malware.news Open in urlscan Pro
104.26.7.105 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
Submission: On September 28 via api (September 28th 2021, 5:27:51 am UTC) from GB — Scanned from DE

Summary HTTP 67 Redirects Links 36 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 67 HTTP transactions. The main IP is 104.26.7.105, located in United States and belongs to CLOUDFLARENET, US. The main domain is malware.news.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 15th 2021. Valid for: a year.

This is the only time malware.news was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
33	104.26.7.105 104.26.7.105	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.185.78 142.250.185.78	15169 (GOOGLE) (GOOGLE)
32	2.18.233.62 2.18.233.62	16625 (AKAMAI-AS) (AKAMAI-AS)
67	4

33 104.26.7.105 (United States)

ASN13335 (CLOUDFLARENET, US)

malware.news	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.78 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 2.18.233.62 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-62.deploy.static.akamaitechnologies.com

www.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
33	malware.news malware.news	1 MB
32	microsoft.com www.microsoft.com	1 MB
2	google-analytics.com www.google-analytics.com	20 KB
67	3

	Domain	Requested by
33	malware.news	malware.news
32	www.microsoft.com	malware.news
2	www.google-analytics.com	malware.news www.google-analytics.com
67	3

This site contains links to these domains. Also see Links.

Domain
www.microsoft.com
docs.microsoft.com
attack.mitre.org
troopers.de
github.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-15` - `2022-06-14`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
www.microsoft.com Microsoft RSA TLS CA 01	`2021-07-28` - `2022-07-28`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
Frame ID: 63FFF4B1D13970CC0FDFC0D40A150E4C
Requests: 68 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor - Malware News - Malware Analysis, News and Indicators

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

67
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

2205 kB
Transfer

6139 kB
Size

3
Cookies

36 Outgoing links

These are links going to different origins than the main page.

URL: https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
Title: SUNBURST backdoor, TEARDROP malware, and related components

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/
Title: GoldMax, GoldFinder, and Sibot malware

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/
Title: EnvyScout, BoomBox, NativeZone, and VaporRage

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/windows-server/identity/active-directory-federation-services
Title: AD FS

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/windows-server/identity/ad-fs/design/token-signing-certificates
Title: token-signing certificate

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/windows-server/identity/ad-fs/design/certificate-requirements-for-federation-servers
Title: token-decryption certificate

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/windows-server/identity/ad-fs/deployment/best-practices-securing-ad-fs#hardware-security-module-hsm
Title: hardware security module (HSM)

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/windows-server/identity/ad-fs/deployment/best-practices-securing-ad-fs
Title: securing AD FS servers

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/security/blog#indicators
Title: Indicators of compromise (IOCs)

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/security/blog#mitigations
Title: mitigation guidance

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/security/blog#detections
Title: detection details

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/security/blog#advanced-hunting
Title: hunting queries

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows-server/identity/active-directory-federation-services
Title: AD FS

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1574/001/
Title: DLL search order hijacking

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig1-FoggyWeb-NOBELIUM.png
Title: Diagram showing structure of Microsoft.IdentityServer.ServiceHost.exe after loading version.dll906×885

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig2-FoggyWeb-NOBELIUM.png
Title: Diagram showing FoggyWeb attack chain975×415

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig6af-FoggyWeb-NOBELIUM.png
Title: Screenshot of dump of the legitimate version.dll576×627

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig6b-FoggyWeb-NOBELIUM.png
Title: Screenshot of the malicious version.dll576×666

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig7-FoggyWeb-NOBELIUM.png
Title: Screenshot of the export functions of the malicious version.dll768×138

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig9-FoggyWeb-NOBELIUM.png
Title: Screenshot of code showing trampoline function preserves the value of the arguments/registers intended for the function from the legitimate version of version.dll by saving the value of certain CPU register480×579

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig25-FoggyWeb-NOBELIUM.png
Title: 576×634

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig28-FoggyWeb-NOBELIUM.png
Title: 1320×406

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig35g-FoggyWeb-NOBELIUM.png
Title: 768×228

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig37-FoggyWeb-NOBELIUM.png
Title: 576×519

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig46-FoggyWeb-NOBELIUM.png
Title: 768×174

Search URL Search Domain Scan URL

URL: https://troopers.de/troopers19/agenda/fpxwmn/
Title: I am AD FS and so can you: Attacking Active Directory Federated Services

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/windows-server/security/group-managed-service-accounts/group-managed-service-accounts-overview
Title: Group Managed Service Account (gMSA)

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/azure/active-directory/hybrid/how-to-connect-install-prerequisites#harden-your-azure-ad-connect-server
Title: securing

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/azure/active-directory/hybrid/how-to-connect-monitor-federation-changes
Title: monitoring

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig58-FoggyWeb-NOBELIUM.png
Title: 768×438

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/azure/active-directory/identity-protection/overview-identity-protection
Title: Azure AD Identity Protection

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/azure/active-directory/identity-protection/concept-identity-protection-risks#risk-types-and-detection
Title: “Token Issuer Anomaly” detection

Search URL Search Domain Scan URL

URL: https://github.com/Azure/Azure-Sentinel/tree/master/Detections/MultipleDataSources/Nobelium_FoggyWeb
Title: https://github.com/Azure/Azure-Sentinel/tree/master/Detections/MultipleDataSources/Nobelium_FoggyWeb

Search URL Search Domain Scan URL

URL: https://github.com/Azure/Azure-Sentinel/tree/master/Sample%20Data/Feeds/FoggyWebIOC.csv
Title: https://github.com/Azure/Azure-Sentinel/tree/master/Sample%20Data/Feeds/FoggyWebIOC.csv

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/security/blog/2021/09/27/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/
Title: FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor 2

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/security/blog
Title: Microsoft Security Blog

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

67 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 53087 Show response
malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/ 211 KB
34 KB 364ms
318ms Document
text/html 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53c9be3b135462bc34fbb74d99437f3123b60be36e3ec983ae9aab81f6369697

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; object-src 'none'; script-src https://malware.news/logs/ https://malware.news/sidekiq/ https://malware.news/mini-profiler-resources/ https://malware.news/assets/ https://malware.news/brotli_asset/ https://malware.news/extra-locales/ https://malware.news/highlight-js/ https://malware.news/javascripts/ https://malware.news/plugins/ https://malware.news/theme-javascripts/ https://malware.news/svg-sprite/ https://www.google-analytics.com/analytics.js; worker-src 'self' https://malware.news/assets/ https://malware.news/brotli_asset/ https://malware.news/javascripts/ https://malware.news/plugins/
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: malware.news
:scheme: https
:path: /t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
x-discourse-route: topics/show
cache-control: no-cache, no-store
content-security-policy: base-uri 'none'; object-src 'none'; script-src https://malware.news/logs/ https://malware.news/sidekiq/ https://malware.news/mini-profiler-resources/ https://malware.news/assets/ https://malware.news/brotli_asset/ https://malware.news/extra-locales/ https://malware.news/highlight-js/ https://malware.news/javascripts/ https://malware.news/plugins/ https://malware.news/theme-javascripts/ https://malware.news/svg-sprite/ https://www.google-analytics.com/analytics.js; worker-src 'self' https://malware.news/assets/ https://malware.news/brotli_asset/ https://malware.news/javascripts/ https://malware.news/plugins/
x-discourse-cached: skip
x-request-id: ffa54a13-a502-40e5-9a50-ac6576f82940
x-runtime: 0.190882
x-discourse-trackview: 1
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OqxeovmSqADe6C9WD7m3U6jy5pSYrxiL9JbwY%2BSUq%2FPqy%2F0HnDSSLLUOSgVuHM%2BuJ2RByTDJo6PYZc7wq6pwMstBw0k61Ng9k9WKTte0WjKz7utetcVwfUz%2B2L9qmg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 695a907ec91c658e-LHR
content-encoding: br

GET
H2 200 browser-detect-115ab5953de1b5bb122bfb26b757f5391dd8d1d2aef2b81baf7b59aee99d9f34.js Show response
malware.news/assets/ 247 B
472 B 29ms
28ms Script
application/javascript 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/browser-detect-115ab5953de1b5bb122bfb26b757f5391dd8d1d2aef2b81baf7b59aee99d9f34.js
Requested by: Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9487cb559d6168d8f29a5684b10a9c253776e7280ea758f332902773d85367e5

