blog.cystack.net Open in urlscan Pro
178.128.127.65 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://blog.cystack.net/word-based-malware-attack/
Submission: On December 09 via api (December 9th 2019, 6:39:57 pm UTC) from US

Summary HTTP 74 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 14 IPs in 5 countries across 10 domains to perform 74 HTTP transactions. The main IP is 178.128.127.65, located in Singapore and belongs to DIGITALOCEAN-ASN - DigitalOcean, LLC, US. The main domain is blog.cystack.net.
TLS certificate: Issued by Let's Encrypt Authority X3 on October 23rd 2019. Valid for: 3 months.

This is the only time blog.cystack.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
11	178.128.127.65 178.128.127.65	14061 (DIGITALOC...) (DIGITALOCEAN-ASN - DigitalOcean)
1	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
30	2a00:1450:400... 2a00:1450:4001:81c::2001	15169 (GOOGLE) (GOOGLE - Google LLC)
7	2a00:1450:400... 2a00:1450:4001:81e::2001	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:3b	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
4	2606:4700::68... 2606:4700::6811:4104	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	2a00:1450:400... 2a00:1450:4001:81b::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
5	151.101.112.134 151.101.112.134	54113 (FASTLY) (FASTLY - Fastly)
4	2606:4700::68... 2606:4700::6810:4da6	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	151.101.0.134 151.101.0.134	54113 (FASTLY) (FASTLY - Fastly)
2	151.101.112.64 151.101.112.64	54113 (FASTLY) (FASTLY - Fastly)
2	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	151.101.12.64 151.101.12.64	54113 (FASTLY) (FASTLY - Fastly)
74	14

11 178.128.127.65 (Singapore)

ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)
PTR: landing01.sin

blog.cystack.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

lh4.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lh3.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lh6.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:81e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

lh5.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:3b (Netherlands)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6811:4104 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.112.134 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

cystack.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
referrer.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:4da6 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

c.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.0.134 (United States)

ASN54113 (FASTLY - Fastly, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.112.64 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

tempest.services.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8083:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.64 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

links.services.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
37	googleusercontent.com lh4.googleusercontent.com lh3.googleusercontent.com lh5.googleusercontent.com lh6.googleusercontent.com	1 MB
11	cystack.net blog.cystack.net	929 KB
10	disqus.com cystack.disqus.com disqus.com tempest.services.disqus.com referrer.disqus.com links.services.disqus.com	27 KB
4	disquscdn.com c.disquscdn.com	225 KB
4	cloudflare.com cdnjs.cloudflare.com	6 KB
2	facebook.com www.facebook.com	338 B
2	facebook.net connect.facebook.net	111 KB
2	google-analytics.com www.google-analytics.com	18 KB
1	jquery.com code.jquery.com	30 KB
1	googletagmanager.com www.googletagmanager.com	27 KB
74	10

	Domain	Requested by
11	lh3.googleusercontent.com	blog.cystack.net
11	blog.cystack.net	blog.cystack.net
10	lh6.googleusercontent.com	blog.cystack.net
9	lh4.googleusercontent.com	blog.cystack.net
7	lh5.googleusercontent.com	blog.cystack.net
4	referrer.disqus.com	blog.cystack.net
4	c.disquscdn.com	cystack.disqus.com
4	cdnjs.cloudflare.com	blog.cystack.net
2	www.facebook.com	blog.cystack.net connect.facebook.net
2	tempest.services.disqus.com	cystack.disqus.com
2	disqus.com	cystack.disqus.com
2	connect.facebook.net	blog.cystack.net connect.facebook.net
2	www.google-analytics.com	www.googletagmanager.com blog.cystack.net
1	links.services.disqus.com	c.disquscdn.com
1	cystack.disqus.com	blog.cystack.net
1	code.jquery.com	blog.cystack.net
1	www.googletagmanager.com	blog.cystack.net
74	17

This site contains links to these domains. Also see Links.

Domain
cystack.net
app.cystack.net
whitehub.net
github.com
www.facebook.com
twitter.com
feedly.com
www.hex-rays.com
binvoke.com
qmemcpy.io
unit42.paloaltonetworks.com
ghost.org

Subject Issuer	Validity	Valid
blog.cystack.net Let's Encrypt Authority X3	`2019-10-23` - `2020-01-21`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
*.googleusercontent.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
jquery.org COMODO RSA Domain Validation Secure Server CA	`2018-10-17` - `2020-10-16`	2 years	crt.sh
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-12-05` - `2020-06-12`	6 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2019-11-06` - `2020-02-04`	3 months	crt.sh
*.disqus.com DigiCert SHA2 Secure Server CA	`2018-03-28` - `2020-04-27`	2 years	crt.sh
ssl565697.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-08-25` - `2020-03-02`	6 months	crt.sh
f.ssl.fastly.net GlobalSign Organization Validation CA - SHA256 - G2	`2018-08-30` - `2020-12-02`	2 years	crt.sh

This page contains 4 frames:

Primary Page: https://blog.cystack.net/word-based-malware-attack/
Frame ID: 74BB7805BF1260ABBBEC173BEF0488E4
Requests: 71 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=cystack&t_i=ghost-5c5296a25879070609443974&t_u=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&t_d=Word-based%20Malware%20Attack&t_t=Word-based%20Malware%20Attack&s_o=default
Frame ID: 92E86E6527EC6250766A84F079AEFF66
Requests: 1 HTTP requests in this frame

Frame: https://tempest.services.disqus.com/ads-iframe/google/?position=top&shortname=cystack&experiment=network_default&variant=fallthrough&service=dynamic&anchorColor=%2326a8ed&colorScheme=light&sourceUrl=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&typeface=sans-serif&canonicalUrl=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&disqus_version=7dd8c12
Frame ID: D44CC6AE9BAB86E4BAF5DA63DBEDEDAF
Requests: 1 HTTP requests in this frame

Frame: https://tempest.services.disqus.com/ads-iframe/google/?position=bottom&shortname=cystack&experiment=network_default&variant=fallthrough&service=dynamic&anchorColor=%2326a8ed&colorScheme=light&sourceUrl=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&typeface=sans-serif&canonicalUrl=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&disqus_version=7dd8c12
Frame ID: AE35450EB780E306EDC9D3DD24E2EBE2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Ghost (Blogs) Expand

Overall confidence: 100%
Detected patterns

meta generator /Ghost(?:\s([\d.]+))?/i

Node.js (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

meta generator /Ghost(?:\s([\d.]+))?/i

Ubuntu (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Ubuntu/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

74
Requests

100 %
HTTPS

64 %
IPv6

10
Domains

17
Subdomains

14
IPs

5
Countries

2443 kB
Transfer

2834 kB
Size

3
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://cystack.net/
Title: Home

Search URL Search Domain Scan URL

URL: https://app.cystack.net/
Title: CyStack Platform

Search URL Search Domain Scan URL

URL: https://whitehub.net/
Title: Bug Bounty

Search URL Search Domain Scan URL

URL: https://github.com/cystack
Title: Open Source

Search URL Search Domain Scan URL

URL: https://www.facebook.com/cystackcorp

Search URL Search Domain Scan URL

URL: https://twitter.com/cystacksecurity
Title:

Search URL Search Domain Scan URL

URL: https://feedly.com/i/subscription/feed/https://blog.cystack.net/rss/
Title:

Search URL Search Domain Scan URL

URL: https://github.com/cystack/word-based-malware/blob/master/infection_chain.xmind
Title: infection_chains.xmind

Search URL Search Domain Scan URL

URL: https://www.hex-rays.com/products/decompiler/manual/interactive.shtml
Title: Hex-Rays Decompiler

Search URL Search Domain Scan URL

URL: https://github.com/OALabs/BlobRunner
Title: BlobRunner

Search URL Search Domain Scan URL

URL: https://binvoke.com/introduction-to-pe-file-format-and-a-simple-code-example/
Title: PE file structure

Search URL Search Domain Scan URL

URL: https://qmemcpy.io/post/manually-dumping-pe-files-from-memory
Title: this tutorial

Search URL Search Domain Scan URL

URL: https://unit42.paloaltonetworks.com/tracking-oceanlotus-new-downloader-kerrdown/
Title: blog

Search URL Search Domain Scan URL

URL: https://github.com/cystack/word-based-malware
Title: https://github.com/cystack/word-based-malware

Search URL Search Domain Scan URL

URL: https://ghost.org/
Title: Ghost

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

74 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
blog.cystack.net/word-based-malware-attack/ 43 KB
15 KB 735ms
267ms Document
text/html 178.128.127.65
DigitalOcean

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

178.128.127.65 , Singapore, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),

Reverse DNS

landing01.sin

Software

nginx/1.14.0 (Ubuntu) / Express

Resource Hash

f86ebfa9571a9826a420e75fac7d63f0d15ba5797a33698f8be9581d2c31b738

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:method: GET
:authority: blog.cystack.net
:scheme: https
:path: /word-based-malware-attack/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-user: ?1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: none
sec-fetch-mode: navigate
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-User: ?1

Response headers

status: 200
server: nginx/1.14.0 (Ubuntu)
date: Mon, 09 Dec 2019 18:39:34 GMT
content-type: text/html; charset=utf-8
x-powered-by: Express
cache-control: public, max-age=0
etag: W/"ac2b-EkMoDB1CAkU7Q32EgnWOSunKebk"
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

GET
H2 200 screen.css
blog.cystack.net/assets/built/ 50 KB
10 KB 183ms
182ms Stylesheet
text/css 178.128.127.65
DigitalOcean

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.cystack.net/assets/built/screen.css?v=343448b432

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

178.128.127.65 , Singapore, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),

Reverse DNS

landing01.sin

Software

nginx/1.14.0 (Ubuntu) / Express

Resource Hash

23bb080ce82285887825b931f109c847a81bbd7ac6c2397ccfdf3ddd5db577c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:34 GMT
content-encoding: gzip
etag: W/"c6f7-7438674ba0"
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: nginx/1.14.0 (Ubuntu)
x-frame-options: SAMEORIGIN
x-powered-by: Express
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
status: 200
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes
x-content-type-options: nosniff

