urlscan.io logo urlscan.io
SecurityTrails logo

blogs.quickheal.com Open in urlscan Pro
64.185.181.238  Public Scan

Go To Rescan Add Verdict Report
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Submission: On February 10 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 2 countries across 7 domains to perform 66 HTTP transactions. The main IP is 64.185.181.238, located in United States and belongs to BITGRAVITY, US. The main domain is blogs.quickheal.com.
TLS certificate: Issued by RapidSSL TLS DV RSA Mixed SHA256 2020... on April 26th 2021. Valid for: a year.
This is the only time blogs.quickheal.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 57 64.185.181.238 40009 (BITGRAVITY)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2606:2800:234... 15133 (EDGECAST)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 104.244.42.8 13414 (TWITTER)
2 2a00:1450:400... 15169 (GOOGLE)
66 9
57    64.185.181.238 (United States)

ASN40009 (BITGRAVITY, US)
PTR: pc-b.bitgravity.com
blogs.quickheal.com
2    2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
1    2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)
platform.twitter.com
1    2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    104.244.42.8 (United States)

ASN13414 (TWITTER, US)
syndication.twitter.com
2    2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
Apex Domain
Subdomains		 Transfer
57 quickheal.com
blogs.quickheal.com
1 MB
3 twitter.com
platform.twitter.com — Cisco Umbrella Rank: 591
syndication.twitter.com — Cisco Umbrella Rank: 840
133 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 31
20 KB
2 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 610
70 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 197
2 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 50
36 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35
1 KB
66 7
Domain Requested by
57 blogs.quickheal.com 1 redirects blogs.quickheal.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 platform.twitter.com blogs.quickheal.com
platform.twitter.com
2 maxcdn.bootstrapcdn.com blogs.quickheal.com
maxcdn.bootstrapcdn.com
1 syndication.twitter.com platform.twitter.com
1 cdnjs.cloudflare.com blogs.quickheal.com
1 www.googletagmanager.com blogs.quickheal.com
1 fonts.googleapis.com blogs.quickheal.com
66 8
Subject Issuer Validity Valid
*.quickheal.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1		 2021-04-26 -
2022-05-01		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-01-29 -
2023-01-29		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-01-17 -
2022-04-11		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-01-17 -
2022-04-11		 3 months crt.sh
*.twimg.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-20 -
2022-10-19		 a year crt.sh
syndication.twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-01-06 -
2023-01-05		 a year crt.sh

This page contains 2 frames:

Primary Page: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Frame ID: A205D58A7953528243C5ED26BD78F213
Requests: 69 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.4e067713e19d4fff483536ddc4df18b9.html?origin=https%3A%2F%2Fblogs.quickheal.com
Frame ID: 774C45C70E3D660AAEAAF4FC0091C053
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Multi-Staged JSOutProx RAT Targets Indian Co-operative Banks and Finance Companies

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
  • wp-embed\.min\.js\?ver=([\d.]+)
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • (?:/([\d.]+))?/slick(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • //platform\.twitter\.com/widgets\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

66
Requests

98 %
HTTPS

75 %
IPv6

7
Domains

8
Subdomains

9
IPs

2
Countries

1389 kB
Transfer

2870 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 26
  • https://blogs.quickheal.com/wp-json/wordpress-popular-posts/v1/popular-posts HTTP 301
  • https://blogs.quickheal.com/

66 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/ 		79 KB
80 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
c152dffa8c8ade08590b0895b7397952e9869e1125508c11d09e086986749009
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