Request headers

:path: /assets/browser-detect-115ab5953de1b5bb122bfb26b757f5391dd8d1d2aef2b81baf7b59aee99d9f34.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 29 Nov 2020 17:14:16 GMT
server: cloudflare
age: 13650110
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kqT2%2BhyPegutlac%2FEJ5ptVFQ80m3G2nBsvTCnjTaPB3xYVqzndA3lK8pbJN%2B6Qa%2BUqxgFxYQfOlV0EzzT%2Flo1r16aGEhZKPZ46IfGXiVX8h9v38a3gIvGuk1HDYXKw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 695a9080db0c658e-LHR
expires: Fri, 15 Apr 2022 13:38:44 GMT

GET
H2 200 en-b4c652e74e1f00d0e6059b6bf4aae63aedc7ef40ec1cd31a2d5494431da11f82.js Show response
malware.news/assets/locales/ 256 KB
75 KB 32ms
31ms Script
application/javascript 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/locales/en-b4c652e74e1f00d0e6059b6bf4aae63aedc7ef40ec1cd31a2d5494431da11f82.js
Requested by: Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b64d6f3b3fafe479610cfa9b4b86fcef473ba7d0dfc5f68c8e9de52ed4774075

Request headers

:path: /assets/locales/en-b4c652e74e1f00d0e6059b6bf4aae63aedc7ef40ec1cd31a2d5494431da11f82.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 May 2021 19:29:35 GMT
server: cloudflare
age: 2133774
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mv7vD2fdB%2BAIhD4Xo6k87mmFAEZAhOXyetU5DxhXCLoNjSiPyuaD7WQ%2BLBv8%2BCIAMv4aukP9fdWylxMnYMz46K3u9Nd%2Ff03ZCGEW5vGtnO7B13r97aUHJnGWSLu%2F3A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 695a9080db0d658e-LHR
expires: Wed, 24 Aug 2022 07:56:33 GMT

GET
H2 200 ember_jquery-36a23101c869ab0dc53fc908de69adb785731593573d32bdeef416acc1076ef4.js Show response
malware.news/assets/ 557 KB
157 KB 52ms
51ms Script
application/javascript 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/ember_jquery-36a23101c869ab0dc53fc908de69adb785731593573d32bdeef416acc1076ef4.js
Requested by: Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ab3d376b5d18228e95af2f61f4ea5ee12a4200177969694c347048fb41c9b7c

Request headers

:path: /assets/ember_jquery-36a23101c869ab0dc53fc908de69adb785731593573d32bdeef416acc1076ef4.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 May 2021 19:28:37 GMT
server: cloudflare
age: 12563287
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bz08bM2%2FDPZpuX2rV%2Fk0y0BKiZAWYOamtZFQW9Ffg2O7cvZFXCq1kQ4F0j68dlwxOtBTMU79G7ad96OEarR1xTTF1aZHfkGfo6ARzjvtQVSVOEVYTTGibJ4v2kclew%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 695a9080db0f658e-LHR
expires: Thu, 05 May 2022 19:32:02 GMT

GET
H2 200 vendor-72ed7d3a2757503f5d4b387ef519a6f371137f63e3b8f1ff29544b54c1d8450f.js Show response
malware.news/assets/ 173 KB
60 KB 51ms
50ms Script
application/javascript 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/vendor-72ed7d3a2757503f5d4b387ef519a6f371137f63e3b8f1ff29544b54c1d8450f.js
Requested by: Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f25487aa53b51b4c355c8c8dcfe481294a929e8e6c8ab3f4c1b0d84115803fb5

Request headers

:path: /assets/vendor-72ed7d3a2757503f5d4b387ef519a6f371137f63e3b8f1ff29544b54c1d8450f.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 May 2021 19:28:15 GMT
server: cloudflare
age: 12563287
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bl3E%2BuveUJ8SBRO9s2KrRRuDKPHUzfbxBNKdaS7J9F5S2rGtMk0gjz%2FXQVoCQrysfLk%2FVnPpuKK4CQyKsMjQkE5HmH%2FTGnjiarJcMzthd7CcSHF7UBO0sYKaS0qZmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 695a9080db15658e-LHR
expires: Thu, 05 May 2022 19:32:03 GMT

GET
H2 200 pretty-text-bundle-0651e2a797c3ce2e7029301b15f1e2d11ab1286bea425eaf70aac53d80e226ee.js Show response
malware.news/assets/ 150 KB
44 KB 51ms
49ms Script
application/javascript 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/pretty-text-bundle-0651e2a797c3ce2e7029301b15f1e2d11ab1286bea425eaf70aac53d80e226ee.js
Requested by: Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa7aadbd1349c23ab2ab4bfecc563e091b07aad49739b21fa4a2ed2047fa57c1

Request headers

:path: /assets/pretty-text-bundle-0651e2a797c3ce2e7029301b15f1e2d11ab1286bea425eaf70aac53d80e226ee.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 May 2021 19:28:41 GMT
server: cloudflare
age: 12563287
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ft%2BMI4MoJASAqYYzu%2BYqjWu7%2BdP%2FsGisKhKcg0LVoWiR6xYOOOQulM0TlvqbqDooWyWzjO3hKxo4xpZidsUEYXTecwLZMqQB2D6geJ31MD4HXhpOXj%2FrwB%2B4Vr92rg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 695a9080db17658e-LHR
expires: Thu, 05 May 2022 19:32:03 GMT

GET
H2 200 application-3df47873cd9bb1ffc9f33b03e1c6ae8ca41d140f3208fb6b80353c289123e986.js Show response
malware.news/assets/ 3 MB
505 KB 51ms
49ms Script
application/javascript 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/application-3df47873cd9bb1ffc9f33b03e1c6ae8ca41d140f3208fb6b80353c289123e986.js
Requested by: Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dbf6e5a1bdcf7981e49d952fc5e62e36715904a838584c9c7da9a49c62290baf

Request headers

:path: /assets/application-3df47873cd9bb1ffc9f33b03e1c6ae8ca41d140f3208fb6b80353c289123e986.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 May 2021 19:30:03 GMT
server: cloudflare
age: 383194
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9%2F3mEK1mgPleRl3Uzob1rID9fpmoeLaHSRdkzhkRyLKbZVOsWX6kGMsJBY3BjgOP%2BbGZa%2F3Qr80ZSRabjAnTWsDYC6NUuo3rhSU%2F0Bx70GwQ9oZ3UXVSMlgJ%2FDCx0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 695a9080db1d658e-LHR
expires: Thu, 08 Sep 2022 21:03:32 GMT

GET
H2 200 discourse-details-9be9806ef2338ede8e5c567dfd5b521aaad27d01694f01c604516118466d2120.js Show response
malware.news/assets/plugins/ 1 KB
1 KB 27ms
24ms Script
application/javascript 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/plugins/discourse-details-9be9806ef2338ede8e5c567dfd5b521aaad27d01694f01c604516118466d2120.js
Requested by: Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd6247435927dc30ea51dc5389f0e8fe14911ad0186ff35db94f7f0ff42f1b55

Request headers

:path: /assets/plugins/discourse-details-9be9806ef2338ede8e5c567dfd5b521aaad27d01694f01c604516118466d2120.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 29 Nov 2020 17:15:06 GMT
server: cloudflare
age: 13650110
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OeydmoPYaTuJQvrUUcGHrSOi45cvM05G%2BlG7gERO4lhB%2BG%2BucjdPeCbcnN4xwA%2BEQiARAHRFu5O1cAaROJG8fYcFpuIrQshg7nJCrnJuIU%2B%2FAqrj7GwZLqgQ3J1YEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 695a9080db1e658e-LHR
expires: Fri, 15 Apr 2022 13:38:44 GMT

GET
H2 200 discourse-local-dates-fb84b6e975839c2af6c7ffe54ef3f37631eb79d1ca4c032e3232c522b202b185.js Show response
malware.news/assets/plugins/ 32 KB
9 KB 29ms
27ms Script
application/javascript 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/plugins/discourse-local-dates-fb84b6e975839c2af6c7ffe54ef3f37631eb79d1ca4c032e3232c522b202b185.js
Requested by: Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 70f1cbf2697ee3da0fce545369f9ff2394d5a67afb1920b1433dabd5d299c436

Request headers

:path: /assets/plugins/discourse-local-dates-fb84b6e975839c2af6c7ffe54ef3f37631eb79d1ca4c032e3232c522b202b185.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 May 2021 19:29:40 GMT
server: cloudflare
age: 2127589
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WCEmZ8Ix10B5KYlyS9ABxR8GPBaO5WwD5pkcyr1p4lXDc22RCTFM%2BWpZWc6r10%2BfcvBt0YOmWAt%2FWMP%2BWet7vRXcOpRu57cjYcy6e5PnSjtfWS%2FlySBqg5KjJ8Um4g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 695a9080db1f658e-LHR
expires: Wed, 24 Aug 2022 08:36:16 GMT