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 73 KB
27 KB 41ms
41ms Script
application/javascript 2a00:1450:4001:808::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-112171664-3

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f8e9239d4922a004ac316f228ca115feffb035f140dd6e2513f26b1cc36b6344

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:34 GMT
content-encoding: br
last-modified: Mon, 09 Dec 2019 18:00:00 GMT
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 27666
x-xss-protection: 0
expires: Mon, 09 Dec 2019 18:39:34 GMT

GET
H2 200 logo-white--1-.png
blog.cystack.net/content/images/2018/08/ 8 KB
9 KB 179ms
179ms Image
image/png 178.128.127.65
DigitalOcean

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.cystack.net/content/images/2018/08/logo-white--1-.png

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

178.128.127.65 , Singapore, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),

Reverse DNS

landing01.sin

Software

nginx/1.14.0 (Ubuntu) / Express

Resource Hash

40420c474f8b6a5c4d07b6d9e9388f8d8599a406351655657d6a1d038ba742de

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:34 GMT
x-content-type-options: nosniff
last-modified: Wed, 29 Aug 2018 07:58:04 GMT
server: nginx/1.14.0 (Ubuntu)
x-powered-by: Express
x-frame-options: SAMEORIGIN
content-type: image/png
status: 200
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes
content-length: 8662
etag: W/"21d6-16584b07ef1"

GET
H2 200 ava.png
blog.cystack.net/content/images/size/w100/2019/02/ 8 KB
8 KB 307ms
307ms Image
image/png 178.128.127.65
DigitalOcean

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.cystack.net/content/images/size/w100/2019/02/ava.png

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

178.128.127.65 , Singapore, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),

Reverse DNS

landing01.sin

Software

nginx/1.14.0 (Ubuntu) / Express

Resource Hash

4f3f0f99ace14dbfbf248037f656a4db80fd81bfb95934ab5df43562d9032bce

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:34 GMT
x-content-type-options: nosniff
last-modified: Fri, 15 Mar 2019 08:18:18 GMT
server: nginx/1.14.0 (Ubuntu)
x-powered-by: Express
x-frame-options: SAMEORIGIN
content-type: image/png
status: 200
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes
content-length: 7978
etag: W/"1f2a-169806e2d94"

GET
H2 200 malware-word-01.png
blog.cystack.net/content/images/size/w2000/2019/02/ 114 KB
115 KB 187ms
181ms Image
image/png 178.128.127.65
DigitalOcean

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.cystack.net/content/images/size/w2000/2019/02/malware-word-01.png

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

178.128.127.65 , Singapore, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),

Reverse DNS

landing01.sin

Software

nginx/1.14.0 (Ubuntu) / Express

Resource Hash

c4f7874b308c98d3b0e9f367dba84019160a2f49da9b58b73895d208c0637ec3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:34 GMT
x-content-type-options: nosniff
last-modified: Fri, 15 Mar 2019 08:30:02 GMT
server: nginx/1.14.0 (Ubuntu)
x-powered-by: Express
x-frame-options: SAMEORIGIN
content-type: image/png
status: 200
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes
content-length: 116865
etag: W/"1c881-1698078ebc5"

GET
H2 200 bjugOf6LWhDm9aEGsttxKLmv_U4SnxicHJDgkTH4KxFLKFjl6JIM_9Cu8Obzoiut9FKN6OYkvSCmwJtwX5tVOQTRcEf3zUpgB9S7p2C6LopZcBSYtcI3GkqqycUkmNdrU5T2Bzn5
lh4.googleusercontent.com/ 155 KB
155 KB 150ms
145ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh4.googleusercontent.com/bjugOf6LWhDm9aEGsttxKLmv_U4SnxicHJDgkTH4KxFLKFjl6JIM_9Cu8Obzoiut9FKN6OYkvSCmwJtwX5tVOQTRcEf3zUpgB9S7p2C6LopZcBSYtcI3GkqqycUkmNdrU5T2Bzn5

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

7b331539ca16999b385ed78a2ebd016f4386299659a855429331a97b86083df7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:34 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="8.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 158614
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:34 GMT

GET
H2 200 infection_chain_pic2.png
blog.cystack.net/content/images/2019/02/ 307 KB
308 KB 186ms
181ms Image
image/png 178.128.127.65
DigitalOcean

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.cystack.net/content/images/2019/02/infection_chain_pic2.png

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

178.128.127.65 , Singapore, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),

Reverse DNS

landing01.sin

Software

nginx/1.14.0 (Ubuntu) / Express

Resource Hash

c2918bbe8f1e0d6961f86e9360dbd23cf788c67e5d515a7a7097ec37b4171d8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:34 GMT
x-content-type-options: nosniff
last-modified: Sat, 02 Feb 2019 08:42:35 GMT
server: nginx/1.14.0 (Ubuntu)
x-powered-by: Express
x-frame-options: SAMEORIGIN
content-type: image/png
status: 200
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes
content-length: 314302
etag: W/"4cbbe-168ad5faf34"

GET
H2 200 qE9RjZ8Ow7z4hTIX4td0RnUvvs4ul2IC0hIMCuv4p6ztx2yfIuBBgs6NPn0fhTySG6_3PAe2sxc_k_oI4CWgK5w2ONWLWPiV_o-42p8ZwNVRv56HHWKcvD5pMXNhlYAXwE8DobWk
lh3.googleusercontent.com/ 116 KB
116 KB 155ms
150ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/qE9RjZ8Ow7z4hTIX4td0RnUvvs4ul2IC0hIMCuv4p6ztx2yfIuBBgs6NPn0fhTySG6_3PAe2sxc_k_oI4CWgK5w2ONWLWPiV_o-42p8ZwNVRv56HHWKcvD5pMXNhlYAXwE8DobWk

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

7e68b7bef7f9def8770d2657ceda22a4f7c31c217a349fef2bfbe7a02f6cd84f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:34 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="9.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 119034
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:34 GMT

GET
H2 200 3LXoPXvsxryWp8HgzOg5YHCcqlFVixr0nB2agLZRi8mDp1gC8x52p3lKCj6ZKLRkC41PsGVey2jbhpV5wCcAVenhlyx5rvlWTbQrfW_t6ZEyVqt9djeGuOJxlnU1up9WNQkeCsqC
lh5.googleusercontent.com/ 4 KB
4 KB 169ms
143ms Image
image/png 2a00:1450:4001:81e::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh5.googleusercontent.com/3LXoPXvsxryWp8HgzOg5YHCcqlFVixr0nB2agLZRi8mDp1gC8x52p3lKCj6ZKLRkC41PsGVey2jbhpV5wCcAVenhlyx5rvlWTbQrfW_t6ZEyVqt9djeGuOJxlnU1up9WNQkeCsqC

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

cc23600394fa7a046a3237e0406c7525411c288e64ca2a0e147735e8efb15b38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="pasted image 0.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 4487
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:35 GMT

GET
H2 200 6g2Ciu3llMq-qfquKvrP2_WsMR7uUvmkQjuSbqBgNu3K5frv84FTCzCBe8jGzdjE4qlQP_kN57Th03pmTn2t9XfpGQ1R2kzAKHOSKG_ZwkLj86x2gTcXQXaka6S2N7V4SpQRyqqA
lh6.googleusercontent.com/ 145 KB
145 KB 185ms
180ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/6g2Ciu3llMq-qfquKvrP2_WsMR7uUvmkQjuSbqBgNu3K5frv84FTCzCBe8jGzdjE4qlQP_kN57Th03pmTn2t9XfpGQ1R2kzAKHOSKG_ZwkLj86x2gTcXQXaka6S2N7V4SpQRyqqA

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

8920a4659375978007c1f30a0b8a267d38f3dff064f13ec9f16b3d0133da5501

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="1.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 148490
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:35 GMT

GET
H2 200 wi6m9XV2w27E6wA95-afQMMOafVoIRxlpdp5-OSsyLFG4Z4bmzZI4bGUMxJM0Kv89xIlf6uPpsMtHdTWxE7xc-_7BVXosi5jmC0GF45-IlkBfBHqODBN0ra-kmuaKCzOlaYxvtKp
lh4.googleusercontent.com/ 16 KB
17 KB 207ms
203ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh4.googleusercontent.com/wi6m9XV2w27E6wA95-afQMMOafVoIRxlpdp5-OSsyLFG4Z4bmzZI4bGUMxJM0Kv89xIlf6uPpsMtHdTWxE7xc-_7BVXosi5jmC0GF45-IlkBfBHqODBN0ra-kmuaKCzOlaYxvtKp

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

04da979ee9c7f34b685b934ae23920e09556425d7c9485fec2a989075bc5cafc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="4.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 16851
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:35 GMT

GET
H2 200 odk0iGxVj7x6USHYSsjYi8eXDa6XWb5QIwy2ypPgOTVWfMFHSDMxAXS8oIoLgv4hUV1ePm0xMWHWXq7kmV72ayYzyYOffEcg-mJjoQPMb_JRWWVIazo_nz7H4UG4v1ibXpU2vqeG
lh3.googleusercontent.com/ 3 KB
3 KB 162ms
157ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/odk0iGxVj7x6USHYSsjYi8eXDa6XWb5QIwy2ypPgOTVWfMFHSDMxAXS8oIoLgv4hUV1ePm0xMWHWXq7kmV72ayYzyYOffEcg-mJjoQPMb_JRWWVIazo_nz7H4UG4v1ibXpU2vqeG

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

c4fb2ce52d2af93291604cc82583d3d61b5658acdb5619e3b4894a3a2d73e328

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:34 GMT
x-content-type-options: nosniff
age: 0
status: 200
content-disposition: inline;filename="pasted image 0.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2636
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 07 Dec 2019 16:21:05 GMT