content-type
text/html; charset=UTF-8
date
Thu, 10 Feb 2022 19:27:53 GMT
strict-transport-security
max-age=63072000; includeSubDomains
content-security-policy
upgrade-insecure-requests
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
x-pingback
https://blogs.quickheal.com/xmlrpc.php
link
<https://blogs.quickheal.com/wp-json/>; rel="https://api.w.org/" <https://blogs.quickheal.com/wp-json/wp/v2/posts/90508>; rel="alternate"; type="application/json" <https://blogs.quickheal.com/?p=90508>; rel=shortlink
myheader
mshy.
x-frame-options
SAMEORIGIN, SAMEORIGIN ALLOW-FROM https://blogs.quickheal.com
x-xss-protection
1; mode=block
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
age
0
accept-ranges
bytes
x-tata-cache
1
x-cache
MISS,v18fra1
x-tata-request-id
bdbfaa89d5a0ab35f4b2890628f508e4 bdbfaa89d5a0ab35f4b2890628f508e4
server
v/6.4.7/6.5.7/v18fra1-www
x-version
1.30
external.css
blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/ 		515 B
950 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/external.css
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
0b38fb5c436f55c30b976f7d46509bcb32c2653e5065b1e33253e1e1bc7c9de2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
421439
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
195
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Feb 2020 08:19:52 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"203-59ee973dd3a00"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
text/css
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
6ba6ed92f360c3feba838a4ed7619ab4, 6ba6ed92f360c3feba838a4ed7619ab4
accept-ranges
bytes
main.min.css
blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/ 		310 KB
48 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/main.min.css
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
946c135b26cea56f2b3867bd23d45c75eb81f65cb6a6213706ae326a4138f179
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
421439
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
48014
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 09 Apr 2021 12:06:57 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"4d61f-5bf89001eda40"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
text/css
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
fce67bf27693307309440f20f7e5bb5e, fce67bf27693307309440f20f7e5bb5e
accept-ranges
bytes
style.min.css
blogs.quickheal.com/wp-includes/css/dist/block-library/ 		53 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-includes/css/dist/block-library/style.min.css?ver=5.5.1
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
421439
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
7906
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 21 Oct 2020 12:56:44 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"d293-5b22de1231b00"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
text/css
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
cbbceea99d97e1e4f8ee99137701da58, cbbceea99d97e1e4f8ee99137701da58
accept-ranges
bytes
multicolor-subscribe-widget.css
blogs.quickheal.com/wp-content/plugins/wp-multicolor-subscribe-widget/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/plugins/wp-multicolor-subscribe-widget/multicolor-subscribe-widget.css?ver=5.5.1
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
1bcee1b4d83dac08181855b025b990b8ed2653996d066ef2ac79cd947f5d268e
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
421439
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
450
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Feb 2020 08:19:52 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"435-59ee973dd3a00"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
text/css
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
ca71b0fc05aa529129b5315d7fd403d1, ca71b0fc05aa529129b5315d7fd403d1
accept-ranges
bytes
wpp.css
blogs.quickheal.com/wp-content/themes/mh_cicero/ 		937 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/themes/mh_cicero/wpp.css?ver=5.2.4
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
ec9e533468bbc524beb33f6306a8ac0d4c928d4d91608d4fa01e778715c30087
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
421439
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
474
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Feb 2020 08:19:52 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"3a9-59ee973dd3a00"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
text/css
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
9428bb06ce3b273b44c0f94caa66d3b8, 9428bb06ce3b273b44c0f94caa66d3b8
accept-ranges
bytes
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/ 		21 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0fb1bbca73646e8e2b93c82e8d8b219647b13d4b440c48e338290b9a685b8de1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 10 Feb 2022 19:27:53 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
718, 718
age
1423970
cdn-cachedat
2021-04-13 02:36:00
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:53 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
357c5298f2849c0ce9712c57ec240f4e
cf-ray
6db7bcc909f0903d-FRA
cdn-requestcountrycode
US
cdn-requestpullsuccess
True
style.css
blogs.quickheal.com/wp-content/themes/mh_cicero/ 		9 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/themes/mh_cicero/style.css?ver=1.0.77
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
10b9897038db24ada365f99e6e9a8cfc026306b8905d4fefeed4bf5599ccc6f9
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
421439
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
2471
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 30 Apr 2021 14:34:40 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"243d-5c13183106000"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
text/css
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
e1d6571fd42a72c5aa0d3a4931f56f90, e1d6571fd42a72c5aa0d3a4931f56f90
accept-ranges
bytes
css
fonts.googleapis.com/ 		14 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Prata|Open+Sans:300,400,400italic,600,700
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
947b5c4c79ffba494426204d0bfc3c86c8fb8e2ce3706fc7142fa180bdb0509c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 10 Feb 2022 19:27:53 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 10 Feb 2022 19:27:53 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 10 Feb 2022 19:27:53 GMT
sassy-social-share-public.css
blogs.quickheal.com/wp-content/plugins/sassy-social-share/public/css/ 		34 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/plugins/sassy-social-share/public/css/sassy-social-share-public.css?ver=3.3.13
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
182cab990c2118fcdb18feab5115335e4eb4bc0b38bb30a36c4e73c92b080ea4
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
421439
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
9666
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 21 Oct 2020 12:39:04 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"87d9-5b22da1f4ca00"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
text/css
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
bbf02503741382464a554b8ba169b023, bbf02503741382464a554b8ba169b023
accept-ranges
bytes
sassy-social-share-svg.css
blogs.quickheal.com/wp-content/plugins/sassy-social-share/admin/css/ 		109 KB
35 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/plugins/sassy-social-share/admin/css/sassy-social-share-svg.css?ver=3.3.13
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
7369eb7217705e08010dbd6c0ed5433f75e66391ff6f365372381b658b1f1da9
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
421439
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
34664
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 21 Oct 2020 12:38:59 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"1b41d-5b22da1a87ec0"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
text/css
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
3fc5d6cbd1edba3103fb48216aba77a3, 3fc5d6cbd1edba3103fb48216aba77a3
accept-ranges
bytes
jquery-3.6.0.min.js
blogs.quickheal.com/wp-content/plugins/jquery-updater/js/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/plugins/jquery-updater/js/jquery-3.6.0.min.js?ver=3.6.0
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
421439
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
30947
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 10 May 2021 19:29:45 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"15d9d-5c1feccc6fc40"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
application/javascript
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
406640ca9ab5c8809fb3e1a314823d2d, 406640ca9ab5c8809fb3e1a314823d2d
accept-ranges
bytes
jquery-migrate-3.3.2.min.js
blogs.quickheal.com/wp-content/plugins/jquery-updater/js/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/plugins/jquery-updater/js/jquery-migrate-3.3.2.min.js?ver=3.3.2
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
f7e248392cea6eed6651423f5b9a4adafec5b15921a2f16ec54e1012be0aaee5
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
456251
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
4170
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 10 May 2021 19:29:45 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"2bd8-5c1feccc6fc40"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
application/javascript
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
d56a21bdaf7e9da1d1b1d55853362878, d56a21bdaf7e9da1d1b1d55853362878
accept-ranges
bytes
wpp.min.js
blogs.quickheal.com/wp-content/plugins/wordpress-popular-posts/assets/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/plugins/wordpress-popular-posts/assets/js/wpp.min.js?ver=5.2.4
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
3caff329d1e76a3a9a8ab8030abed403362ee5490631d7bb9774372388198763
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
421438
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
1215
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 21 Oct 2020 12:45:08 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"a3a-5b22db7a6fd00"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
application/javascript
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
1dc4979289e64a11c70885c9ec03568a, 1dc4979289e64a11c70885c9ec03568a
accept-ranges
bytes
scripts.js
blogs.quickheal.com/wp-content/themes/mh_cicero/js/ 		36 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/themes/mh_cicero/js/scripts.js?ver=5.5.1
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
0219ff363240ec5b1a233d052229e68f241343660952c20e4898b1fe6637d19a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
421438
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
11711