GET
H2 200 discourse-narrative-bot-0b1e40d099d739cee23bbad45c2fb5eac1dcaaba028fdc9fa21b9e32930ec40b.js Show response
malware.news/assets/plugins/ 1 KB
1 KB 28ms
25ms Script
application/javascript 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/plugins/discourse-narrative-bot-0b1e40d099d739cee23bbad45c2fb5eac1dcaaba028fdc9fa21b9e32930ec40b.js
Requested by: Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6915794955aa02a862c6286b6ae26b9ad45b49d9a095ecd1c9d1b7f8b498778

Request headers

:path: /assets/plugins/discourse-narrative-bot-0b1e40d099d739cee23bbad45c2fb5eac1dcaaba028fdc9fa21b9e32930ec40b.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 May 2021 19:29:40 GMT
server: cloudflare
age: 12563287
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oGD2KxsJr9AYPNa6c0vWlNnHF1yrEjyMsZoLOcRbxWPf9ExOqLiZFdtjSniIYdnOBQ8T2ljEAzW0kcMpJ7ENosPJ6zf7u7L9BAQsR3%2BKUBOE48SHuR%2Fd%2FUKZAyBVZg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 695a9080db21658e-LHR
expires: Thu, 05 May 2022 19:32:03 GMT

GET
H2 200 discourse-presence-b6fbd1a4370db8cbe9a6026b149f4c857b4f4a71b0f72eefda4a295d0ed6a56a.js Show response
malware.news/assets/plugins/ 13 KB
4 KB 27ms
24ms Script
application/javascript 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/plugins/discourse-presence-b6fbd1a4370db8cbe9a6026b149f4c857b4f4a71b0f72eefda4a295d0ed6a56a.js
Requested by: Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5ccf20c77e2159876f53e2e7903140447691cd93ea5fdf38142a34cc37c0a1fa

Request headers

:path: /assets/plugins/discourse-presence-b6fbd1a4370db8cbe9a6026b149f4c857b4f4a71b0f72eefda4a295d0ed6a56a.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 May 2021 19:29:41 GMT
server: cloudflare
age: 2133773
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bZlcIrAOviK7viVOkF%2BCzlrHvMDREkHbolVq2W4VHeWQFTGbVT1yYfyesRuTUok4ILhdCjpetvW5rlnq7fo7towj0HpRA%2BKxivFe%2FLBH7teWcd8Y%2Bycc8QivVyHgjw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 695a9080db22658e-LHR
expires: Wed, 24 Aug 2022 07:55:32 GMT

GET
H2 200 docker_manager-ad177f91e75af171560e0d79a81bd5ce7b5b01c80c9055a24d75e9370c9de28b.js Show response
malware.news/assets/plugins/ 2 KB
1 KB 54ms
51ms Script
application/javascript 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/plugins/docker_manager-ad177f91e75af171560e0d79a81bd5ce7b5b01c80c9055a24d75e9370c9de28b.js
Requested by: Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1daf903ee846f106e08e2a131f4800ffbf8837d227192192e1f00d6fb0a6027f

Request headers

:path: /assets/plugins/docker_manager-ad177f91e75af171560e0d79a81bd5ce7b5b01c80c9055a24d75e9370c9de28b.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 May 2021 19:29:41 GMT
server: cloudflare
age: 3966164
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oSBBBAd1mBo0zH5%2BOQmxs1fuUQ5W5aJSiJIPejnZ3CECT3GK7ummE7Iy2SJtKUJUOpMBGloBlSNKfIo%2FVriHTybyRlfV%2FpF9a6hSzOnyj6mL8esA9WncbUH9pvWB%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 695a9080fb43658e-LHR
expires: Mon, 08 Aug 2022 20:28:59 GMT

GET
H2 200 lazy-yt-9db193c8caacf2e3b3a24ed4c63699ad497c210f668f467d95380efd00982345.js Show response
malware.news/assets/plugins/ 4 KB
2 KB 51ms
48ms Script
application/javascript 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/plugins/lazy-yt-9db193c8caacf2e3b3a24ed4c63699ad497c210f668f467d95380efd00982345.js
Requested by: Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40526df990780061385831eb7143db974cf389583c704c0f986284d2d8d3a0d3

Request headers

:path: /assets/plugins/lazy-yt-9db193c8caacf2e3b3a24ed4c63699ad497c210f668f467d95380efd00982345.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 May 2021 19:29:42 GMT
server: cloudflare
age: 12563287
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D4oz46ZkMLR%2BE%2F1erLQc6uhHZ%2BhIkc1tGzd1rU1tkV0SrR1pcvRDkUte4wPp3C08NrLJTRwKpglSXp1CmB%2BBmnkeIpP%2BhZ0ml0ZJZn12xedEqe1OtUvS8%2BMXtXgkug%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 695a9080fb44658e-LHR
expires: Thu, 05 May 2022 19:32:03 GMT

GET
H2 200 poll-4ece327052472a4245ca79c494a4bc3ad9b1f49d921e2df8b00a2299303f04bd.js Show response
malware.news/assets/plugins/ 59 KB
16 KB 54ms
51ms Script
application/javascript 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/plugins/poll-4ece327052472a4245ca79c494a4bc3ad9b1f49d921e2df8b00a2299303f04bd.js
Requested by: Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 093714378e2e61720fdd442517e5ac12580f7e7231aff8b07fa99cb1a925353d

Request headers

:path: /assets/plugins/poll-4ece327052472a4245ca79c494a4bc3ad9b1f49d921e2df8b00a2299303f04bd.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 May 2021 19:29:43 GMT
server: cloudflare
age: 2127589
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6QL7c5Yb87d09Rm0qWZ9ZY%2BPeFZugVtE7v4KHCcATmbNmdljeL3W42bqv3w2PTchYc%2FaOPZg4UTP9uF8ZJ1KReq19uIzOfjoSLwMkFksc5a8iD2RE6v%2BnTuy5UFtBA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 695a9080fb47658e-LHR
expires: Wed, 24 Aug 2022 08:36:16 GMT

GET
H2 200 google-universal-analytics-v3-706f1d28f0a97f67a47515c96189277240ec4940d968955042066d7873fd1fe8.js Show response
malware.news/assets/ 725 B
731 B 50ms
47ms Script
application/javascript 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/google-universal-analytics-v3-706f1d28f0a97f67a47515c96189277240ec4940d968955042066d7873fd1fe8.js
Requested by: Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 19089746082c9d1ae6b7fb6e3218eafa4411abffe26412d4d823cb304683c045

Request headers

:path: /assets/google-universal-analytics-v3-706f1d28f0a97f67a47515c96189277240ec4940d968955042066d7873fd1fe8.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 May 2021 19:28:54 GMT
server: cloudflare
age: 4506711
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sK%2FdMzfgLtU94Dz61tBpjGsfGhRcft9PEUGvr3OyaRxCFPhTm0vcPZTxlWZ5ACgmJ8DRcbufG0Y7MfGh%2ByyiJdWaz1wic6SpFfd%2FefzpbwJEkY17JQUwJh87RIAVkg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 695a9080fb48658e-LHR
expires: Sun, 24 Jul 2022 15:26:21 GMT

GET
H2 200 color_definitions_base__1685c93a050ced147a1038a195b8e1dd02483a6a.css
malware.news/stylesheets/ 2 KB
1 KB 53ms
51ms Stylesheet
text/css 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/color_definitions_base__1685c93a050ced147a1038a195b8e1dd02483a6a.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b37d1d5fdce07501dbcf92e59de22bcb3b59cf179c2c4ae85c6b4e53d7a33ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /stylesheets/color_definitions_base__1685c93a050ced147a1038a195b8e1dd02483a6a.css?__ws=malware.news
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 12563287
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y%2F6VUDnVCV9htUuQmiL54Bx%2BND4cXD%2BJIxh2JI7qLdu02u%2F9%2BhLzCWdeE%2BW6fggJ4ixSlljTbmjT2kz3iiyvRdhJmK2k0qFRxPeEaOwNslgy0BHww06OJMsxBeiSMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-discourse-route: stylesheets/show
content-disposition: inline; filename="color_definitions_base__1685c93a050ced147a1038a195b8e1dd02483a6a.css"; filename*=UTF-8''color_definitions_base__1685c93a050ced147a1038a195b8e1dd02483a6a.css
x-xss-protection: 1; mode=block
x-request-id: 24bff784-8b0c-4a68-acd4-5bd25ff52726
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 05 May 2021 19:30:23 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-download-options: noopen
content-type: text/css
cache-control: public, max-age=31556952, immutable
cf-ray: 695a9080fb49658e-LHR
content-transfer-encoding: binary