GET
H2 200 AROVH4S2j7lWd-w-c2oA27Di5VJENHUtv7-521B01s09JxIiczMbf_QCs0WG6uVFh03EilBAAXRUSNR_PpyqKVYOppOC24o7tbHzm52NiFdcGnMBgNvCFtsxWuRAQPPGAGl0o0gY
lh5.googleusercontent.com/ 44 KB
44 KB 147ms
144ms Image
image/png 2a00:1450:4001:81e::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh5.googleusercontent.com/AROVH4S2j7lWd-w-c2oA27Di5VJENHUtv7-521B01s09JxIiczMbf_QCs0WG6uVFh03EilBAAXRUSNR_PpyqKVYOppOC24o7tbHzm52NiFdcGnMBgNvCFtsxWuRAQPPGAGl0o0gY

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

7fd5b645daf5f1751bfdde5d27e6bbab9d4054d892d4671badb95a8c725fadaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="3.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 45358
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:35 GMT

GET
H2 200 bYxcneqTHR3CnDj1mbpPUNzvWNM3nnSrmr-Jufg9IbCP_OHNIynDi1Z2NAJdeBGoN_0TGzcrCfXEumqDwW_Xs4UdggdbRkqJVIwb6DGIrjJMtUDynhfJdUAVEaEpkGfCCnkgIId5
lh5.googleusercontent.com/ 53 KB
53 KB 148ms
147ms Image
image/png 2a00:1450:4001:81e::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh5.googleusercontent.com/bYxcneqTHR3CnDj1mbpPUNzvWNM3nnSrmr-Jufg9IbCP_OHNIynDi1Z2NAJdeBGoN_0TGzcrCfXEumqDwW_Xs4UdggdbRkqJVIwb6DGIrjJMtUDynhfJdUAVEaEpkGfCCnkgIId5

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

ff04735ce1430150d4bbfe3335538dfc0de2281d13d98bad09ef6917077d6424

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="11.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 54191
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:35 GMT

GET
H2 200 -GK6TRqpBCnvN8a6uU5u5tnD9TEL1ti5EDPSNXDQEbXoQTT2JqEQXdm0vn5Mx7M96M2Cd-dNv2ate8zdx2FlwyRO3C57ppcR94jp4i_l8j3iQSOW1TC1KxfVRAaSJeDxxIK86gy3
lh4.googleusercontent.com/ 29 KB
29 KB 142ms
141ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh4.googleusercontent.com/-GK6TRqpBCnvN8a6uU5u5tnD9TEL1ti5EDPSNXDQEbXoQTT2JqEQXdm0vn5Mx7M96M2Cd-dNv2ate8zdx2FlwyRO3C57ppcR94jp4i_l8j3iQSOW1TC1KxfVRAaSJeDxxIK86gy3

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

c3a8e711b9ea5881f255bd7bb856c311841da2135814fed21a0ec2d80ee78b19

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="pasted image 0.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 29637
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:34 GMT

GET
H2 200 P9v1TEt2YFKXf42yncUzqe7FLZkbZJtVnkqVXm6O-xg5FbIFFFp9vdXA5aaZ_3V5mQr7Q9BN4qR9PkJpW-zEeiCYLnr-CR2FWiptqBk6DlUFCi27nhN-CZr5QI3T1j8NICqiguGf
lh5.googleusercontent.com/ 22 KB
23 KB 135ms
135ms Image
image/png 2a00:1450:4001:81e::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh5.googleusercontent.com/P9v1TEt2YFKXf42yncUzqe7FLZkbZJtVnkqVXm6O-xg5FbIFFFp9vdXA5aaZ_3V5mQr7Q9BN4qR9PkJpW-zEeiCYLnr-CR2FWiptqBk6DlUFCi27nhN-CZr5QI3T1j8NICqiguGf

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

0453284f0a667ebbc7320cd009437b5c551438fd0cee6fb15a98e1a2b4f15072

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:34 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="pasted image 0.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 23000
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:34 GMT

GET
H2 200 RTUBktEw1eQqKDBQLPxFGDpEN4mfUeIJTe-ocYiFlMCv8p7jS-OQY3iXhEcHFWdl3hVjKE-nDitqXRMIPTAGimReJB5--N97KKz_ZcjGo7F89IIAhkcX6hDP1aoFUNs_2m1bJ_Rs
lh6.googleusercontent.com/ 3 KB
3 KB 143ms
143ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/RTUBktEw1eQqKDBQLPxFGDpEN4mfUeIJTe-ocYiFlMCv8p7jS-OQY3iXhEcHFWdl3hVjKE-nDitqXRMIPTAGimReJB5--N97KKz_ZcjGo7F89IIAhkcX6hDP1aoFUNs_2m1bJ_Rs

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

4cf80193c4b09279a8cf684e6a6c923ced64d18f88f3720c26e6a13692cda566

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="pasted image 0.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 3259
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:35 GMT

GET
H2 200 dINjNSUM7JjJ5GGtv1sh8-sgD430zZ19iZyXceKafMkkxJtnUXd68ZI0L6lxCOSkSfqpetFUwZ9Onz7Xa_BSHuxMcY6aqEB1utD6vyIo2eafah6L0RKtbhf6x5fsxx-3Sweg7Nfj
lh6.googleusercontent.com/ 11 KB
11 KB 415ms
415ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/dINjNSUM7JjJ5GGtv1sh8-sgD430zZ19iZyXceKafMkkxJtnUXd68ZI0L6lxCOSkSfqpetFUwZ9Onz7Xa_BSHuxMcY6aqEB1utD6vyIo2eafah6L0RKtbhf6x5fsxx-3Sweg7Nfj

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

04ca52dd68c4c81c6e2bb008b8f0bea7da09db0c67835d547adeb634038b8932

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="pasted image 0.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 11560
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:35 GMT

GET
H2 200 2tMGMeWhLnMLOfnMHJhu8LWP5HRa_MivlsZjGetZ4BGptJRXB61jMWiLef3CXnzhURNv1uQF4bDmyEigQHoUH2AuMTdGJ5l2NaQsqurUGgUzqnaKJZ1pyYpOpAth4bo5FjbRJfWl
lh3.googleusercontent.com/ 13 KB
13 KB 421ms
421ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/2tMGMeWhLnMLOfnMHJhu8LWP5HRa_MivlsZjGetZ4BGptJRXB61jMWiLef3CXnzhURNv1uQF4bDmyEigQHoUH2AuMTdGJ5l2NaQsqurUGgUzqnaKJZ1pyYpOpAth4bo5FjbRJfWl

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

5d92c95fc0978293f02515a407a5b02e021abb225591d3d48c16ba4c72d954b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="pasted image 0.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 12943
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:35 GMT

GET
H2 200 -fOUAoG_SNam8fWHlE_AAO1paCD5VEBMizIETgmx1n3uI0qjLNkiarF09ijoWBxvOPAkviOpjMI-jnLQ5WnB5EN1Q6psZmq3iqkjki_c5jz5j8tM7HV6EZfn6rRKDD_lHWvxakdT
lh6.googleusercontent.com/ 27 KB
27 KB 145ms
144ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/-fOUAoG_SNam8fWHlE_AAO1paCD5VEBMizIETgmx1n3uI0qjLNkiarF09ijoWBxvOPAkviOpjMI-jnLQ5WnB5EN1Q6psZmq3iqkjki_c5jz5j8tM7HV6EZfn6rRKDD_lHWvxakdT

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

1b45551033fb6c77af8332395668868ec37a0494c4ca764ceb018784da72ddc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
age: 0
status: 200
content-disposition: inline;filename="pasted image 0.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 27435
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 07 Dec 2019 16:21:07 GMT

GET
H2 200 taSoklsXd17pvMViVjyt5_c6bl2a4lGLrbxVDIyigL-0Oxy_oj45R0aZUtS518VGl7FCGYlzEec7n8OjwL8IGxLpPHdmWC-Ll2Ipitbt-YZoxxtpAxQ3aHVd3xmRcD5IDU0S7r5R
lh3.googleusercontent.com/ 9 KB
9 KB 166ms
166ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/taSoklsXd17pvMViVjyt5_c6bl2a4lGLrbxVDIyigL-0Oxy_oj45R0aZUtS518VGl7FCGYlzEec7n8OjwL8IGxLpPHdmWC-Ll2Ipitbt-YZoxxtpAxQ3aHVd3xmRcD5IDU0S7r5R

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

5c1f2820847d0a636ffede35ddcd9407168629a91b3d9f66123c273c2e2c506c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="pasted image 0.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 9493
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:35 GMT

GET
H2 200 JfQ68zWfEltp2XW_zFY1-0oV7aLvQVfdQcmclyLA_Pysra6Wv9h1STxbm4mBbQNCoMPbsaxbXCtF33YXe8VDDlYBXLma-j6I715Fex9JF5I5jn71UqETOR8YX65xYqDfaXzZbXw1
lh6.googleusercontent.com/ 40 KB
40 KB 367ms
367ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/JfQ68zWfEltp2XW_zFY1-0oV7aLvQVfdQcmclyLA_Pysra6Wv9h1STxbm4mBbQNCoMPbsaxbXCtF33YXe8VDDlYBXLma-j6I715Fex9JF5I5jn71UqETOR8YX65xYqDfaXzZbXw1

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

66aabc63a296eb0cfd955ae17a48242c6b0c4bc891bb148962e62d49df4fd100

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="pasted image 0.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 41148
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:35 GMT

GET
H2 200 EFTwXK4SXO3ILaf-DwssDZdfBsILQfWwiRntWLGc-emPy3zsz_770Bq_HnzHruxH3x5MWaozCDpwCqErKxkLKPSnffpOUq5c00t1AALBRTmasJ7MndX7KgYqaFQRmUFRGN-cgFtU
lh3.googleusercontent.com/ 62 KB
62 KB 362ms
362ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/EFTwXK4SXO3ILaf-DwssDZdfBsILQfWwiRntWLGc-emPy3zsz_770Bq_HnzHruxH3x5MWaozCDpwCqErKxkLKPSnffpOUq5c00t1AALBRTmasJ7MndX7KgYqaFQRmUFRGN-cgFtU