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Feb 2020 08:19:52 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"8e9b-59ee973dd3a00"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
application/javascript
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
13a07b48de6d67e3c97b0e8cee6ee3e7, 13a07b48de6d67e3c97b0e8cee6ee3e7
accept-ranges
bytes
logo.png
blogs.quickheal.com/wp-content/uploads/2016/08/ 		22 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.quickheal.com/wp-content/uploads/2016/08/logo.png
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
0a06df48db68818d909fef4ca1f9940344aa038f4a474e38c39ba873e83e47b4
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:24 GMT
x-content-type-options
nosniff
myheader
mshy.
age
456250
x-cache
HIT,v18fra1
content-length
22703
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 30 Jun 2020 12:00:36 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
"58af-5a94bec522100"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
image/png
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
64a9603f66b7cd54c52b9f2ccda41cfb, 64a9603f66b7cd54c52b9f2ccda41cfb
accept-ranges
bytes
fonts.css
blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/fonts.css
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/external.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
6a946b7bb1b1b4ee0f110d91fc7f20bea2222a67511231d119065c8465b735b3
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/external.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
421437
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
493
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Feb 2020 08:19:52 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"11b3-59ee973dd3a00"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
text/css
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
3110ea9696f5d0b4a995a820d71c7b34, 3110ea9696f5d0b4a995a820d71c7b34
accept-ranges
bytes
icomoon.css
blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/icomoon.css
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/external.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
d33cb4483ae22716a581b89f523332a52e07ebc94f845e02c5bc3e47633cc40c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/external.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
421437
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
772
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Feb 2020 08:19:52 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"b1d-59ee973dd3a00"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
text/css
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
4de91bb80da680f4f604bc0cfffa9f88, 4de91bb80da680f4f604bc0cfffa9f88
accept-ranges
bytes
font-awesome.min.css
blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/ 		30 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/font-awesome.min.css
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/external.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/external.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
421437
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
7050
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Feb 2020 08:19:52 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"7918-59ee973dd3a00"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
text/css
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
2f850c9c9270be686daa83a6564c3b3b, 2f850c9c9270be686daa83a6564c3b3b
accept-ranges
bytes
bootstrap.min.css
blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/ 		141 KB
21 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/bootstrap.min.css
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/external.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/external.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
456248
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
20563
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Feb 2020 08:19:52 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"235ed-59ee973dd3a00"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
text/css
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
8b04ca032a3e3960ca233dd720f11722, 8b04ca032a3e3960ca233dd720f11722
accept-ranges
bytes
slick-theme.css
blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/ 		3 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/slick-theme.css
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/external.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
9a4d7d9a0106d9d3051a41da5640ff7b299a9c10557eadb08cff8ae7f7c89fd1
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/external.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
456248
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
870
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Feb 2020 08:19:52 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"c55-59ee973dd3a00"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
text/css
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
399db09ab783285e98803d7c260e4b1c, 399db09ab783285e98803d7c260e4b1c
accept-ranges
bytes
slick.css
blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/slick.css
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/external.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/external.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
421437
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
569
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Feb 2020 08:19:52 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"6f0-59ee973dd3a00"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
text/css
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
e0d510fb4f707ee3420adf668b693f87, e0d510fb4f707ee3420adf668b693f87
accept-ranges
bytes
jquery.mCustomScrollbar.css
blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/ 		52 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/jquery.mCustomScrollbar.css
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/external.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
bf3bdcf2de703f24db84e167ce024c84db5b27cddb4aa21a09b1b10ba2217154
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/external.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
421437
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
5588
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Feb 2020 08:19:52 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"d14f-59ee973dd3a00"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
text/css
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
b86a37067a694a68a8da96acaa95ba91, b86a37067a694a68a8da96acaa95ba91
accept-ranges
bytes
animate.css
blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/ 		76 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/animate.css
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/external.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
6b6b686ecaa56e02ec5aced95541a03f922f599b31f1b4cd429ceca824a6e669
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/external.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
421437
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
4767
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Feb 2020 08:19:52 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"13053-59ee973dd3a00"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
text/css
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
7ce300120b76670fdc569f00965242d0, 7ce300120b76670fdc569f00965242d0
accept-ranges
bytes
ion.rangeSlider.css
blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/ 		13 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/ion.rangeSlider.css
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/external.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
ca6495abad9c91ebd650db661d0f9fc8430ebeb3fc25bbdb8787fb98805f9c8a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/external.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
421438
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
2308
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Feb 2020 08:19:52 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"33f0-59ee973dd3a00"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
text/css
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
5d845ec4943d8737dc79383f39cdf3c9, 5d845ec4943d8737dc79383f39cdf3c9
accept-ranges
bytes
horizetal.css
blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/ 		582 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/horizetal.css
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/external.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
2bf3f6f78d36d158d2d6f37904c9c8e20a21520dd290086f51fd91eaba51d750
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/external.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
421437
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
313
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Feb 2020 08:19:52 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"246-59ee973dd3a00"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
text/css
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
89e6a0e8e90f49f4b1278e92ddcddefe, 89e6a0e8e90f49f4b1278e92ddcddefe
accept-ranges
bytes
wp-emoji-release.min.js
blogs.quickheal.com/wp-includes/js/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-includes/js/wp-emoji-release.min.js?ver=5.5.1
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
8cb438bd4d1961f80ade4f1a295ca7de253630adcdd10473932908e638908c5e
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
421437
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
4671
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 21 Oct 2020 12:56:11 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"37a6-5b22ddf2b90c0"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
application/javascript
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
c3fee2fa8064af4c5914ae4a21066808, c3fee2fa8064af4c5914ae4a21066808
accept-ranges
bytes
/
blogs.quickheal.com/
Redirect Chain
  • https://blogs.quickheal.com/wp-json/wordpress-popular-posts/v1/popular-posts
  • https://blogs.quickheal.com/
70 KB
71 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/
Protocol
H2
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
4af082818f56e79456b2062b31e9365573bf6aed29b217463e702eb4233cdbbf
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
1.30
date
Thu, 10 Feb 2022 19:27:57 GMT
x-content-type-options
nosniff
myheader
mshy.
age
0
x-cache
MISS,v18fra1
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
x-tata-cache
1
strict-transport-security
max-age=63072000; includeSubDomains
content-type
text/html; charset=UTF-8
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
6ecce2af5aad60f709a8c29e9cbf0224, 6ecce2af5aad60f709a8c29e9cbf0224
accept-ranges
bytes
link
<https://blogs.quickheal.com/wp-json/>; rel="https://api.w.org/"