GET
H2 200 desktop_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ 372 KB
67 KB 64ms
62ms Stylesheet
text/css 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/desktop_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ac752cf3429ed4d1322aaece17556cb40319d80cef682f0ee5cbb9e1438a0fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /stylesheets/desktop_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 383194
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FGDQtYMKd2UFj2MwRroTHfxD1KiKWQNOakS%2Bt89CHgWzcv6h22QelnpGWcziVMiGbNo4a14WyQxhPBK4ls5CGFWaritozSq1%2FPXn0GhG1i3xNEaV8m0eyI6y42OzBA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-discourse-route: stylesheets/show
content-disposition: inline; filename="desktop_787482ef26fe5197f888d4afa236f1d8edce38ec.css"; filename*=UTF-8''desktop_787482ef26fe5197f888d4afa236f1d8edce38ec.css
x-xss-protection: 1; mode=block
x-request-id: f5d7a43f-b708-487b-a497-63eb7afc1b90
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 05 May 2021 19:30:19 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-download-options: noopen
content-type: text/css
cache-control: public, max-age=31556952, immutable
cf-ray: 695a9080fb4b658e-LHR
content-transfer-encoding: binary

GET
H2 200 discourse-details_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ 1 KB
1 KB 51ms
49ms Stylesheet
text/css 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/discourse-details_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

180110a7a4ac1df81ccd0d022e0929949ba0d85dddf4beb145ea590b86bd9715

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /stylesheets/discourse-details_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 2127589
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZxeAs2qbE2TfhAAjDQ%2B%2B8FeJUGC39oHCqJgYsN3fQJwM1szMEnRrSss0Unzq1tEP8EYWyTsYtg%2FYR2tX1Kybp6O0sZHcytyolU52t9G3LSfxEBo2yhhbOlhVvQGcVA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-discourse-route: stylesheets/show
content-disposition: inline; filename="discourse-details_787482ef26fe5197f888d4afa236f1d8edce38ec.css"; filename*=UTF-8''discourse-details_787482ef26fe5197f888d4afa236f1d8edce38ec.css
x-xss-protection: 1; mode=block
x-request-id: c0141f18-9c86-4990-9a93-22b6fffcc89e
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 05 May 2021 19:30:23 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-download-options: noopen
content-type: text/css
cache-control: public, max-age=31556952, immutable
cf-ray: 695a9080fb4d658e-LHR
content-transfer-encoding: binary

GET
H2 200 discourse-local-dates_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ 7 KB
2 KB 50ms
49ms Stylesheet
text/css 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/discourse-local-dates_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ba10e33fc40749d8e0a6e2ab2f0271c2bc89f8aca0c4432000456d2a9912ea9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /stylesheets/discourse-local-dates_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 12563287
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SRvcAaG98%2Bc8Eq9Hy3q3YaOedLo9md2ES1bTBqfOKFxIQyGqnbEGkmvAqcg%2B6czX4v5gaYZiTBgvpfO3s1c641E%2BtSUZM8tpPCTqRJ4NyvmJKFhxM0Tvgj4StnDgwg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-discourse-route: stylesheets/show
content-disposition: inline; filename="discourse-local-dates_787482ef26fe5197f888d4afa236f1d8edce38ec.css"; filename*=UTF-8''discourse-local-dates_787482ef26fe5197f888d4afa236f1d8edce38ec.css
x-xss-protection: 1; mode=block
x-request-id: 3026455f-069d-485d-8882-2df27b2e2ed4
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 05 May 2021 19:30:23 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-download-options: noopen
content-type: text/css
cache-control: public, max-age=31556952, immutable
cf-ray: 695a9080fb4e658e-LHR
content-transfer-encoding: binary

GET
H2 200 discourse-narrative-bot_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ 153 B
710 B 50ms
48ms Stylesheet
text/css 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/discourse-narrative-bot_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

003c3d882b326d441cae76648a6510f6c8404353de5d54e76883a2fb61b6cdd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /stylesheets/discourse-narrative-bot_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 12563287
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rFA8cYuFopS8ke9V9VJoGnm%2BMSFj%2FE%2BSpaXxCZvUhHgOv%2Bh3m%2FJMMx4%2BiziUPIFmZAwSR27i%2B6FL2sAIAv1BzK3cz8NPdLr4%2B7Lgrho%2BhKPSUwVD2mDyVCNzzkAaRg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-discourse-route: stylesheets/show
content-disposition: inline; filename="discourse-narrative-bot_787482ef26fe5197f888d4afa236f1d8edce38ec.css"; filename*=UTF-8''discourse-narrative-bot_787482ef26fe5197f888d4afa236f1d8edce38ec.css
x-xss-protection: 1; mode=block
x-request-id: 50c2ece9-3aed-4b89-b5fe-38be3df6ffaa
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 05 May 2021 19:30:23 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-download-options: noopen
content-type: text/css
cache-control: public, max-age=31556952, immutable
cf-ray: 695a9080fb4f658e-LHR
content-transfer-encoding: binary

GET
H2 200 discourse-presence_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ 1 KB
1 KB 63ms
62ms Stylesheet
text/css 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/discourse-presence_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8d814ada502cfca69414ee2168f70cc98bdf53153a31b47548c0be6d75c5c046

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /stylesheets/discourse-presence_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 12563287
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R5O%2FZicWIbgwsyDzv7YX7PKxVXdwMacDULJDKJPJEngbass7FEc2LBDwrAAsV8VnUOPGblSLwLCzvZ%2FRHMitOaTow2pojGxzbQ7PWn%2BJjS2SeMiDkvn1F1H6JBZ6yw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-discourse-route: stylesheets/show
content-disposition: inline; filename="discourse-presence_787482ef26fe5197f888d4afa236f1d8edce38ec.css"; filename*=UTF-8''discourse-presence_787482ef26fe5197f888d4afa236f1d8edce38ec.css
x-xss-protection: 1; mode=block
x-request-id: 759bd2ca-1535-4095-a0ac-68fd30033c38
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 05 May 2021 19:30:23 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-download-options: noopen
content-type: text/css
cache-control: public, max-age=31556952, immutable
cf-ray: 695a9080fb51658e-LHR
content-transfer-encoding: binary

GET
H2 200 lazy-yt_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ 2 KB
1 KB 49ms
47ms Stylesheet
text/css 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/lazy-yt_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9bc63a02041e3cbc9365d2a70224f9c22ca5e31897e72e0b3cb620259250a556

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /stylesheets/lazy-yt_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 90842
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t3xLa9srIMYg0KtT%2FCJaMsKLcjaCqFzbPxAIgiOAL%2BYtfvLQpJPBmXLXBrz%2FS9brnVr3ZMcp7ag6uzx9wv6dj1za3fCxEWiehWgK5a9QYga7huWJAeafYgGpP3Ds9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
x-discourse-route: stylesheets/show
content-disposition: inline; filename="lazy-yt_787482ef26fe5197f888d4afa236f1d8edce38ec.css"; filename*=UTF-8''lazy-yt_787482ef26fe5197f888d4afa236f1d8edce38ec.css
x-xss-protection: 1; mode=block
x-request-id: 7c0b31a5-dfaf-49e2-bb3e-7c70d25285a4
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 05 May 2021 19:30:23 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-download-options: noopen
content-type: text/css
cache-control: public, max-age=31556952, immutable
cf-ray: 695a9080fb52658e-LHR
content-transfer-encoding: binary

GET
H2 200 poll_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ 6 KB
2 KB 50ms
49ms Stylesheet
text/css 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/poll_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5dc2f3f0b6682457b113ec4e3641049d51488e18deaa8185831f4973cb57f97e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /stylesheets/poll_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 4657866
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sw6O5dZPQGPWF6xrjFHz3csQU5z6Kdb0Le0xcKJvbm1DMs16zg5GIjJeicz7jNrrExH0EgUthIwoGjR%2FLTxLTsWoKU3fDJnZR97j6%2BBjOwlIufUvgovjIeEkaZjwRg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-discourse-route: stylesheets/show
content-disposition: inline; filename="poll_787482ef26fe5197f888d4afa236f1d8edce38ec.css"; filename*=UTF-8''poll_787482ef26fe5197f888d4afa236f1d8edce38ec.css
x-xss-protection: 1; mode=block
x-request-id: 460852ce-3275-4ea1-93f9-9f42eda528da
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 05 May 2021 19:30:23 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-download-options: noopen
content-type: text/css
cache-control: public, max-age=31556952, immutable
cf-ray: 695a9080fb53658e-LHR
content-transfer-encoding: binary

GET
H2 200 poll_desktop_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ 2 KB
1 KB 51ms
50ms Stylesheet
text/css 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/poll_desktop_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