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

bb26caef3b7c32d7b11357c272bbafe7dc0cf0716e37b86d95412687a86c0936

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="pasted image 0.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 63503
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:35 GMT

GET
H2 200 qQSUjgmVAN-217ZZyLppvf_WX6gPnIAz98lh8Fm4K0vY6kGV1i8rY62yV4uj07A15PlTraHv3u5Cg-QArDSVLyX4ViC9_VGnCF9P_XkVy5VkdX9HB2jnnpBUIjSsIOJfyxoCzTLW
lh4.googleusercontent.com/ 8 KB
8 KB 219ms
219ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh4.googleusercontent.com/qQSUjgmVAN-217ZZyLppvf_WX6gPnIAz98lh8Fm4K0vY6kGV1i8rY62yV4uj07A15PlTraHv3u5Cg-QArDSVLyX4ViC9_VGnCF9P_XkVy5VkdX9HB2jnnpBUIjSsIOJfyxoCzTLW

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

b3129336b5624802f5532cff9cfa825886aa5c6e80e2f485523b503d11560eec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="pasted image 0.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 8411
x-xss-protection: 0
server: fife
etag: "v2"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:35 GMT

GET
H2 200 quH2_AuoPE__Zpr2qKFsV1uoElKmSjkqFwPX9yGdffFO1jOBaXyvIeKUIFCfvwHwdKMfj0yXSR9WjGWwF4VqwCRgGt9FVX6FwtbPu-9K0vXjOPKBCQo2Yf9b1v4VFb7qmvfyCnfZ
lh3.googleusercontent.com/ 8 KB
8 KB 143ms
142ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/quH2_AuoPE__Zpr2qKFsV1uoElKmSjkqFwPX9yGdffFO1jOBaXyvIeKUIFCfvwHwdKMfj0yXSR9WjGWwF4VqwCRgGt9FVX6FwtbPu-9K0vXjOPKBCQo2Yf9b1v4VFb7qmvfyCnfZ

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

3a8558a678053b7164f9fbc70d1593fcc370260edb6ed81b1743cbc12b38df62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="pasted image 0.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 8490
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:35 GMT

GET
H2 200 OnrWwVXZmtypWuID-Sv7EEurwyNd53oXayAyJeRm7MYymu7NplGJVQ6HN2_UVpP0HFohLiFfK1mD4EL1BJJzQk9HKv7s7NhmZwi3M-wLmT3PvQiPzE0QXclJaZg7u7t_GFMj53mm
lh3.googleusercontent.com/ 35 KB
35 KB 355ms
355ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/OnrWwVXZmtypWuID-Sv7EEurwyNd53oXayAyJeRm7MYymu7NplGJVQ6HN2_UVpP0HFohLiFfK1mD4EL1BJJzQk9HKv7s7NhmZwi3M-wLmT3PvQiPzE0QXclJaZg7u7t_GFMj53mm

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

01a6a9a6c0e2e3e78944dc69d44c6f39253bb48ad7a1f08dcae5ec9373d076be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="pasted image 0.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35419
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:35 GMT

GET
H2 200 agKpp7ebYkt4oEH28uPSbqrQqvW43eGXazrMuMdbb8Ou3o6WXjPFy1zrpIPcNLT27OtZglZ6QYEOi6wLKQ5_vy5G1cfiWYjlwzfup14zCgzMRat8GSgE87ClJCw3qL22DVLJ2kjx
lh3.googleusercontent.com/ 1 KB
1 KB 183ms
183ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/agKpp7ebYkt4oEH28uPSbqrQqvW43eGXazrMuMdbb8Ou3o6WXjPFy1zrpIPcNLT27OtZglZ6QYEOi6wLKQ5_vy5G1cfiWYjlwzfup14zCgzMRat8GSgE87ClJCw3qL22DVLJ2kjx

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

64c1bcd91033ad75a07fa0aac2785c8354efefbfd125c4f3bdf93249d43d338c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="pasted image 0.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1161
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:35 GMT

GET
H2 200 2UG6Sc0mibclUGdEBcxliMzEvRtB4HLB0cjlDbu0m08HJnAJlx_rt1ivI_bQgiksVtJRV3JX4y-tND07JrhchFmZLN5kVGpfpP7V7YtqF7lL_2z3tuxTulGQvtbO6tlkvI80W0_3
lh6.googleusercontent.com/ 10 KB
10 KB 159ms
159ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/2UG6Sc0mibclUGdEBcxliMzEvRtB4HLB0cjlDbu0m08HJnAJlx_rt1ivI_bQgiksVtJRV3JX4y-tND07JrhchFmZLN5kVGpfpP7V7YtqF7lL_2z3tuxTulGQvtbO6tlkvI80W0_3

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

1c68cc84cb20bf35dc7130c8f6d971117cb8b8a0b2c83020313ac01517ff00cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="pasted image 0.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 10667
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:35 GMT

GET
H2 200 e82IjjoQJUUrFfSxoB1ZsdGcdCDpVWfTJsiHc8WXig-zWbU9_UvnARL5k9yUG0jwLyzFifnHLj63xdEkAXiHnV8fkPLD23x19nc0hb5kAz8cWyevY4uwRQwxvUHv4ixMDPYW4tYs
lh4.googleusercontent.com/ 17 KB
17 KB 421ms
421ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh4.googleusercontent.com/e82IjjoQJUUrFfSxoB1ZsdGcdCDpVWfTJsiHc8WXig-zWbU9_UvnARL5k9yUG0jwLyzFifnHLj63xdEkAXiHnV8fkPLD23x19nc0hb5kAz8cWyevY4uwRQwxvUHv4ixMDPYW4tYs

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

7d17c247de61dc5c514dff02dec037d393f6f711fc54888916fe52b60f63de06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="pasted image 0.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17448
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:35 GMT

GET
H2 200 nJC6S5-Hby1rpQsTTZykrsij-qjDp4ZyMC25R9RaAE9UGDYChYpTMAzB9Jbft76VhmlVVo4J7ldkghvusGb4l0OmIsFdCuCyrL24DvPOx4Avix4xgfyu4cACtFfZiUj-mEsDXKHg
lh6.googleusercontent.com/ 12 KB
12 KB 1334ms
1333ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/nJC6S5-Hby1rpQsTTZykrsij-qjDp4ZyMC25R9RaAE9UGDYChYpTMAzB9Jbft76VhmlVVo4J7ldkghvusGb4l0OmIsFdCuCyrL24DvPOx4Avix4xgfyu4cACtFfZiUj-mEsDXKHg

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

92fa9cff7be89c299aed218738466ccf6194d6c3e559303ed59eab5eab49160e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:36 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="pasted image 0.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 12570
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:36 GMT

GET
H2 200 MwZ7_F45Hp4aI_Ts8U0FGSz4KYC2YGfoWRHe0RrpEl1adQLLPMdUlX179t1Ll6RJmnr1LxdrAuJV_ZvYqEnYZ2I_05Cp7O9Vei8SNa1XFTe_HgcKckAEjRlreWImrKTJbn3W_HsW
lh3.googleusercontent.com/ 32 KB
33 KB 426ms
426ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/MwZ7_F45Hp4aI_Ts8U0FGSz4KYC2YGfoWRHe0RrpEl1adQLLPMdUlX179t1Ll6RJmnr1LxdrAuJV_ZvYqEnYZ2I_05Cp7O9Vei8SNa1XFTe_HgcKckAEjRlreWImrKTJbn3W_HsW

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

ac6307996424c72f1e43aa9b8eb886427a188d1f10a06eb3699c59bb22d247f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="pasted image 0.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 33210
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:35 GMT

GET
H2 200 Q8Gno3gV2vNNJqDGRzB1Z1Vddltcq1XzQWz0oA_H-05jbc2XSpYTZLCi9CWJ6dZ0doxvX-dN41Oq4MfcUQwXz1jBqSTPsk09XHroe1ot4-TIQAA8YxX8nYsyPdeNkXeVTJoax6ib
lh3.googleusercontent.com/ 20 KB
20 KB 138ms
138ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/Q8Gno3gV2vNNJqDGRzB1Z1Vddltcq1XzQWz0oA_H-05jbc2XSpYTZLCi9CWJ6dZ0doxvX-dN41Oq4MfcUQwXz1jBqSTPsk09XHroe1ot4-TIQAA8YxX8nYsyPdeNkXeVTJoax6ib

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

d7637b3c4f2bd21608774df4409437d1cd1840a1bc912245e7e51a49079bbf71

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="pasted image 0.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 20483
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:35 GMT

GET
H2 200 XZoiyctNfdBJ8Z1Fh8P5alhhyD_pfdZVJnzrS-XAaPHbybwafx_ZV5VbCl0HmwZyGmCs7Qbp8XTvseZDFIEI_wiGLPw5fKm-31whqiTh5Cm1ujOnOBzxbQ6xz_UZGlGLepnN7-6m
lh5.googleusercontent.com/ 13 KB
13 KB 372ms
371ms Image
image/png 2a00:1450:4001:81e::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh5.googleusercontent.com/XZoiyctNfdBJ8Z1Fh8P5alhhyD_pfdZVJnzrS-XAaPHbybwafx_ZV5VbCl0HmwZyGmCs7Qbp8XTvseZDFIEI_wiGLPw5fKm-31whqiTh5Cm1ujOnOBzxbQ6xz_UZGlGLepnN7-6m

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

705b8e26311d7559b52e2e627bec7251b325adcacdba6a686cb2898aa52a624e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="pasted image 0.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 12956
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:35 GMT