Redirect headers

x-version
1.30
date
Thu, 10 Feb 2022 19:27:55 GMT
server
v/6.4.7/6.5.7/v18fra1-www
age
0
x-tata-request-id
444a67fa4fc86fc4717b826410020989, 444a67fa4fc86fc4717b826410020989
x-tata-cache
1
x-frame-options
ALLOW-FROM https://blogs.quickheal.com
x-cache
MISS,v18fra1
content-type
text/html; charset=iso-8859-1
location
https://blogs.quickheal.com/
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
strict-transport-security
max-age=63072000; includeSubDomains
content-length
236
filter-line.png
blogs.quickheal.com/wp-content/themes/mh_cicero/assets/images/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/images/filter-line.png
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/wp-content/themes/mh_cicero/style.css?ver=1.0.77
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
5870e116107aac4c15a929d309de5b6fad3d10e27ecb63578d7beb01e7609d07
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/wp-content/themes/mh_cicero/style.css?ver=1.0.77
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:24 GMT
x-content-type-options
nosniff
myheader
mshy.
age
385575
x-cache
HIT,v18fra1
content-length
1273
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Feb 2020 08:19:52 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
"4f9-59ee973dd3a00"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
image/png
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
5b4a98bec37ae3842f4c77b5fd06b05d, 5b4a98bec37ae3842f4c77b5fd06b05d
accept-ranges
bytes
truncated
/ 		302 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b980f62a2d545d64f24e6f96902c8fbf5da0018569c369bc18f9e5b5fcf099ed

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/ 		682 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c2e8b4fba49f90cfca5a43371c09879aed7447e0ba2ed4abd75b81448776c4f7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/ 		425 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
54c9560cb0117d8d1f955aefe0f88b843517964e118512d8f1a224a8a9b662f4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/ 		436 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2662e0eef0f270830358bb255f079f695da71794ecbe8ba0825200862d8e9746

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/ 		327 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d31374e862fe63f0cfabb3f4cebf0723e3ee46c70589a8576daa1643cebdd651