430ac06a9912729cedf0e6c618b7ad7d8c1a7623b380b60312dd17b0037f36ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /stylesheets/poll_desktop_787482ef26fe5197f888d4afa236f1d8edce38ec.css?__ws=malware.news
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 12563287
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OGmPSMj2oNodR7%2BtRR5SlRBmL2KvV7dtM8AVCZwisi1%2B7j4aadhspFo2T0ueX2GtIWBhO2mR1R4r%2BZhxUXWVyu52VLcx%2FXtqAjBwTftDSE1Tjj3TOT5XjiiInYzavw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-discourse-route: stylesheets/show
content-disposition: inline; filename="poll_desktop_787482ef26fe5197f888d4afa236f1d8edce38ec.css"; filename*=UTF-8''poll_desktop_787482ef26fe5197f888d4afa236f1d8edce38ec.css
x-xss-protection: 1; mode=block
x-request-id: 0d4e9799-b7d5-4873-a5d5-360b3f05667e
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 05 May 2021 19:30:23 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-download-options: noopen
content-type: text/css
cache-control: public, max-age=31556952, immutable
cf-ray: 695a9080fb54658e-LHR
content-transfer-encoding: binary

GET
H2 200 desktop_theme_2_1eb7402e0a8095456972b2383753bd3ab76231e8.css
malware.news/stylesheets/ 90 B
569 B 50ms
50ms Stylesheet
text/css 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/desktop_theme_2_1eb7402e0a8095456972b2383753bd3ab76231e8.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

70295e23173942999f6560f098b372fb27ad0de5bc1a1e195c6ef5af18dfc856

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /stylesheets/desktop_theme_2_1eb7402e0a8095456972b2383753bd3ab76231e8.css?__ws=malware.news
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 2127589
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DE5WAMgrLozlzwJlCUhiovOew6iDoKO69eUxAwRxI6kTUwHz%2FvuH3h%2FOZvJ%2Bm%2BrrUX1CycVyIb3P42vnyAMc3ulPtuOwqomN2oHBPsgt7ICjqe58Pr7T9dJ4l%2BwyZw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-discourse-route: stylesheets/show
content-disposition: inline; filename="desktop_theme_2_1eb7402e0a8095456972b2383753bd3ab76231e8.css"; filename*=UTF-8''desktop_theme_2_1eb7402e0a8095456972b2383753bd3ab76231e8.css
x-xss-protection: 1; mode=block
x-request-id: 54d04790-2576-4a8d-adb3-088c664ecb60
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 05 May 2021 19:30:21 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-download-options: noopen
content-type: text/css
cache-control: public, max-age=31556952, immutable
cf-ray: 695a9080fb55658e-LHR
content-transfer-encoding: binary

GET
H2 200 start-discourse-efa4e5abfbd1b50b5152ffbe64d5dcea9f7c33f766dcc6387e2711f0f2112148.js Show response
malware.news/assets/ 135 B
441 B 33ms
32ms Script
application/javascript 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/start-discourse-efa4e5abfbd1b50b5152ffbe64d5dcea9f7c33f766dcc6387e2711f0f2112148.js
Requested by: Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36e56ff433d1e7c0017688ed51d42dea37fc7a90431b54d4568df80746ed349b

Request headers

:path: /assets/start-discourse-efa4e5abfbd1b50b5152ffbe64d5dcea9f7c33f766dcc6387e2711f0f2112148.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 29 Nov 2020 17:14:50 GMT
server: cloudflare
age: 13650110
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GRDAnP5b%2FckcXmbjy6oXVttmCE6sPJL9QFC4ROooQu4BL%2Fo4VwjeNZxRb9FqE2GTVDgJykt%2B5SWE6zhuPBck2Jh5E0WT0sKRm3j6HjGbRiqHMwKCOL0Okgq%2BEkuX5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 695a90810b61658e-LHR
expires: Fri, 15 Apr 2022 13:38:44 GMT

GET
H2 200 browser-update-eec13eb6f8386f18f10b5dd6ebb7a3598d28421bb796e539b91a7e4a4c5d4c08.js Show response
malware.news/assets/ 2 KB
1 KB 43ms
42ms Script
application/javascript 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/browser-update-eec13eb6f8386f18f10b5dd6ebb7a3598d28421bb796e539b91a7e4a4c5d4c08.js
Requested by: Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a933fa87d48ac7c2f381036d364fa92767c5dae738491b16aa668671abc23442

Request headers

:path: /assets/browser-update-eec13eb6f8386f18f10b5dd6ebb7a3598d28421bb796e539b91a7e4a4c5d4c08.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 May 2021 19:28:24 GMT
server: cloudflare
age: 12563287
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0mZNeENxzRoOFVeh5J9zZC2iv9HpuyHM1%2BLcBgupqUIYfPJyuBOKkZLZHc9AFuJou%2FkJkeDv4kv6zr9wO7n0UwLRWiO8E0UqMYEOL4oPOB8SwVnuneiOhS3nO7pQFw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 695a90810b67658e-LHR
expires: Thu, 05 May 2022 19:32:03 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 84ms
26ms Script
text/javascript 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: malware.news
URL: https://malware.news/assets/google-universal-analytics-v3-706f1d28f0a97f67a47515c96189277240ec4940d968955042066d7873fd1fe8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 2449
date: Tue, 28 Sep 2021 04:46:57 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Tue, 28 Sep 2021 06:46:57 GMT

GET
H2 200 svg-2-9b0d85c163090ed00004e0abb5db8bd226e57ab5.js Show response
malware.news/svg-sprite/malware.news/ 114 KB
37 KB 34ms
34ms Script
application/javascript 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/svg-sprite/malware.news/svg-2-9b0d85c163090ed00004e0abb5db8bd226e57ab5.js

Requested by

Host: malware.news
URL: https://malware.news/assets/application-3df47873cd9bb1ffc9f33b03e1c6ae8ca41d140f3208fb6b80353c289123e986.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd8eb5f29381950bd2d56653f3a9aeb82ca7b0bcbadc5903d48f335d1a0f0fa7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /svg-sprite/malware.news/svg-2-9b0d85c163090ed00004e0abb5db8bd226e57ab5.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 12562966
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K3b1fwQntBD56WrfZ0lf3UYCHGpnCgOpiYyiQ%2FN1bqn9QNrzry3xMM7irFUwn7BeikFzIj9LEL1U31PfjCjqG%2BGXkGo2sxHhPPA86Uic%2FEAKVaZxkMV6I7xlrZIcoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-discourse-route: svg_sprite/show
x-xss-protection: 1; mode=block
x-request-id: 70d8a993-725c-496e-bbb0-31e3649c84ac
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 05 May 2011 19:32:04 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding Accept
x-download-options: noopen
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31556952, immutable
cf-ray: 695a9082ccfa658e-LHR

GET
H2 200 jquery.magnific-popup.min.js Show response
malware.news/javascripts/magnific-popup/1.1.0/ 20 KB
8 KB 27ms
27ms Script
application/javascript 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/javascripts/magnific-popup/1.1.0/jquery.magnific-popup.min.js
Requested by: Host: malware.news
URL: https://malware.news/assets/application-3df47873cd9bb1ffc9f33b03e1c6ae8ca41d140f3208fb6b80353c289123e986.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4

Request headers

:path: /javascripts/magnific-popup/1.1.0/jquery.magnific-popup.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 05 May 2021 19:25:04 GMT
server: cloudflare
age: 53498
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ek2jI3Sa5RdFu35Q6Srcgo47q7L%2FgZQ3eiQgU588O38MTdTuYWT12RzYRk9ybcHV3fcjoMupc2EljHV2wkcuXTsWq3%2F1cVqAvecSLHHXpEjkc71fSU0mOkNitwh12Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 695a9083cdc8658e-LHR
expires: Mon, 27 Sep 2021 21:39:54 GMT

GET
H2 200 cdefff4af52a8d2d43094b5d57ebca1fc7613a63.js Show response
malware.news/highlight-js/malware.news/ 202 KB
39 KB 33ms
33ms Script
application/javascript 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/highlight-js/malware.news/cdefff4af52a8d2d43094b5d57ebca1fc7613a63.js

Requested by

Host: malware.news
URL: https://malware.news/assets/application-3df47873cd9bb1ffc9f33b03e1c6ae8ca41d140f3208fb6b80353c289123e986.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

439310fe70c9254ca886a5848ab84ece7a2d0b9f1d7eb654e35ee1af86b1d0d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /highlight-js/malware.news/cdefff4af52a8d2d43094b5d57ebca1fc7613a63.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 12562966
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PSyTiq7AdhrrZ%2Bj8Hp0%2F%2Bdg8Zys8NLofF0Z%2FHFcQuayvJNqoqEw7BPEbC%2B6pQhMKE07%2FhjC3bsga%2BH0G9uRisA3wgvV35NUxdify8Y4WLaUOSQxYSTw1EC%2FQKg%2Bjeg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-discourse-route: highlight_js/show
x-xss-protection: 1; mode=block
x-request-id: fdd98e35-7e8a-4bb6-9238-f8541e294087
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 05 May 2011 19:32:04 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding Accept
x-download-options: noopen
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31556952, immutable
cf-ray: 695a9083cdc9658e-LHR