GET
H2 200 hNj7KtUzZ2HQb8-KXzkV8OYSL13i5F1FjBn4vm-DVVB11s1nL_-WGiFoLv5OC9lAODdTb7UH1Cb3y3yA_Fa7ZrniMAj5X5UgEsQOv4dRU0_PKikfW3XhsD-LZgIY0ZT02a19TTKP
lh5.googleusercontent.com/ 8 KB
8 KB 146ms
145ms Image
image/png 2a00:1450:4001:81e::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh5.googleusercontent.com/hNj7KtUzZ2HQb8-KXzkV8OYSL13i5F1FjBn4vm-DVVB11s1nL_-WGiFoLv5OC9lAODdTb7UH1Cb3y3yA_Fa7ZrniMAj5X5UgEsQOv4dRU0_PKikfW3XhsD-LZgIY0ZT02a19TTKP

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

71f503a81c4df3f2f0df657fa88077b3be06edae8613b08298167d7910706079

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="pasted image 0.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 8131
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:35 GMT

GET
H2 200 ZDaFWvO3zLu1_rpBGrrmfosHjQo6TEFIKCtbMyrF9AqP2iTj1nVtrMMkdtSELxYxqL6tMekrW0IoJyTvyNKXECmxWDcjt4rs_aWXZzkkgB1lalREHOt0UAR47nShXm8tdFOMBf_L
lh6.googleusercontent.com/ 58 KB
58 KB 151ms
151ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/ZDaFWvO3zLu1_rpBGrrmfosHjQo6TEFIKCtbMyrF9AqP2iTj1nVtrMMkdtSELxYxqL6tMekrW0IoJyTvyNKXECmxWDcjt4rs_aWXZzkkgB1lalREHOt0UAR47nShXm8tdFOMBf_L

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

ae7dc592906c764cf9520204949c6f59d947ae2a0969925945bb3339d5bb9a3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="pasted image 0.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 58960
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:35 GMT

GET
H2 200 wLAHbQ6HgE2o3q17WB3m4LxeofGGfkKbdY6agLj_s4MU6OD5MTUrWbsksk3ndMULiXus8ELSKrKh75zoJXW3ZuNFhxnjwkTFgiryoQqXxUzBTILdrjoo9sbEUnevicL216eYNYyB
lh3.googleusercontent.com/ 4 KB
4 KB 359ms
358ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/wLAHbQ6HgE2o3q17WB3m4LxeofGGfkKbdY6agLj_s4MU6OD5MTUrWbsksk3ndMULiXus8ELSKrKh75zoJXW3ZuNFhxnjwkTFgiryoQqXxUzBTILdrjoo9sbEUnevicL216eYNYyB

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

8f1ccf389ca75f4c48078d9b601e2591df39e93f9e58c187c57c5141158ecd69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="pasted image 0.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 3616
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:35 GMT

GET
H2 200 JBlNmcYleKE1dFWLTifErYoyXXUnbvA-LuUkoqyMhb8NcUB2P4DuqQLZNW6v_eZBMImVNKX-aoN-rMW28YszpGIhtlYolaTAvpnqWUO6Ts1-_qcwjqHtxE-wabFGjuMQ5mIqYWmk
lh6.googleusercontent.com/ 6 KB
6 KB 145ms
144ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/JBlNmcYleKE1dFWLTifErYoyXXUnbvA-LuUkoqyMhb8NcUB2P4DuqQLZNW6v_eZBMImVNKX-aoN-rMW28YszpGIhtlYolaTAvpnqWUO6Ts1-_qcwjqHtxE-wabFGjuMQ5mIqYWmk

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

754a72d9a8c2617d340b6f09505f92c21e60b288463525f424463bf14d4f0ec1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="pasted image 0.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 5720
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:35 GMT

GET
H2 200 AcTpugqLQlOkbaPDTsfUz9Qmil9Ob7r8x0YqRwHayC30GC-lt2sgMeCH1uCvMiOV59LATgwIP1qLv6YQsSevRcqx7i9JRRn-enwxbfYCsB5UdO4-SLUPssU9wVzdhTjvqxnS2Gct
lh6.googleusercontent.com/ 36 KB
36 KB 139ms
138ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/AcTpugqLQlOkbaPDTsfUz9Qmil9Ob7r8x0YqRwHayC30GC-lt2sgMeCH1uCvMiOV59LATgwIP1qLv6YQsSevRcqx7i9JRRn-enwxbfYCsB5UdO4-SLUPssU9wVzdhTjvqxnS2Gct

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

e06fdaa5b3592c4064b22092ab4ec635441a0b3296879a11282aced7e7b170c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="pasted image 0.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 37027
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:35 GMT

GET
H2 200 HWTWR0LmsEwPHkhNQ-yvGrBNgi-euIUpUQ09SnX5LAX8Jyjr3RPAk3v8hZ-dvj-cC-G5yvjndoj5mJCV8TW00cFSnHk_aX1QyQXOWjITa6wx9C7BCZxQNK1akFrqWZAkxKIZVXll
lh4.googleusercontent.com/ 15 KB
16 KB 151ms
150ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh4.googleusercontent.com/HWTWR0LmsEwPHkhNQ-yvGrBNgi-euIUpUQ09SnX5LAX8Jyjr3RPAk3v8hZ-dvj-cC-G5yvjndoj5mJCV8TW00cFSnHk_aX1QyQXOWjITa6wx9C7BCZxQNK1akFrqWZAkxKIZVXll

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

1ea1f97c52765ea8ebe5d70a7dbb955fa18b082716846dfd0f2a420ef6e81f70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="pasted image 0.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 15800
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:35 GMT

GET
H2 200 xiaLbhGEfgswgSPduyMLxuQ4Imd96u-c1zhgPiHBjNrfHBENsNXZRFtcflBHksy-64yx8-KFhA7s0BjNhWF48usWz7bYWX1bMlQLxCZoZH4s9RwPxb-cNayRzktuCItJ5I8nDPx9
lh4.googleusercontent.com/ 4 KB
4 KB 358ms
358ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh4.googleusercontent.com/xiaLbhGEfgswgSPduyMLxuQ4Imd96u-c1zhgPiHBjNrfHBENsNXZRFtcflBHksy-64yx8-KFhA7s0BjNhWF48usWz7bYWX1bMlQLxCZoZH4s9RwPxb-cNayRzktuCItJ5I8nDPx9

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

9dfced5e841cbbde86669be2f822a541da1e2d83dbb0bb6d2f6178d9cb7f9650

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="pasted image 0.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 4438
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:35 GMT

GET
H2 200 e6_pqShB02SU4CJhD3qG-X3_uQ_VZoUKBGnpdltiojaZPmzeL1wx7kNRiT2RxNmfVcTJxvA1b_qOW0WBCzccOfAiEJsoKVgwjxj6xdfwDdQN7Yn48AFXad48OP2OuGq4J8xOQvDb
lh5.googleusercontent.com/ 4 KB
5 KB 146ms
146ms Image
image/png 2a00:1450:4001:81e::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh5.googleusercontent.com/e6_pqShB02SU4CJhD3qG-X3_uQ_VZoUKBGnpdltiojaZPmzeL1wx7kNRiT2RxNmfVcTJxvA1b_qOW0WBCzccOfAiEJsoKVgwjxj6xdfwDdQN7Yn48AFXad48OP2OuGq4J8xOQvDb

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

4c587c7d40c8507d95292c5a58853b21fa9045543d76a2462f522dfcc47f34cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="pasted image 0.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 4560
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:35 GMT

GET
H2 200 lrWh5xMifyBGFOmgfraBssgfdPF-jG2J8WGuczP4LT_Ay2yoKII1nRRIVm1AC6FphshiUCM9IvgbAQI2qziOA5tLX5MN4hKPgDoiqlaYgCMsoudtEYJraCMxlw1gwajyYHkHPP9O
lh4.googleusercontent.com/ 7 KB
8 KB 142ms
142ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh4.googleusercontent.com/lrWh5xMifyBGFOmgfraBssgfdPF-jG2J8WGuczP4LT_Ay2yoKII1nRRIVm1AC6FphshiUCM9IvgbAQI2qziOA5tLX5MN4hKPgDoiqlaYgCMsoudtEYJraCMxlw1gwajyYHkHPP9O

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

ec3fb9ac4558b8efeb9725ea47642a70430b320c1950d79e3d6283e2c9bcb277

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="pasted image 0.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 7652
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:35 GMT

GET
H2 200 pXqbCFZKF0DF7jAN2M-lbZM55PsMxfxYd5yN_sifgXU5SLR0JuvZs4MOH6A4HAfJldBoGG3lhCoMf9p2Bsn0UU4VmuK2KU7WFnL6aBe6hVdeJlEegXIf5gR4zULnS_X8Fr8rW3es
lh4.googleusercontent.com/ 12 KB
12 KB 427ms
427ms Image
image/png 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh4.googleusercontent.com/pXqbCFZKF0DF7jAN2M-lbZM55PsMxfxYd5yN_sifgXU5SLR0JuvZs4MOH6A4HAfJldBoGG3lhCoMf9p2Bsn0UU4VmuK2KU7WFnL6aBe6hVdeJlEegXIf5gR4zULnS_X8Fr8rW3es

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

6fec1230d33418da290898c9d2d1aa9f405239acb21d193d0ced881323551241

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="pasted image 0.png"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 12639
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 10 Dec 2019 18:39:35 GMT

GET
H2 200 PHAR-01-3.png
blog.cystack.net/content/images/size/w1000/2019/03/ 161 KB
162 KB 359ms
357ms Image
image/png 178.128.127.65
DigitalOcean

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.cystack.net/content/images/size/w1000/2019/03/PHAR-01-3.png

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

178.128.127.65 , Singapore, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),

Reverse DNS

landing01.sin

Software

nginx/1.14.0 (Ubuntu) / Express

Resource Hash

64ab72c774099ded90ddaf0aa7004a01cb747c10ab5afd85e44a7260313959a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:34 GMT
x-content-type-options: nosniff
last-modified: Fri, 15 Mar 2019 08:18:42 GMT
server: nginx/1.14.0 (Ubuntu)
x-powered-by: Express
x-frame-options: SAMEORIGIN
content-type: image/png
status: 200
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes
content-length: 165211
etag: W/"2855b-169806e8aed"