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
BarlowRegular.woff2
blogs.quickheal.com/wp-content/themes/mh_cicero/assets/fonts/barlow/ 		40 KB
40 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/fonts/barlow/BarlowRegular.woff2
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/fonts.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
9b52f94241a23c0614e1dc71bf305ac914a73e0cbabdb6f09a5c8519ed67b43c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/fonts.css
Origin
https://blogs.quickheal.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
1.30
date
Thu, 10 Feb 2022 19:27:55 GMT
x-content-type-options
nosniff
myheader
mshy.
age
0
x-cache
MISS,v18fra1
content-length
40636
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Feb 2020 08:19:52 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
"9ebc-59ee973dd3a00"
x-tata-cache
1
strict-transport-security
max-age=63072000; includeSubDomains
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
549cdcd4026cf34c2c6b9772aa2b0dc7, 549cdcd4026cf34c2c6b9772aa2b0dc7
accept-ranges
bytes
fontawesome-webfont.woff
maxcdn.bootstrapcdn.com/font-awesome/4.2.0/fonts/ 		64 KB
65 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.2.0/fonts/fontawesome-webfont.woff?v=4.2.0
Requested by
Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css
Origin
https://blogs.quickheal.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 10 Feb 2022 19:27:53 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
722
age
1421180
cdn-proxyver
1.0
cdn-cachedat
11/05/2021 23:13:42
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
65452
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:53 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
font/woff
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
e5b350f55677b9b5f3d4a3a04af6b966
accept-ranges
bytes
cf-ray
6db7bcc9eb0868eb-FRA
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
BarlowBlack.woff2
blogs.quickheal.com/wp-content/themes/mh_cicero/assets/fonts/barlow/ 		41 KB
41 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/fonts/barlow/BarlowBlack.woff2
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/fonts.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
191c24e8b57dacfddef6db59cddd5bedf9d17df7fd32a9fbafedd714e6d272a9
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/fonts.css
Origin
https://blogs.quickheal.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
1.30
date
Thu, 10 Feb 2022 19:27:54 GMT
x-content-type-options
nosniff
myheader
mshy.
age
0
x-cache
MISS,v18fra1
content-length
41724
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Feb 2020 08:19:52 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
"a2fc-59ee973dd3a00"
x-tata-cache
1
strict-transport-security
max-age=63072000; includeSubDomains
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
db0de5f13542d1fb4fef0d41a22d69f1, db0de5f13542d1fb4fef0d41a22d69f1
accept-ranges
bytes
BarlowBold.woff2
blogs.quickheal.com/wp-content/themes/mh_cicero/assets/fonts/barlow/ 		41 KB
42 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/fonts/barlow/BarlowBold.woff2
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/fonts.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
d75e1f844d778cf6f8b25b1df8396fb57ea44255711218d62a3390439eacc28a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/fonts.css
Origin
https://blogs.quickheal.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
1.30
date
Thu, 10 Feb 2022 19:27:54 GMT
x-content-type-options
nosniff
myheader
mshy.
age
0
x-cache
MISS,v18fra1
content-length
41796
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Feb 2020 08:19:52 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
"a344-59ee973dd3a00"
x-tata-cache
1
strict-transport-security
max-age=63072000; includeSubDomains
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
ff96986c623574b66bd06f90bbacbe13, ff96986c623574b66bd06f90bbacbe13
accept-ranges
bytes
BarlowMedium.woff2
blogs.quickheal.com/wp-content/themes/mh_cicero/assets/fonts/barlow/ 		40 KB
40 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/fonts/barlow/BarlowMedium.woff2
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/fonts.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
9a5756f5f69fac107538f53ce9b0733ce44c94b1316544fab7e1b8f8cf9358db
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/css/fonts.css
Origin
https://blogs.quickheal.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
1.30
date
Thu, 10 Feb 2022 19:27:55 GMT
x-content-type-options
nosniff
myheader
mshy.
age
0
x-cache
MISS,v18fra1
content-length
40648
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Feb 2020 08:19:52 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
"9ec8-59ee973dd3a00"
x-tata-cache
1
strict-transport-security
max-age=63072000; includeSubDomains
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
0bfa8874d9c66f7b58b8b4a52ccf83a5, 0bfa8874d9c66f7b58b8b4a52ccf83a5
accept-ranges
bytes
JSOutProx-RAT-B-1-789x425.jpg
blogs.quickheal.com/wp-content/uploads/2021/10/ 		37 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.quickheal.com/wp-content/uploads/2021/10/JSOutProx-RAT-B-1-789x425.jpg
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
83fd16710166d84bf5f975d9c898c79b259dd07ca23ee868a29be1227cbdfeb6
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 19:03:48 GMT
x-content-type-options
nosniff
myheader
mshy.
age
347045
x-cache
HIT,v18fra1
content-length
38391
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 22 Oct 2021 09:05:08 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
"95f7-5ceed4ece68df"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
image/jpeg
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
f9a333bbbcd06904fd43f092916525b5, f9a333bbbcd06904fd43f092916525b5
accept-ranges
bytes
a-650x379.jpg
blogs.quickheal.com/wp-content/uploads/2021/10/ 		48 KB
49 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.quickheal.com/wp-content/uploads/2021/10/a-650x379.jpg
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
55cf38f7c9dc8c516a9674dba9a0f89debd5ea1606e038e338bcf9cc124abd67
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Thu, 10 Feb 2022 08:19:36 GMT
x-content-type-options
nosniff
myheader
mshy.
age
298812
x-cache
HIT,v18fra1
content-length
49596
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 20 Oct 2021 11:07:45 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
"c1bc-5cec6c9a777e3"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
image/jpeg
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
08a3dee574243bcdb4b1d54f9a36ff71, 08a3dee574243bcdb4b1d54f9a36ff71
accept-ranges
bytes
b-606x390.jpg
blogs.quickheal.com/wp-content/uploads/2021/10/ 		79 KB
80 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.quickheal.com/wp-content/uploads/2021/10/b-606x390.jpg
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
3496da18b7f560714bb86419fa61c3493caeefbc110d4af9a5a4f7d19db85788
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Thu, 10 Feb 2022 08:19:36 GMT
x-content-type-options
nosniff
myheader
mshy.
age
298802
x-cache
HIT,v18fra1
content-length
81263
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 20 Oct 2021 11:07:46 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
"13d6f-5cec6c9b3e393"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
image/jpeg
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
e30f54b6859031925e8995fbfc90d9b4, e30f54b6859031925e8995fbfc90d9b4
accept-ranges
bytes
sameer.patil_-70x70.jpg
blogs.quickheal.com/wp-content/uploads/2018/03/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.quickheal.com/wp-content/uploads/2018/03/sameer.patil_-70x70.jpg
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
56cc08515b709db5d8896465935d6015fc9b5da4dd63b4e2cc3238d5dd021414
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Thu, 10 Feb 2022 08:19:31 GMT
x-content-type-options
nosniff
myheader
mshy.
age
346829
x-cache
HIT,v18fra1
content-length
1889
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 14 May 2020 16:28:40 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
"761-5a59e3075de00"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
image/jpeg
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
55428be109384f4e95aa213043d4a3a9, 55428be109384f4e95aa213043d4a3a9
accept-ranges
bytes
bajarang-80x81.jpg
blogs.quickheal.com/wp-content/uploads/2016/04/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.quickheal.com/wp-content/uploads/2016/04/bajarang-80x81.jpg
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
1fef10664a08f7b6e533160c274d4d62f7706aa66cb49c9aea71423509e1cb4c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:29 GMT
x-content-type-options
nosniff
myheader
mshy.
age
385573
x-cache
HIT,v18fra1
content-length
3008
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 14 May 2020 13:22:07 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
"bc0-5a59b954e3dc0"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
image/jpeg
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
1df41279b9da01887a772ce03b2372ed, 1df41279b9da01887a772ce03b2372ed
accept-ranges
bytes
Quickheal-logo-80x81.png
blogs.quickheal.com/wp-content/uploads/2020/03/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.quickheal.com/wp-content/uploads/2020/03/Quickheal-logo-80x81.png
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
227ce490d0f195a8b3e07b28368c16aaaeec5bbd2c5b6d02af976a96c1226994
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:29 GMT
x-content-type-options
nosniff
myheader
mshy.
age
385573
x-cache
HIT,v18fra1
content-length
6636
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 14 May 2020 19:10:02 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
"19ec-5a5a0718d7680"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
image/png
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
91ad9b2c7ff25ed2102be1d9b194a758, 91ad9b2c7ff25ed2102be1d9b194a758
accept-ranges
bytes
SK_Photo12-80x81.jpg
blogs.quickheal.com/wp-content/uploads/2016/04/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.quickheal.com/wp-content/uploads/2016/04/SK_Photo12-80x81.jpg
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
06ae3e94b415d410ff333f9e6bb2a39d0c8b00f3e9a2be1b1d64281abc183fcc
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:29 GMT
x-content-type-options
nosniff
myheader
mshy.
age
385573
x-cache
HIT,v18fra1
content-length
2678
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 14 May 2020 13:23:51 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
"a76-5a59b9b8127c0"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
image/jpeg
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
9d1ef0af9b2d5c35b62e9cc95ec1b74b, 9d1ef0af9b2d5c35b62e9cc95ec1b74b
accept-ranges
bytes
securimage_show.php
blogs.quickheal.com/wp-content/plugins/si-captcha-for-wordpress/captcha/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.quickheal.com/wp-content/plugins/si-captcha-for-wordpress/captcha/securimage_show.php?si_form_id=com&prefix=SAGFpBcPNTV64sZh
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
30a941cb44cbd09a0b3dea97e70bce73940c0c345b5d1d41bb559e93bb67eb6f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
1.30
date
Thu, 10 Feb 2022 19:27:54 GMT
x-content-type-options
nosniff
myheader
mshy.
age
0
x-cache
MISS,v18fra1
content-length
9873
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 10 Feb 2022 19:22:26GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
x-tata-cache
1
strict-transport-security
max-age=63072000; includeSubDomains
content-type
image/png
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
166c08bea658b32cd614cc23f24686bb, 166c08bea658b32cd614cc23f24686bb
accept-ranges
bytes
expires
Mon, 26 Jul 1997 05:00:00 GMT
refresh.png
blogs.quickheal.com/wp-content/plugins/si-captcha-for-wordpress/captcha/images/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.quickheal.com/wp-content/plugins/si-captcha-for-wordpress/captcha/images/refresh.png