GET
H2 200 ba8ee0a927a69022c651441ac23d01bcdbc09785.png
malware.news/uploads/default/original/3X/b/a/ 9 KB
9 KB 25ms
24ms Image
image/png 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://malware.news/uploads/default/original/3X/b/a/ba8ee0a927a69022c651441ac23d01bcdbc09785.png
Requested by: Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 041dc75fa9294876d29e6d78e76c9f7f3202f1763480da93d6ce2414d0a095c3

Request headers

:path: /uploads/default/original/3X/b/a/ba8ee0a927a69022c651441ac23d01bcdbc09785.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 432565
content-length: 8758
last-modified: Sat, 22 Dec 2018 04:38:37 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2ipcQHaIBZQS0I8k2B%2Fk0g6eDagYOKAlt11ACFjHlVDGMIlWJ5E%2BOfzHWcaeBONiyDiTTYj5wR5ycw2aE6q4AUDtJRaKC3JnxEIZ%2FTNze%2FdN5R3tkqgoeaCleikLrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 695a90842e2d658e-LHR
expires: Thu, 08 Sep 2022 21:03:33 GMT

GET
H2 200 24_2.png
malware.news/user_avatar/malware.news/malbot/45/ 4 KB
5 KB 26ms
24ms Image
image/jpeg 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://malware.news/user_avatar/malware.news/malbot/45/24_2.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e6dbcb4fa67139ef1bfb019ef153f21b130a1f68f7d5bbe3c15033c14342ff7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /user_avatar/malware.news/malbot/45/24_2.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 05:27:46 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
age: 13647332
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e39DjxKyvQLEooaMvXivpOkxd8NzH8Oqo5efZFrgzYlbsmi%2Buk4E9qoDYSo0sXgltMI03vP7lyXCUSoOexoj7x6gaJHfUf2xzy%2Bd7Nm0edweRG1jb2unmA4m%2FPzHaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-discourse-route: user_avatars/show
content-length: 4324
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 29 Nov 2020 17:12:35 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-download-options: noopen
content-type: image/jpeg
cache-control: public, max-age=31556952, immutable
accept-ranges: bytes
cf-ray: 695a90842e2e658e-LHR
content-transfer-encoding: binary
cf-bgj: h2pri

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 Fig7-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 33 KB
33 KB 455ms
431ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig7-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

e7c694accac8f695eb248305d13ace7bb590561b858b6ab60dd4ea547dd502c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:47 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 96
tls_version: tls1.3
content-length: 33764
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:49:51 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D6D3191CE4
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 174
x-ms-request-id: e7d0d1e5-101e-0073-5929-b4640c000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Fig8-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 33 KB
34 KB 433ms
410ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig8-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

f880f8778527fc38ee3c8959346d7ab24551d44707cde9129f72d169520ab7e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:47 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 96
tls_version: tls1.3
content-length: 33860
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:49:58 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D6D756C9A3
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 155
x-ms-request-id: e4b18a14-201e-00a3-4a29-b4595a000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Fig10-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 14 KB
14 KB 409ms
385ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig10-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

ec17cbd8e5c6be721b70eff50260d3f4ecf1fb4b6b94c0711be6107779143c22

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:46 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 95
tls_version: tls1.3
content-length: 13841
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:50:17 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D6E2A74B66
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 138
x-ms-request-id: 65fcf80b-b01e-0027-5229-b42b5b000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Fig11-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 13 KB
14 KB 407ms
385ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig11-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

6a87c768ec04dd50742787de6d09a14a579a825f80325fb6350763e75b7031b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:46 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 95
tls_version: tls1.3
content-length: 13799
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:50:22 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D6E5D1F636
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 130
x-ms-request-id: 74f380c6-201e-0057-5c29-b492ac000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Fig12-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 41 KB
42 KB 414ms
391ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig12-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

0d01c1e61b58bbe9b65e42c8b8aaa9f389735e768f017c0390ec6d3a40c1d77c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:46 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 95
tls_version: tls1.3
content-length: 42332
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:50:28 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D6E93E9854
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 136
x-ms-request-id: 43996f47-101e-0087-6029-b4affa000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Fig15-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 23 KB
24 KB 436ms
413ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig15-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

1edcdff5e5eb87d417ef061b63757a7a96d827df7b323c26d2f8694c581b1177

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:47 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 95
tls_version: tls1.3
content-length: 23685
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:50:53 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D6F84751DB
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 141
x-ms-request-id: 5f281b79-601e-0024-4829-b4ca3f000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Fig16-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 54 KB
54 KB 452ms
450ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig16-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

337841cacc810966f1a748bdd0e4c23d80585b5f76cbc65a243bb9e328148a72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:47 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 96
tls_version: tls1.3
content-length: 54996
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:51:00 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D6FC63DBDF
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 161
x-ms-request-id: 190c21eb-201e-0068-2b29-b45a0f000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Fig17-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 22 KB
22 KB 485ms
483ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig17-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

dd45733929c6d49dd415cce2b261835c0e935c8ca72c79a319b8d064580c115c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:47 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 96
tls_version: tls1.3
content-length: 22370
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:51:07 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D700780002
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 171
x-ms-request-id: 26a49803-d01e-0053-3529-b41fab000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Fig18-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 63 KB
63 KB 562ms
560ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig18-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

0e464194735cc759744eea53e73967a09c5800976b0046b6171a957e944ba229

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:47 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 95
tls_version: tls1.3
content-length: 64424
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:51:14 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D7048FCE56
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 222
x-ms-request-id: f0c296d9-601e-0046-0729-b40818000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Fig19-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 73 KB
73 KB 522ms
520ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig19-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

0c790e0b93411874a3270d9cf25287e3a758051ab9c81ba801baaa687b2843ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:47 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 95
tls_version: tls1.3
content-length: 74614
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:51:22 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D7093C56C6
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 159
x-ms-request-id: 04986a11-301e-0064-1329-b4cd07000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Fig23-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 79 KB
80 KB 541ms
539ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig23-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

acebca6bb94687d26ede3bd913fd03954e333fcd1f7141f96504e98fb12b2215

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:47 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 95
tls_version: tls1.3
content-length: 81056
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:51:53 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D71C07A9FF
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 166
x-ms-request-id: a718ab0b-d01e-0088-0b29-b4d996000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Fig26-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 26 KB
26 KB 540ms
538ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig26-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

de0ca0ff3bb86d73a1bde16fb8f1374617856ed1ef841a0372c1eb211c49c5e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:47 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 96
tls_version: tls1.3
content-length: 26439
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:52:22 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D72D6E4A4E
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 145
x-ms-request-id: 3f36f888-e01e-0093-6e29-b4e795000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Fig27-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 27 KB
27 KB 598ms
596ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig27-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

42ec275869e47fed0ccb760a740c45c6a55580ac79a67dede7ce931a8117d34c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:47 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 96
tls_version: tls1.3
content-length: 27278
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:52:29 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D7313CCD29
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 152
x-ms-request-id: ed3af83e-f01e-0019-7e29-b4bc24000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Fig30-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 16 KB
16 KB 522ms
520ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig30-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

5cff3efef16d1661ce7c8194c12d7b1e8fd41da7e2f712bac4045a63261aa5bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:47 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 96
tls_version: tls1.3
content-length: 15972
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:53:02 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D7450D15F6
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 117
x-ms-request-id: 0702551f-f01e-0036-0229-b4b1ef000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Fig31-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 12 KB
12 KB 598ms
596ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig31-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

0a5839cd7c0eabc6aa774d10317278a26c7395e8b5736be5bc918c0b1eb905c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:47 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 95
tls_version: tls1.3
content-length: 12178
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:53:08 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D748D83D04
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 134
x-ms-request-id: ecb0b012-201e-009c-5129-b491f9000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Fig32-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 13 KB
14 KB 598ms
597ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig32-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

77eb27592ab1bc160e6a8d564ad3724447c85acd9552b75aefb7e51e46257b73

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:47 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 96
tls_version: tls1.3
content-length: 13626
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:53:15 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D74CAE627C
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 118
x-ms-request-id: 21f46901-a01e-0004-0b29-b4b198000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Fig33-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 13 KB
14 KB 623ms
622ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig33-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