GET
H2 200 theanhnguyen.png
blog.cystack.net/content/images/size/w100/2018/11/ 8 KB
9 KB 359ms
357ms Image
image/png 178.128.127.65
DigitalOcean

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.cystack.net/content/images/size/w100/2018/11/theanhnguyen.png

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

178.128.127.65 , Singapore, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),

Reverse DNS

landing01.sin

Software

nginx/1.14.0 (Ubuntu) / Express

Resource Hash

79f8d3575cb7317a031accaeb3444bef4c77d5b5e938080ba0618e531a9d2fcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:34 GMT
x-content-type-options: nosniff
last-modified: Fri, 15 Mar 2019 08:18:17 GMT
server: nginx/1.14.0 (Ubuntu)
x-powered-by: Express
x-frame-options: SAMEORIGIN
content-type: image/png
status: 200
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes
content-length: 8501
etag: W/"2135-169806e2c2c"

GET
H2 200 drupal-RCE-01-1-.png
blog.cystack.net/content/images/size/w1000/2019/02/ 282 KB
283 KB 359ms
357ms Image
image/png 178.128.127.65
DigitalOcean

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.cystack.net/content/images/size/w1000/2019/02/drupal-RCE-01-1-.png

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

178.128.127.65 , Singapore, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),

Reverse DNS

landing01.sin

Software

nginx/1.14.0 (Ubuntu) / Express

Resource Hash

418906ccda62acc10155c9dd5bbadb2f410bf957180ef1e217d1c934e0a3dc01

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:34 GMT
x-content-type-options: nosniff
last-modified: Fri, 15 Mar 2019 08:18:43 GMT
server: nginx/1.14.0 (Ubuntu)
x-powered-by: Express
x-frame-options: SAMEORIGIN
content-type: image/png
status: 200
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes
content-length: 289132
etag: W/"4696c-169806e91e5"

GET
H2 200 duy.png
blog.cystack.net/content/images/size/w100/2018/11/ 10 KB
10 KB 360ms
358ms Image
image/png 178.128.127.65
DigitalOcean

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.cystack.net/content/images/size/w100/2018/11/duy.png

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

178.128.127.65 , Singapore, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),

Reverse DNS

landing01.sin

Software

nginx/1.14.0 (Ubuntu) / Express

Resource Hash

c8cf0aa1b81bdb5862247c32319e5c67e5a9a03e4f8142b141ae9c9ed9817039

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:34 GMT
x-content-type-options: nosniff
last-modified: Fri, 15 Mar 2019 08:18:39 GMT
server: nginx/1.14.0 (Ubuntu)
x-powered-by: Express
x-frame-options: SAMEORIGIN
content-type: image/png
status: 200
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes
content-length: 9908
etag: W/"26b4-169806e81d9"

GET
H/1.1 200
OK jquery-3.4.1.min.js Show response
code.jquery.com/ 86 KB
30 KB 7ms
6ms Script
application/javascript 2001:4de0:ac19::1:b:3b
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.4.1.min.js
Requested by: Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:4de0:ac19::1:b:3b , Netherlands, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://blog.cystack.net/word-based-malware-attack/
Origin: https://blog.cystack.net

Response headers

Date: Mon, 09 Dec 2019 18:39:34 GMT
Content-Encoding: gzip
Last-Modified: Wed, 01 May 2019 21:14:27 GMT
Server: nginx
ETag: W/"5cca0c33-15851"
Vary: Accept-Encoding
X-HW: 1575916765.dop122.fr8.shc,1575916765.dop122.fr8.t,1575916774.cds143.fr8.c
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 30638

GET
H2 200 casper.js Show response
blog.cystack.net/assets/built/ 3 KB
2 KB 183ms
179ms Script
application/javascript 178.128.127.65
DigitalOcean

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.cystack.net/assets/built/casper.js?v=343448b432

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

178.128.127.65 , Singapore, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),

Reverse DNS

landing01.sin

Software

nginx/1.14.0 (Ubuntu) / Express

Resource Hash

aaff77f553f847519fd6b1bd8b913dea2cda339b1bf4e7c18cf4822c9c3fb035

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:34 GMT
content-encoding: gzip
etag: W/"df6-7438674ba0"
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: nginx/1.14.0 (Ubuntu)
x-frame-options: SAMEORIGIN
x-powered-by: Express
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes
x-content-type-options: nosniff

GET
H2 200 prism.min.js Show response
cdnjs.cloudflare.com/ajax/libs/prism/1.14.0/ 12 KB
4 KB 27ms
21ms Script
application/javascript 2606:4700::6811:4104
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.14.0/prism.min.js

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4104 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8d31b32c0a8e01c38bf802c3d9fdadbc563b7ece9dc2439ea3cf318ae5476919

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:34 GMT
content-encoding: br
cf-cache-status: HIT
age: 20550230
cf-ray: 54291a42dcaacbb8-VIE
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
alt-svc: h3-23=":443"; ma=86400
last-modified: Thu, 17 May 2018 09:25:15 GMT
server: cloudflare
etag: W/"5afd4a7b-2ff6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sat, 28 Nov 2020 18:39:34 GMT
cache-control: public, max-age=30672000
timing-allow-origin: *
served-in-seconds: 0.013

GET
H2 200 prism-css.min.js Show response
cdnjs.cloudflare.com/ajax/libs/prism/1.14.0/components/ 1 KB
561 B 25ms
19ms Script
application/javascript 2606:4700::6811:4104
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.14.0/components/prism-css.min.js

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4104 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

19f4315558fec76fd1c12ba59f2efe0daaa6dc3d294a8bae37da4b98f279e550

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:34 GMT
content-encoding: br
cf-cache-status: HIT
age: 20528674
cf-ray: 54291a42dcb0cbb8-VIE
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
alt-svc: h3-23=":443"; ma=86400
last-modified: Thu, 17 May 2018 09:26:22 GMT
server: cloudflare
etag: W/"5afd4abe-417"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sat, 28 Nov 2020 18:39:34 GMT
cache-control: public, max-age=30672000
timing-allow-origin: *
served-in-seconds: 0.001

GET
H2 200 prism-javascript.min.js Show response
cdnjs.cloudflare.com/ajax/libs/prism/1.14.0/components/ 2 KB
926 B 23ms
17ms Script
application/javascript 2606:4700::6811:4104
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.14.0/components/prism-javascript.min.js

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4104 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd71b6019dc666c726cf32b771c270cc96df4c498b20b4c9e936383599b55593

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:34 GMT
content-encoding: br
cf-cache-status: HIT
age: 20549198
cf-ray: 54291a42dcb5cbb8-VIE
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
alt-svc: h3-23=":443"; ma=86400
last-modified: Thu, 17 May 2018 09:25:15 GMT
server: cloudflare
etag: W/"5afd4a7b-656"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sat, 28 Nov 2020 18:39:34 GMT
cache-control: public, max-age=30672000
timing-allow-origin: *
served-in-seconds: 0.000

GET
H2 200 prism-sass.min.js Show response
cdnjs.cloudflare.com/ajax/libs/prism/1.14.0/components/ 1 KB
472 B 25ms
20ms Script
application/javascript 2606:4700::6811:4104
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.14.0/components/prism-sass.min.js

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4104 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

72291cc08077def8d5530f1ec7fe813a016fbe99de8eddf9105bc294c848153c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:34 GMT
content-encoding: br
cf-cache-status: HIT
age: 20528674
cf-ray: 54291a42dcb9cbb8-VIE
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
alt-svc: h3-23=":443"; ma=86400
last-modified: Thu, 17 May 2018 09:25:15 GMT
server: cloudflare
etag: W/"5afd4a7b-400"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sat, 28 Nov 2020 18:39:34 GMT
cache-control: public, max-age=30672000
timing-allow-origin: *
served-in-seconds: 0.001

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:81b::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-112171664-3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 358
date: Mon, 09 Dec 2019 18:33:37 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Mon, 09 Dec 2019 20:33:37 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 121 KB
26 KB 6ms
5ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

71b52274b1b43661e6523b2774c9fa98a673e1861703bea5f32d75a32a850394

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-23=":443"; ma=3600
content-length: 26702
x-xss-protection: 0
pragma: public
x-fb-debug: sE0FXJ+ZSN6+QbOEOmQcDOMxASHNqVSFi/LOtb3P3IgGm2Zqz6rc9nHSf6lrTTAo36Rz+R/WVFq3POMBJhLoog==
x-fb-trip-id: 1475214379
date: Mon, 09 Dec 2019 18:39:35 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK embed.js Show response
cystack.disqus.com/ 66 KB
22 KB 427ms
408ms Script
application/javascript 151.101.112.134
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://cystack.disqus.com/embed.js

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.134 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

openresty /

Resource Hash

aefc0b85debb07954c126afb3f3b3adc6a38190e70eff430e1ad862dc0ea7d53

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 09 Dec 2019 18:39:35 GMT
Content-Encoding: gzip
Server: openresty
Age: 0
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Connection: keep-alive
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 22121

GET
H2 200 lounge.91c71242b4acaa0ee7f9db125ef21f90.css
c.disquscdn.com/next/embed/styles/ 0
21 KB 67ms
33ms Other
text/css 2606:4700::6810:4da6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.91c71242b4acaa0ee7f9db125ef21f90.css

Requested by

Host: cystack.disqus.com
URL: https://cystack.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:4da6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 411845
cf-ray: 54291a479cc4cbb8-VIE
status: 200
vary: Accept-Encoding
content-length: 21500
x-xss-protection: 1; mode=block
last-modified: Thu, 05 Dec 2019 00:06:09 GMT
server: cloudflare
etag: "5de849f1-53fc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=300; includeSubdomains
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Dec 2020 00:15:29 GMT

GET
H2 200 common.bundle.370d07ffe661cfcc2df49ccf9bc6cfae.js
c.disquscdn.com/next/embed/ 0
89 KB 34ms
34ms Other
application/javascript 2606:4700::6810:4da6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.370d07ffe661cfcc2df49ccf9bc6cfae.js