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
7efa72f5d3878a1f7145d552d8d2186bac3942fce7b3d7e3a51550c3bc9ab3cb
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:29 GMT
x-content-type-options
nosniff
myheader
mshy.
age
610432
x-cache
HIT,v18fra1
content-length
1106
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Feb 2020 08:19:52 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
"452-59ee973dd3a00"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
image/png
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
c5f6e8432f7b89dc21d36f959016662d, c5f6e8432f7b89dc21d36f959016662d
accept-ranges
bytes
popper.min.js
blogs.quickheal.com/wp-content/themes/mh_cicero/assets/js/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/js/popper.min.js
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
421438
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
6911
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Feb 2020 08:19:52 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"4af4-59ee973dd3a00"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
application/javascript
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
7afc324816018adbfefafa15b8f36fe5, 7afc324816018adbfefafa15b8f36fe5
accept-ranges
bytes
bootstrap.min.js
blogs.quickheal.com/wp-content/themes/mh_cicero/assets/js/ 		50 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/js/bootstrap.min.js
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
421439
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
14090
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Feb 2020 08:19:52 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"c75f-59ee973dd3a00"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
application/javascript
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
a0ddbe9c09736917578cb66addd656ff, a0ddbe9c09736917578cb66addd656ff
accept-ranges
bytes
jquery.mCustomScrollbar.js
blogs.quickheal.com/wp-content/themes/mh_cicero/assets/js/ 		91 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/js/jquery.mCustomScrollbar.js
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
63fc653edb51bfa3d49559c3a85663887048a0a230b3e4b3f9f51bc8daf9368e
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
421438
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
22223
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Feb 2020 08:19:52 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"16b15-59ee973dd3a00"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
application/javascript
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
97b7638ce75111d1524d923e9eabd578, 97b7638ce75111d1524d923e9eabd578
accept-ranges
bytes
slick.min.js
blogs.quickheal.com/wp-content/themes/mh_cicero/assets/js/ 		42 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/js/slick.min.js
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
456251
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
10434
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Feb 2020 08:19:52 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"a76f-59ee973dd3a00"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
application/javascript
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
b2b994c214ea385d1eb5616598346f6c, b2b994c214ea385d1eb5616598346f6c
accept-ranges
bytes
ion.rangeSlider.js
blogs.quickheal.com/wp-content/themes/mh_cicero/assets/js/ 		83 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/js/ion.rangeSlider.js
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
9e2ba925b0679c27ec34e25225bb429fc65912f44012cf0e20bdb4de27aec855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
421437
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
13229
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Feb 2020 08:19:52 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"14aa9-59ee973dd3a00"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
application/javascript
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
68187a986bff528dcf9362ee32258a8b, 68187a986bff528dcf9362ee32258a8b
accept-ranges
bytes
custom.js
blogs.quickheal.com/wp-content/themes/mh_cicero/assets/js/ 		50 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/themes/mh_cicero/assets/js/custom.js
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
103e38eb9f321279273c34a872d013016b82efc4eb07b2cabc38c051bf66fc7b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
421437
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
7978
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 10 May 2021 19:58:56 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"c62b-5c1ff35252000"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
application/javascript
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
a676d40941c6509acae600ebf807842d, a676d40941c6509acae600ebf807842d
accept-ranges
bytes
si_captcha.js
blogs.quickheal.com/wp-content/plugins/si-captcha-for-wordpress/captcha/ 		685 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/plugins/si-captcha-for-wordpress/captcha/si_captcha.js?ver=1.0
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
c52d8ecaada50da7a9739ca285872b431fad51042eccf398e2c2ecad8013880b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
615412
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
380
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Feb 2020 08:19:52 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"2ad-59ee973dd3a00"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
application/javascript
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
ab37607f71893ba447dad0f49c305a31, ab37607f71893ba447dad0f49c305a31
accept-ranges
bytes
js
www.googletagmanager.com/gtag/ 		90 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-2934888-6
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d38246a9e9054a2a5ac454b2d79552250ad88a642228930e9d3c085a2c24fce0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 10 Feb 2022 19:27:54 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36093
x-xss-protection
0
last-modified
Thu, 10 Feb 2022 18:48:20 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 10 Feb 2022 19:27:54 GMT
slickQuiz.css
blogs.quickheal.com/wp-content/plugins/slickquiz/slickquiz/css/ 		908 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/plugins/slickquiz/slickquiz/css/slickQuiz.css?ver=5.5.1
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
48d1d7078b27223c895b4a9604916429879cc4e00e3a8772d64c76aa406711f6
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
421438
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
475
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Feb 2020 08:19:52 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"38c-59ee973dd3a00"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
text/css
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
64a3bbddb5786da960ae6f1763590ae3, 64a3bbddb5786da960ae6f1763590ae3
accept-ranges
bytes
front.css
blogs.quickheal.com/wp-content/plugins/slickquiz/css/ 		3 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/plugins/slickquiz/css/front.css?ver=5.5.1
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
0f8a76154e9d4d4f95724c6fa01caa18d4511ad594363004e03055859da90ccf
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
421439
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
929
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Feb 2020 08:19:52 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"d5d-59ee973dd3a00"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
text/css
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
704fc3c8af6d6f2505ba73d195d430e3, 704fc3c8af6d6f2505ba73d195d430e3
accept-ranges
bytes
comment-reply.min.js
blogs.quickheal.com/wp-includes/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-includes/js/comment-reply.min.js?ver=5.5.1
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
d06df4184ba84e09a4be6a6ed101d1c3adefea0eaa833ddecf2f2251f6af33a3
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
456251
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
1313
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 21 Oct 2020 12:56:08 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"b2d-5b22ddefdca00"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
application/javascript
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
32e0e00d88f330a2ece910accd1151cc, 32e0e00d88f330a2ece910accd1151cc
accept-ranges
bytes
sassy-social-share-public.js
blogs.quickheal.com/wp-content/plugins/sassy-social-share/public/js/ 		43 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/plugins/sassy-social-share/public/js/sassy-social-share-public.js?ver=3.3.13
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
d58ad6f49f6f268e1640104190bd2196306450aac1d7398cbda98e8330ab3a9b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
421437
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
11078
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 21 Oct 2020 12:39:05 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"ab5b-5b22da2040c40"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
application/javascript
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
9b340722d6652a448406ed583639b0a2, 9b340722d6652a448406ed583639b0a2
accept-ranges
bytes
wp-embed.min.js
blogs.quickheal.com/wp-includes/js/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-includes/js/wp-embed.min.js?ver=5.5.1
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
421437
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
769
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 21 Oct 2020 12:56:10 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"59a-5b22ddf1c4e80"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
application/javascript
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
c9abcb288ddc0eab85f69fe63df0ab6f, c9abcb288ddc0eab85f69fe63df0ab6f
accept-ranges
bytes
form.js
blogs.quickheal.com/wp-content/plugins/akismet/_inc/ 		700 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/plugins/akismet/_inc/form.js?ver=4.1.6
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
0515cbd1f8aee97e1c8e0d1d015ca96c86def13e90d2e73bf813072ccc23d531
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
722437
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
318
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 21 Oct 2020 12:56:41 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"2bc-5b22de0f55440"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
application/javascript
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
cf4d2010ef18b7dca99f8d3ef203dff3, cf4d2010ef18b7dca99f8d3ef203dff3
accept-ranges
bytes
slickQuiz.js
blogs.quickheal.com/wp-content/plugins/slickquiz/slickquiz/js/ 		37 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blogs.quickheal.com/wp-content/plugins/slickquiz/slickquiz/js/slickQuiz.js?ver=5.5.1
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
5ac7017782855b44f36da92da024c5de980002bd06ca9c94dc631e8c26e9b57c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Sun, 06 Feb 2022 14:25:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
myheader
mshy.
age
456251
x-cache
HIT,v18fra1
vary
Accept-Encoding
content-length
7290
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Feb 2020 08:19:52 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
W/"9587-59ee973dd3a00"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
application/javascript
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
c9b9d9b6b265074374727ac63f7735e1, c9b9d9b6b265074374727ac63f7735e1
accept-ranges
bytes
widgets.js
platform.twitter.com/ 		96 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js?ver=5.5.1
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67BD) /
Resource Hash
1f5a3cbf19a41df9f5e59f05ac4c668b3caa896cb3c2e5c96f7addf4f6a96479