469305e076b61b081f375808dacbdcecc96b0100e9a470ff91a42604a3832df2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:47 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 96
tls_version: tls1.3
content-length: 13610
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:53:22 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D7509CA80E
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 123
x-ms-request-id: 56e9f43c-901e-000f-5d29-b44af3000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Fig34-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 16 KB
17 KB 644ms
642ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig34-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

2c8ca3ce2c2ba71f6a427d3297921b012a26ba235186016db94726f0dbdde8a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:47 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 97
tls_version: tls1.3
content-length: 16533
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:53:28 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D7549C2F23
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 138
x-ms-request-id: 3f36f8bb-e01e-0093-1929-b4e795000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Fig36-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 70 KB
71 KB 689ms
687ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig36-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

4d8afd5bb373b154d8855ba1dd8e3a46809b7801e86ad13b8009d512a4d18f5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:47 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 95
tls_version: tls1.3
content-length: 71811
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:53:41 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D75C7BC867
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 157
x-ms-request-id: ce3e1f7e-801e-005e-8029-b4d77f000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Fig39-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 35 KB
35 KB 656ms
654ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig39-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

89ee6beac1d7a77094588bb8f84caffcf9bd3088a2c75f21da08cdd8dc8bee1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:47 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 95
tls_version: tls1.3
content-length: 35378
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:54:09 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D76CF9165A
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 136
x-ms-request-id: de0f55a5-101e-002e-6b29-b46e88000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Fig41-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 16 KB
16 KB 659ms
657ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig41-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

83b90cd086cf472a44f3ff4a3c4a99d8344b5cd4b0bfed7965a81fad79e03874

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:47 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 95
tls_version: tls1.3
content-length: 15944
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:54:24 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D775F6FE22
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 109
x-ms-request-id: 95a21803-401e-006e-3229-b469b0000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Fig42-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 34 KB
34 KB 726ms
724ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig42-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

ae6dedb970801abe91fa00a3942ce5e4b20e698c0fe34fc9892dcfdd1c8d2a39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:47 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 96
tls_version: tls1.3
content-length: 34424
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:54:32 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D77A90220F
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 171
x-ms-request-id: 6ceaf2d0-d01e-007c-0529-b41260000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Fig47-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 25 KB
26 KB 749ms
747ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig47-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

65f807bc4f908f9ebf51eeded1b67bfb335b99949be64c0047feb0def8c5508e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:47 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 96
tls_version: tls1.3
content-length: 26094
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:55:12 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D7924BA2BC
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 162
x-ms-request-id: 124af969-001e-001d-2b29-b43123000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Fig48-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 34 KB
34 KB 755ms
753ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig48-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

88b14dda4a21123aa6820ea695e57739603620c8bd569076086b0bd40b6aeacc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:47 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 95
tls_version: tls1.3
content-length: 34566
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:55:24 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D799CA1EA2
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 163
x-ms-request-id: 06e3d90f-901e-00a6-3a29-b48b81000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Fig49-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 23 KB
23 KB 755ms
753ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig49-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

c33ed3dcbb526b938f0d95f6d6935f386485a0e2631261e6158476b3b011d494

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:47 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 95
tls_version: tls1.3
content-length: 23254
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:55:31 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D79DA61170
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 138
x-ms-request-id: 92587c79-001e-008b-7c29-b438f2000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Fig50-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 34 KB
34 KB 845ms
843ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig50-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

4b73d14b7b57ee64970c09de1657c7aa6a9d019911cac5ba1bcb4fa0ea65b4b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:47 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 95
tls_version: tls1.3
content-length: 34459
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:55:38 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D7A1C92C7D
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 194
x-ms-request-id: 7069ab70-b01e-0008-6229-b42690000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Fig51-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 50 KB
50 KB 819ms
818ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig51-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

14c69cf9aab52d14087ccfc1731a917d88ce2a77b2872abfcc2419fefa6cc4ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:47 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 97
tls_version: tls1.3
content-length: 50988
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:55:45 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D7A5F8A5BD
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 175
x-ms-request-id: 84c03dc1-f01e-008f-2729-b4b5f5000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Fig52-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 19 KB
19 KB 781ms
779ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig52-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

6b2618a9ee246008ea44d657ffca1870696ec89469e7f9a1822b5c9d4002a377

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:47 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 95
tls_version: tls1.3
content-length: 19241
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:55:52 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D7AA0E50CF
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 114
x-ms-request-id: 73b4d48d-f01e-006b-7829-b4bb6b000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Fig54-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 52 KB
53 KB 852ms
850ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig54-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

c8966bc8900e2e4de9bbf4cb70cc0053ce44994d8e34f0bdbf778e87fb83e9e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:47 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 95
tls_version: tls1.3
content-length: 53245
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:56:07 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D7B3399260
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 162
x-ms-request-id: 9187b768-101e-003e-7529-b4abe0000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Fig55-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 25 KB
25 KB 855ms
853ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig55-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

7c0253758a8d99e857f1be280b5f1c26e29650d53fcedffc7b445961371c581d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:47 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 95
tls_version: tls1.3
content-length: 25109
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:56:14 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D7B770390B
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 134
x-ms-request-id: 6f8fc5e6-601e-001b-4529-b4029c000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Fig57-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 40 KB
40 KB 859ms
857ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig57-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

c0c0c12a070d77d4c60ac4f4d2a4e4d72b0afd5c67ce388b3d76d2583f15791d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:47 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 96
tls_version: tls1.3
content-length: 40654
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:56:33 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D7C2BBB0DC
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 130
x-ms-request-id: bd5b7a99-601e-0056-6429-b4cd70000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Fig1-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ 58 KB
59 KB 934ms
933ms Image
image/png 2.18.233.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2021/09/Fig1-FoggyWeb-NOBELIUM.png

Requested by

Host: malware.news
URL: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.233.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-233-62.deploy.static.akamaitechnologies.com

Software

Resource Hash

2cd0e6938e8d46f41f7f988d340101d6c603507306367d8c811c30bbe82a8d68

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://malware.news/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Tue, 28 Sep 2021 05:27:47 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 95
tls_version: tls1.3
content-length: 59358
x-ms-lease-status: unlocked
last-modified: Mon, 27 Sep 2021 16:48:24 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8D981D69F3B8269
strict-transport-security: max-age=31536000
content-type: image/png
x-edgeconnect-origin-mex-latency: 157
x-ms-request-id: 6ceaf334-d01e-007c-5e29-b41260000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
205 B 33ms
33ms XHR
text/plain 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=100672877&t=pageview&_s=1&dl=https%3A%2F%2Fmalware.news%2Ft%2Ffoggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor%2F53087&dp=%2Ft%2Ffoggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor%2F53087&ul=en-us&de=UTF-8&dt=FoggyWeb%3A%20Targeted%20NOBELIUM%20malware%20leads%20to%20persistent%20backdoor%20-%20Malware%20News%20-%20Malware%20Analysis%2C%20News%20and%20Indicators&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=622312258&gjid=701368597&cid=1006963460.1632806867&tid=UA-79191654-1&_gid=206874274.1632806867&_r=1&_slc=1&z=836400950

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://malware.news/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 28 Sep 2021 05:27:46 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://malware.news
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 poll
malware.news/message-bus/3840874dec89441b8fad55c168294b1a/ 266 B
0 132ms
132ms XHR
text/plain 104.26.7.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/message-bus/3840874dec89441b8fad55c168294b1a/poll

Requested by

Host: malware.news
URL: https://malware.news/assets/ember_jquery-36a23101c869ab0dc53fc908de69adb785731593573d32bdeef416acc1076ef4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.7.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-fetch-mode: cors
origin: https://malware.news
accept-encoding: gzip, deflate, br
x-csrf-token: undefined
accept-language: de-DE,de;q=0.9
x-silence-logger: true
sec-fetch-dest: empty
x-requested-with: XMLHttpRequest
cookie: _ga=GA1.2.1006963460.1632806867; _gid=GA1.2.206874274.1632806867; _gat=1
content-length: 234
:path: /message-bus/3840874dec89441b8fad55c168294b1a/poll
pragma: no-cache
discourse-present: true
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: application/x-www-form-urlencoded; charset=UTF-8
accept: text/plain, */*; q=0.01
cache-control: no-cache
:authority: malware.news
referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
:scheme: https
sec-fetch-site: same-origin
:method: POST
Discourse-Present: true
X-CSRF-Token: undefined
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-SILENCE-LOGGER: true
Accept: text/plain, */*; q=0.01
Referer: https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
X-Requested-With: XMLHttpRequest