Requested by

Host: cystack.disqus.com
URL: https://cystack.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:4da6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 241402
cf-ray: 54291a479cc7cbb8-VIE
status: 200
vary: Accept-Encoding
content-length: 90522
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Dec 2019 22:38:27 GMT
server: cloudflare
etag: "5dead863-1619a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=300; includeSubdomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 05 Dec 2020 22:55:10 GMT

GET
H2 200 lounge.bundle.0bbbd01009ed2a929a194ba7772e1d9d.js
c.disquscdn.com/next/embed/ 0
108 KB 18ms
18ms Other
application/javascript 2606:4700::6810:4da6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.0bbbd01009ed2a929a194ba7772e1d9d.js

Requested by

Host: cystack.disqus.com
URL: https://cystack.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:4da6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234312
cf-ray: 54291a479ccacbb8-VIE
status: 200
vary: Accept-Encoding
content-length: 110245
x-xss-protection: 1; mode=block
last-modified: Sat, 07 Dec 2019 01:24:34 GMT
server: cloudflare
etag: "5deaff52-1aea5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=300; includeSubdomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 06 Dec 2020 01:34:15 GMT

GET
H/1.1 200
OK config.js
disqus.com/next/ 0
3 KB 269ms
238ms Other
application/javascript 151.101.0.134
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: cystack.disqus.com
URL: https://cystack.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.0.134 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 09 Dec 2019 18:39:35 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 42
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection: keep-alive
Content-Length: 2352
X-XSS-Protection: 1; mode=block
Server: nginx
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Timing-Allow-Origin: *

GET
H/1.1 200
OK /
disqus.com/embed/comments/ Frame 92E8 0
0 207ms
170ms Document
text/html 151.101.0.134
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/embed/comments/?base=default&f=cystack&t_i=ghost-5c5296a25879070609443974&t_u=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&t_d=Word-based%20Malware%20Attack&t_t=Word-based%20Malware%20Attack&s_o=default

Requested by

Host: cystack.disqus.com
URL: https://cystack.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.0.134 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ 'unsafe-inline' https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ https://apis.google.com https://www.google.com/recaptcha/ https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: disqus.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://blog.cystack.net/word-based-malware-attack/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://blog.cystack.net/word-based-malware-attack/

Response headers

Server: nginx
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ 'unsafe-inline' https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ https://apis.google.com https://www.google.com/recaptcha/ https://disqus.com
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Type: text/html; charset=utf-8
Last-Modified: Fri, 15 Nov 2019 07:33:01 GMT
ETag: W/"lounge:view:7415270133.bfefc84333ed52b21da22d73e88236f0.2"
Content-Encoding: gzip
Content-Length: 5941
Date: Mon, 09 Dec 2019 18:39:35 GMT
Age: 0
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains

GET
H/1.1 200
OK /
tempest.services.disqus.com/ads-iframe/google/ Frame D44C 0
0 242ms
228ms Document
text/html 151.101.112.64
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://tempest.services.disqus.com/ads-iframe/google/?position=top&shortname=cystack&experiment=network_default&variant=fallthrough&service=dynamic&anchorColor=%2326a8ed&colorScheme=light&sourceUrl=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&typeface=sans-serif&canonicalUrl=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&disqus_version=7dd8c12
Requested by: Host: cystack.disqus.com
URL: https://cystack.disqus.com/embed.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.64 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: openresty /
Resource Hash

Request headers

Host: tempest.services.disqus.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://blog.cystack.net/word-based-malware-attack/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://blog.cystack.net/word-based-malware-attack/

Response headers

Server: openresty
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=300
X-Service: router
Content-Encoding: gzip
Content-Length: 9134
Date: Mon, 09 Dec 2019 18:39:35 GMT
Age: 0
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ 43 B
295 B 134ms
121ms Image
image/gif 151.101.112.134
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?imp=5eundko2k6tevn&experiment=network_default&variant=fallthrough&service=dynamic&area=top&product=embed&forum=cystack&zone=thread&version=f8a4cbb0ab5ea556713db4aabbf77391&page_url=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&page_referrer=&object_type=provider&event=activity&ad_product_name=iab_display&ad_product_layout=iab_display&bin=embed%3Apromoted_discovery%3Adynamic%3Anetwork_default%3Afallthrough&section=default&verb=call&adjective=1&forum_id=5304971

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.134 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 09 Dec 2019 18:39:35 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
111 B 14ms
14ms Image
image/gif 2a00:1450:4001:81b::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1106231648&t=pageview&_s=1&dl=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&ul=en-us&de=UTF-8&dt=Word-based%20Malware%20Attack&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=1702850315&gjid=758908435&cid=1592928493.1575916776&tid=UA-112171664-3&_gid=789043655.1575916776&_r=1&gtm=2ouav9&z=454092789

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Dec 2019 18:39:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 163582237627718 Show response
connect.facebook.net/signals/config/ 349 KB
85 KB 63ms
62ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/163582237627718?v=2.9.14&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

68e91b10ac64cb5a15953c141981bab5fb2113032a3e9e44deeca67f633bf241

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-23=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: OoZYArSoPmU2ALtVaOQ8OjHo04cL5eycaX+eCwvMbBAms80+p/iA/5JdDyvD7hN+zZpPPXZBz8apzkxCedkmEg==
x-fb-trip-id: 1475214379
date: Mon, 09 Dec 2019 18:39:35 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
257 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=163582237627718&ev=PageView&dl=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&rl=&if=false&ts=1575916775666&sw=1600&sh=1200&v=2.9.14&r=stable&ec=0&o=30&fbp=fb.1.1575916775665.1435308357&it=1575916775553&coo=false&rqm=GET

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-24=":443"; ma=3600
content-length: 44
expires: Mon, 09 Dec 2019 18:39:35 GMT

GET
H2 200 alfie.f51946af45e0b561c60f768335c9eb79.js Show response
c.disquscdn.com/next/embed/ 19 KB
7 KB 21ms
20ms Script
application/javascript 2606:4700::6810:4da6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/alfie.f51946af45e0b561c60f768335c9eb79.js

Requested by

Host: cystack.disqus.com
URL: https://cystack.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:4da6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

eda8f00e9255746e7620848227aca122053845c9b4a90f1b3e26b4cd99af9e25

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 18:39:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 27360612
cf-ray: 54291a49ab4ccbb8-VIE
status: 200
vary: Accept-Encoding
content-length: 6605
x-xss-protection: 1; mode=block
last-modified: Wed, 29 Aug 2018 23:43:03 GMT
server: cloudflare
cache-control: max-age=31536000, public, immutable, no-transform
etag: "5b872f87-19cd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=300; includeSubdomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
fastly-debug-digest: baac760ca1e6f62ea6380d62d4f07b5dfbb97755c19df0448623d4ede950e2e4
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 31 Aug 2019 08:32:13 GMT

GET
H/1.1 200
OK ping Show response
links.services.disqus.com/api/ 282 B
908 B 55ms
41ms XHR
text/javascript 151.101.12.64
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://links.services.disqus.com/api/ping?format=jsonp&key=cfdfcf52dffd0a702a61bad27507376d&loc=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&subId=5304971&v=1&jsonp=vglnk_jsonp_15759167759650
Requested by: Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie.f51946af45e0b561c60f768335c9eb79.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.64 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 90213a358ec27c0ffad261f9a628095402518cff3219f7cbf547d7bc8d03488a

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://blog.cystack.net/word-based-malware-attack/
Origin: https://blog.cystack.net

Response headers

Pragma: no-cache
Date: Mon, 09 Dec 2019 18:39:36 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://blog.cystack.net
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 282
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 /
www.facebook.com/tr/ 0
81 B 7ms
7ms Other
text/plain 2a03:2880:f11c:8083:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
Origin: https://blog.cystack.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryzd3t689MoCJQJckA

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
access-control-allow-origin: https://blog.cystack.net
date: Mon, 09 Dec 2019 18:39:36 GMT
content-type: text/plain
status: 200
access-control-allow-credentials: true
alt-svc: h3-24=":443"; ma=3600
content-length: 0

GET
H/1.1 200
OK /
tempest.services.disqus.com/ads-iframe/google/ Frame AE35 0
0 152ms
151ms Document
text/html 151.101.112.64
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://tempest.services.disqus.com/ads-iframe/google/?position=bottom&shortname=cystack&experiment=network_default&variant=fallthrough&service=dynamic&anchorColor=%2326a8ed&colorScheme=light&sourceUrl=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&typeface=sans-serif&canonicalUrl=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&disqus_version=7dd8c12
Requested by: Host: cystack.disqus.com
URL: https://cystack.disqus.com/embed.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.64 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: openresty /
Resource Hash

Request headers

Host: tempest.services.disqus.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://blog.cystack.net/word-based-malware-attack/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://blog.cystack.net/word-based-malware-attack/

Response headers

Server: openresty
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=300
X-Service: router
Content-Encoding: gzip
Content-Length: 9136
Date: Mon, 09 Dec 2019 18:39:36 GMT
Age: 0
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ 43 B
295 B 120ms
120ms Image
image/gif 151.101.112.134
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?imp=5eundko2k6tevn&experiment=network_default&variant=fallthrough&service=dynamic&area=top&product=embed&forum=cystack&zone=thread&version=f8a4cbb0ab5ea556713db4aabbf77391&page_url=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&page_referrer=&object_type=advertisement&event=activity&ad_product_name=iab_display&ad_product_layout=iab_display&bin=embed%3Apromoted_discovery%3Adynamic%3Anetwork_default%3Afallthrough&object_id=%5B184193%5D&section=default&verb=load&advertisement_id=184193&forum_id=5304971

