f5c7cf598c127a170de3258cae6eaf21f42cb00939f4ba82abf8
dcedb3812a6ae70a3ccd8c00a74c3e600673cadc29cfa54dbe94231ec947a5e9
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e1793f8b0e0d27890a78a270ab6e4043c83519851f48bfaf484ba01b785ebfe0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ebda27da1972d2a59b09aeed9f9124fbba73a685904ad5b7bd3433eb0ddea151
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efa5c224b5bb9179538601dacc986518df24869e453693c901c4ea6ef2fde733
f275bd520060f60bea214bfd1c7e135ff3b8c8c085c914f20c144c800a3e7e5b
f47f8093820f68f7b8f8148c2e103b3f9229aad9e439b0a7f0c282057afd2b15
f6a00b16ca1c815faad496ec40e4d37ed3f98bbaa107ae66bd5c2c2a8cf96a1a
f887ac2f2783de9b512fa9cf46f43ccc13a622740f935d2d0fa12a1a8eb744af
fadd034a1e35d0818d2b726068064fb5b0dfc96fe7c98f44379aebeb55715f76
fc978b9a445fbf02daa00cc849478d636f6ebd1995d565e2add0c7de150c35fb
ffb169c682184887e61fbb92375424273436b8638ffb1b98779b24842a72cdbf