Response headers

date: Tue, 28 Sep 2021 05:27:47 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-methods: GET, POST
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SGJlwlpB5PepSEsHGeGapJyYRowIms8c9QIsF4Lim3IqGG2P5lu%2F2DxY0rdODowkfHHq9qGe4M8epgn4RvDpge3HGLLnIzBNXex5j65cQzz0uMogOrP526kzfkULfg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://malware.news
cache-control: must-revalidate, private, max-age=0
cf-ray: 695a908c3d46658e-LHR
access-control-allow-headers: X-SILENCE-LOGGER, X-Shared-Session-Key, Dont-Chunk, Discourse-Present
expires: 0

Verdicts & Comments Add Verdict or Comment

44 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.malware.news/	1970-01-20 15:04:38	Name: _ga Value: GA1.2.1006963460.1632806867
.malware.news/	1970-01-19 21:34:53	Name: _gid Value: GA1.2.206874274.1632806867
.malware.news/	1970-01-19 21:33:26	Name: _gat Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	base-uri 'none'; object-src 'none'; script-src https://malware.news/logs/ https://malware.news/sidekiq/ https://malware.news/mini-profiler-resources/ https://malware.news/assets/ https://malware.news/brotli_asset/ https://malware.news/extra-locales/ https://malware.news/highlight-js/ https://malware.news/javascripts/ https://malware.news/plugins/ https://malware.news/theme-javascripts/ https://malware.news/svg-sprite/ https://www.google-analytics.com/analytics.js; worker-src 'self' https://malware.news/assets/ https://malware.news/brotli_asset/ https://malware.news/javascripts/ https://malware.news/plugins/
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

malware.news
www.google-analytics.com
www.microsoft.com
104.26.7.105
142.250.185.78
2.18.233.62
003c3d882b326d441cae76648a6510f6c8404353de5d54e76883a2fb61b6cdd1
041dc75fa9294876d29e6d78e76c9f7f3202f1763480da93d6ce2414d0a095c3
093714378e2e61720fdd442517e5ac12580f7e7231aff8b07fa99cb1a925353d
0a5839cd7c0eabc6aa774d10317278a26c7395e8b5736be5bc918c0b1eb905c5
0b37d1d5fdce07501dbcf92e59de22bcb3b59cf179c2c4ae85c6b4e53d7a33ac
0c790e0b93411874a3270d9cf25287e3a758051ab9c81ba801baaa687b2843ba
0d01c1e61b58bbe9b65e42c8b8aaa9f389735e768f017c0390ec6d3a40c1d77c
0e464194735cc759744eea53e73967a09c5800976b0046b6171a957e944ba229
14c69cf9aab52d14087ccfc1731a917d88ce2a77b2872abfcc2419fefa6cc4ba
180110a7a4ac1df81ccd0d022e0929949ba0d85dddf4beb145ea590b86bd9715
19089746082c9d1ae6b7fb6e3218eafa4411abffe26412d4d823cb304683c045
1ab3d376b5d18228e95af2f61f4ea5ee12a4200177969694c347048fb41c9b7c
1daf903ee846f106e08e2a131f4800ffbf8837d227192192e1f00d6fb0a6027f
1edcdff5e5eb87d417ef061b63757a7a96d827df7b323c26d2f8694c581b1177
2c8ca3ce2c2ba71f6a427d3297921b012a26ba235186016db94726f0dbdde8a5
2cd0e6938e8d46f41f7f988d340101d6c603507306367d8c811c30bbe82a8d68
337841cacc810966f1a748bdd0e4c23d80585b5f76cbc65a243bb9e328148a72
36e56ff433d1e7c0017688ed51d42dea37fc7a90431b54d4568df80746ed349b
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
40526df990780061385831eb7143db974cf389583c704c0f986284d2d8d3a0d3
42ec275869e47fed0ccb760a740c45c6a55580ac79a67dede7ce931a8117d34c
430ac06a9912729cedf0e6c618b7ad7d8c1a7623b380b60312dd17b0037f36ce
439310fe70c9254ca886a5848ab84ece7a2d0b9f1d7eb654e35ee1af86b1d0d9
469305e076b61b081f375808dacbdcecc96b0100e9a470ff91a42604a3832df2
4b73d14b7b57ee64970c09de1657c7aa6a9d019911cac5ba1bcb4fa0ea65b4b6
4d8afd5bb373b154d8855ba1dd8e3a46809b7801e86ad13b8009d512a4d18f5c
53c9be3b135462bc34fbb74d99437f3123b60be36e3ec983ae9aab81f6369697
5ccf20c77e2159876f53e2e7903140447691cd93ea5fdf38142a34cc37c0a1fa
5cff3efef16d1661ce7c8194c12d7b1e8fd41da7e2f712bac4045a63261aa5bc
5dc2f3f0b6682457b113ec4e3641049d51488e18deaa8185831f4973cb57f97e
65f807bc4f908f9ebf51eeded1b67bfb335b99949be64c0047feb0def8c5508e
6a87c768ec04dd50742787de6d09a14a579a825f80325fb6350763e75b7031b0
6b2618a9ee246008ea44d657ffca1870696ec89469e7f9a1822b5c9d4002a377
6ba10e33fc40749d8e0a6e2ab2f0271c2bc89f8aca0c4432000456d2a9912ea9
70295e23173942999f6560f098b372fb27ad0de5bc1a1e195c6ef5af18dfc856
70f1cbf2697ee3da0fce545369f9ff2394d5a67afb1920b1433dabd5d299c436
77eb27592ab1bc160e6a8d564ad3724447c85acd9552b75aefb7e51e46257b73
7c0253758a8d99e857f1be280b5f1c26e29650d53fcedffc7b445961371c581d
7e6dbcb4fa67139ef1bfb019ef153f21b130a1f68f7d5bbe3c15033c14342ff7
83b90cd086cf472a44f3ff4a3c4a99d8344b5cd4b0bfed7965a81fad79e03874
88b14dda4a21123aa6820ea695e57739603620c8bd569076086b0bd40b6aeacc
89ee6beac1d7a77094588bb8f84caffcf9bd3088a2c75f21da08cdd8dc8bee1e
8ac752cf3429ed4d1322aaece17556cb40319d80cef682f0ee5cbb9e1438a0fa
8d814ada502cfca69414ee2168f70cc98bdf53153a31b47548c0be6d75c5c046
9487cb559d6168d8f29a5684b10a9c253776e7280ea758f332902773d85367e5
9bc63a02041e3cbc9365d2a70224f9c22ca5e31897e72e0b3cb620259250a556
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a6915794955aa02a862c6286b6ae26b9ad45b49d9a095ecd1c9d1b7f8b498778
a933fa87d48ac7c2f381036d364fa92767c5dae738491b16aa668671abc23442
aa7aadbd1349c23ab2ab4bfecc563e091b07aad49739b21fa4a2ed2047fa57c1
acebca6bb94687d26ede3bd913fd03954e333fcd1f7141f96504e98fb12b2215
ae6dedb970801abe91fa00a3942ce5e4b20e698c0fe34fc9892dcfdd1c8d2a39
b64d6f3b3fafe479610cfa9b4b86fcef473ba7d0dfc5f68c8e9de52ed4774075
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c0c0c12a070d77d4c60ac4f4d2a4e4d72b0afd5c67ce388b3d76d2583f15791d
c33ed3dcbb526b938f0d95f6d6935f386485a0e2631261e6158476b3b011d494
c8966bc8900e2e4de9bbf4cb70cc0053ce44994d8e34f0bdbf778e87fb83e9e0
cd6247435927dc30ea51dc5389f0e8fe14911ad0186ff35db94f7f0ff42f1b55
dbf6e5a1bdcf7981e49d952fc5e62e36715904a838584c9c7da9a49c62290baf
dd45733929c6d49dd415cce2b261835c0e935c8ca72c79a319b8d064580c115c
dd8eb5f29381950bd2d56653f3a9aeb82ca7b0bcbadc5903d48f335d1a0f0fa7
de0ca0ff3bb86d73a1bde16fb8f1374617856ed1ef841a0372c1eb211c49c5e2
e7c694accac8f695eb248305d13ace7bb590561b858b6ab60dd4ea547dd502c6
ec17cbd8e5c6be721b70eff50260d3f4ecf1fb4b6b94c0711be6107779143c22
f25487aa53b51b4c355c8c8dcfe481294a929e8e6c8ab3f4c1b0d84115803fb5
f880f8778527fc38ee3c8959346d7ab24551d44707cde9129f72d169520ab7e3
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

malware.news Open in urlscan Pro 104.26.7.105 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

67 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

4 IPs

2 Countries

2205 kBTransfer

6139 kBSize

3 Cookies

36 Outgoing links

Redirected requests

67 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

malware.news Open in urlscan Pro
104.26.7.105 Public Scan

Screenshot
Live screenshot

Full Image

67
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

2205 kB
Transfer

6139 kB
Size

3
Cookies

67 HTTP transactions
1 data transactions