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.134 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 09 Dec 2019 18:39:36 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ 43 B
295 B 132ms
121ms Image
image/gif 151.101.112.134
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?imp=5eundko2k6tevn&experiment=network_default&variant=fallthrough&service=dynamic&area=bottom&product=embed&forum=cystack&zone=thread&version=f8a4cbb0ab5ea556713db4aabbf77391&page_url=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&page_referrer=&object_type=provider&event=activity&ad_product_name=iab_display&ad_product_layout=iab_display&bin=embed%3Apromoted_discovery%3Adynamic%3Anetwork_default%3Afallthrough&section=default&verb=call&adjective=1&forum_id=5304971

Requested by

Host: blog.cystack.net
URL: https://blog.cystack.net/word-based-malware-attack/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.134 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 09 Dec 2019 18:39:36 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ 43 B
295 B 125ms
125ms Image
image/gif 151.101.112.134
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?imp=5eundko2k6tevn&experiment=network_default&variant=fallthrough&service=dynamic&area=bottom&product=embed&forum=cystack&zone=thread&version=f8a4cbb0ab5ea556713db4aabbf77391&page_url=https%3A%2F%2Fblog.cystack.net%2Fword-based-malware-attack%2F&page_referrer=&object_type=advertisement&event=activity&ad_product_name=iab_display&ad_product_layout=iab_display&bin=embed%3Apromoted_discovery%3Adynamic%3Anetwork_default%3Afallthrough&object_id=%5B184193%5D&section=default&verb=load&advertisement_id=184193&forum_id=5304971

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.134 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.cystack.net/word-based-malware-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 09 Dec 2019 18:39:36 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.taboola.com/	1970-01-19 14:30:52	Name: t_gid Value: 237f481c-a8c1-4ceb-a3ea-bd0df6415962-tuct4e81a68
tempest.services.disqus.com/	1970-01-19 14:30:52	Name: trc_cookie_storage Value: disqus-widget-safetylevel20longtail09%253Asession-data%3Dv2_f9b19f96942784f5b479b12b1ae12cdb_237f481c-a8c1-4ceb-a3ea-bd0df6415962-tuct4e81a68_1575916776_1575916776_CIi3jgYQktQ_GMXX1t_uLSABKAEwODib4wlAgooQSJjEF1Cl7BBYAGAA%7Ctaboola%2520global%253Alocal-storage-keys%3D%255B%2522disqus-widget-safetylevel20longtail09%253Asession-data%2522%252C%2522taboola%2520global%253Auser-id%2522%255D%7Ctaboola%2520global%253Auser-id%3D237f481c-a8c1-4ceb-a3ea-bd0df6415962-tuct4e81a68
.cystack.net/	1970-01-19 07:54:52	Name: _fbp Value: fb.1.1575916776168.451153652

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blog.cystack.net
c.disquscdn.com
cdnjs.cloudflare.com
code.jquery.com
connect.facebook.net
cystack.disqus.com
disqus.com
lh3.googleusercontent.com
lh4.googleusercontent.com
lh5.googleusercontent.com
lh6.googleusercontent.com
links.services.disqus.com
referrer.disqus.com
tempest.services.disqus.com
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
151.101.0.134
151.101.112.134
151.101.112.64
151.101.12.64
178.128.127.65
2001:4de0:ac19::1:b:3b
2606:4700::6810:4da6
2606:4700::6811:4104
2a00:1450:4001:808::2008
2a00:1450:4001:81b::200e
2a00:1450:4001:81c::2001
2a00:1450:4001:81e::2001
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
01a6a9a6c0e2e3e78944dc69d44c6f39253bb48ad7a1f08dcae5ec9373d076be
0453284f0a667ebbc7320cd009437b5c551438fd0cee6fb15a98e1a2b4f15072
04ca52dd68c4c81c6e2bb008b8f0bea7da09db0c67835d547adeb634038b8932
04da979ee9c7f34b685b934ae23920e09556425d7c9485fec2a989075bc5cafc
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
19f4315558fec76fd1c12ba59f2efe0daaa6dc3d294a8bae37da4b98f279e550
1b45551033fb6c77af8332395668868ec37a0494c4ca764ceb018784da72ddc7
1c68cc84cb20bf35dc7130c8f6d971117cb8b8a0b2c83020313ac01517ff00cb
1ea1f97c52765ea8ebe5d70a7dbb955fa18b082716846dfd0f2a420ef6e81f70
23bb080ce82285887825b931f109c847a81bbd7ac6c2397ccfdf3ddd5db577c6
3a8558a678053b7164f9fbc70d1593fcc370260edb6ed81b1743cbc12b38df62
40420c474f8b6a5c4d07b6d9e9388f8d8599a406351655657d6a1d038ba742de
418906ccda62acc10155c9dd5bbadb2f410bf957180ef1e217d1c934e0a3dc01
4c587c7d40c8507d95292c5a58853b21fa9045543d76a2462f522dfcc47f34cf
4cf80193c4b09279a8cf684e6a6c923ced64d18f88f3720c26e6a13692cda566
4f3f0f99ace14dbfbf248037f656a4db80fd81bfb95934ab5df43562d9032bce
5c1f2820847d0a636ffede35ddcd9407168629a91b3d9f66123c273c2e2c506c
5d92c95fc0978293f02515a407a5b02e021abb225591d3d48c16ba4c72d954b6
64ab72c774099ded90ddaf0aa7004a01cb747c10ab5afd85e44a7260313959a9
64c1bcd91033ad75a07fa0aac2785c8354efefbfd125c4f3bdf93249d43d338c
66aabc63a296eb0cfd955ae17a48242c6b0c4bc891bb148962e62d49df4fd100
68e91b10ac64cb5a15953c141981bab5fb2113032a3e9e44deeca67f633bf241
6fec1230d33418da290898c9d2d1aa9f405239acb21d193d0ced881323551241
705b8e26311d7559b52e2e627bec7251b325adcacdba6a686cb2898aa52a624e
71b52274b1b43661e6523b2774c9fa98a673e1861703bea5f32d75a32a850394
71f503a81c4df3f2f0df657fa88077b3be06edae8613b08298167d7910706079
72291cc08077def8d5530f1ec7fe813a016fbe99de8eddf9105bc294c848153c
754a72d9a8c2617d340b6f09505f92c21e60b288463525f424463bf14d4f0ec1
79f8d3575cb7317a031accaeb3444bef4c77d5b5e938080ba0618e531a9d2fcb
7b331539ca16999b385ed78a2ebd016f4386299659a855429331a97b86083df7
7d17c247de61dc5c514dff02dec037d393f6f711fc54888916fe52b60f63de06
7e68b7bef7f9def8770d2657ceda22a4f7c31c217a349fef2bfbe7a02f6cd84f
7fd5b645daf5f1751bfdde5d27e6bbab9d4054d892d4671badb95a8c725fadaa
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8920a4659375978007c1f30a0b8a267d38f3dff064f13ec9f16b3d0133da5501
8d31b32c0a8e01c38bf802c3d9fdadbc563b7ece9dc2439ea3cf318ae5476919
8f1ccf389ca75f4c48078d9b601e2591df39e93f9e58c187c57c5141158ecd69
90213a358ec27c0ffad261f9a628095402518cff3219f7cbf547d7bc8d03488a
92fa9cff7be89c299aed218738466ccf6194d6c3e559303ed59eab5eab49160e
9dfced5e841cbbde86669be2f822a541da1e2d83dbb0bb6d2f6178d9cb7f9650
aaff77f553f847519fd6b1bd8b913dea2cda339b1bf4e7c18cf4822c9c3fb035
ac6307996424c72f1e43aa9b8eb886427a188d1f10a06eb3699c59bb22d247f9
ae7dc592906c764cf9520204949c6f59d947ae2a0969925945bb3339d5bb9a3e
aefc0b85debb07954c126afb3f3b3adc6a38190e70eff430e1ad862dc0ea7d53
b3129336b5624802f5532cff9cfa825886aa5c6e80e2f485523b503d11560eec
bb26caef3b7c32d7b11357c272bbafe7dc0cf0716e37b86d95412687a86c0936
c2918bbe8f1e0d6961f86e9360dbd23cf788c67e5d515a7a7097ec37b4171d8b
c3a8e711b9ea5881f255bd7bb856c311841da2135814fed21a0ec2d80ee78b19
c4f7874b308c98d3b0e9f367dba84019160a2f49da9b58b73895d208c0637ec3
c4fb2ce52d2af93291604cc82583d3d61b5658acdb5619e3b4894a3a2d73e328
c8cf0aa1b81bdb5862247c32319e5c67e5a9a03e4f8142b141ae9c9ed9817039
cc23600394fa7a046a3237e0406c7525411c288e64ca2a0e147735e8efb15b38
cd71b6019dc666c726cf32b771c270cc96df4c498b20b4c9e936383599b55593
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d7637b3c4f2bd21608774df4409437d1cd1840a1bc912245e7e51a49079bbf71
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
e06fdaa5b3592c4064b22092ab4ec635441a0b3296879a11282aced7e7b170c6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec3fb9ac4558b8efeb9725ea47642a70430b320c1950d79e3d6283e2c9bcb277
eda8f00e9255746e7620848227aca122053845c9b4a90f1b3e26b4cd99af9e25
f86ebfa9571a9826a420e75fac7d63f0d15ba5797a33698f8be9581d2c31b738
f8e9239d4922a004ac316f228ca115feffb035f140dd6e2513f26b1cc36b6344
ff04735ce1430150d4bbfe3335538dfc0de2281d13d98bad09ef6917077d6424

blog.cystack.net Open in urlscan Pro 178.128.127.65 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

74 Requests

100 %HTTPS

64 %IPv6

10 Domains

17 Subdomains

14 IPs

5 Countries

2443 kBTransfer

2834 kBSize

3 Cookies

15 Outgoing links

Redirected requests

74 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

blog.cystack.net Open in urlscan Pro
178.128.127.65 Public Scan

Screenshot
Live screenshot

Full Image

74
Requests

100 %
HTTPS

64 %
IPv6

10
Domains

17
Subdomains

14
IPs

5
Countries

2443 kB
Transfer

2834 kB
Size

3
Cookies

74 HTTP transactions
0 data transactions