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Thu, 10 Feb 2022 19:27:53 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Age
1323
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ",edge;dur=1
Content-Length
29179
x-tw-cdn
VZ
Last-Modified
Tue, 01 Feb 2022 20:03:56 GMT
Server
ECS (frb/67BD)
Etag
"94840c3a0697481258cd2b28513e7509+gzip"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=1800
c-633x390.jpg
blogs.quickheal.com/wp-content/uploads/2021/10/ 		63 KB
64 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.quickheal.com/wp-content/uploads/2021/10/c-633x390.jpg
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
c664d4a549fddc358dbfdbcd8d595bc18ac0bf0a0cd98840add23ff82c79013b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Thu, 10 Feb 2022 08:19:36 GMT
x-content-type-options
nosniff
myheader
mshy.
age
298761
x-cache
HIT,v18fra1
content-length
64861
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 20 Oct 2021 11:07:47 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
"fd5d-5cec6c9c2fec3"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
image/jpeg
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
17981b20bc621e83b585a91b408ba8ef, 17981b20bc621e83b585a91b408ba8ef
accept-ranges
bytes
jquery.mousewheel.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/wp-content/plugins/jquery-updater/js/jquery-3.6.0.min.js?ver=3.6.0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e73a30d35c83ea6a597c3343324d2b7df097ad26e67b62efb5266ee12d317b5
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 10 Feb 2022 19:27:54 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
602486
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1046
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:11:46 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec2-ad3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XdvSquQNZSoAWFNQSmuWdTto1PDlVGbjSPnAPR2XxNxp3y%2FeCTziZg8Jj%2B9vgDejHp5OSA0dI92NsjxqxxSX0mXorPV3yKM6yoFdGt1KQIMUbzM3Z%2F7UA62m0MbEneWb6FQ1OlGh3IvNM9ksH%2FMBs1Pr"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6db7bccaa9199128-FRA
expires
Tue, 31 Jan 2023 19:27:54 GMT
widget_iframe.4e067713e19d4fff483536ddc4df18b9.html
platform.twitter.com/widgets/ Frame 774C 		319 KB
104 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.4e067713e19d4fff483536ddc4df18b9.html?origin=https%3A%2F%2Fblogs.quickheal.com
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js?ver=5.5.1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67BD) /
Resource Hash
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/

Response headers

Content-Encoding
gzip
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
173948
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Thu, 10 Feb 2022 19:27:54 GMT
Etag
"8321d7cf58d70200c1423dfa0bca40f6+gzip"
Last-Modified
Tue, 01 Feb 2022 20:00:09 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (frb/67BD)
Server-Timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ",edge;dur=1
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
Content-Length
105433
d-768x901.jpg
blogs.quickheal.com/wp-content/uploads/2021/10/ 		208 KB
208 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.quickheal.com/wp-content/uploads/2021/10/d-768x901.jpg
Requested by
Host: blogs.quickheal.com
URL: https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.185.181.238 , United States, ASN40009 (BITGRAVITY, US),
Reverse DNS
pc-b.bitgravity.com
Software
v/6.4.7/6.5.7/v18fra1-www /
Resource Hash
9632ebdf5438da339f0ab1eda33daee0eb72e3b4c19618ec96cbab7165388e48
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-version
23.s
date
Thu, 10 Feb 2022 19:27:54 GMT
x-content-type-options
nosniff
myheader
mshy.
age
298759
x-cache
HIT,v16fra1
content-length
212527
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 20 Oct 2021 11:07:48 GMT
server
v/6.4.7/6.5.7/v18fra1-www
x-frame-options
SAMEORIGIN, SAMEORIGIN, ALLOW-FROM https://blogs.quickheal.com
etag
"33e2f-5cec6c9d25873"
strict-transport-security
max-age=63072000; includeSubDomains
content-type
image/jpeg
permissions-policy
geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);
content-security-policy
upgrade-insecure-requests
x-tata-request-id
788e495e918a4ff7069d7d61aec33a7a, 788e495e918a4ff7069d7d61aec33a7a
accept-ranges
bytes
settings
syndication.twitter.com/ Frame 774C 		232 B
447 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://syndication.twitter.com/settings?session_id=ad3bc624b86ef5737e7d125b2aeed760d48b1bcc
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.4e067713e19d4fff483536ddc4df18b9.html?origin=https%3A%2F%2Fblogs.quickheal.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.8 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-response-time
112
date
Thu, 10 Feb 2022 19:27:53 GMT
content-encoding
gzip
last-modified
Thu, 10 Feb 2022 19:27:54 GMT
server
tsa_o
vary
Origin
strict-transport-security
max-age=631138519
content-type
application/json; charset=utf-8
access-control-allow-origin
https://platform.twitter.com
cache-control
must-revalidate, max-age=600
access-control-allow-credentials
true
x-connection-hash
636b7985c39e08d40ae1da29d34dcd617d052fea0b2d6e96e2cd890c8fb9a62a
content-length
166
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-2934888-6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
4982
date
Thu, 10 Feb 2022 18:04:52 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Thu, 10 Feb 2022 20:04:52 GMT
collect
www.google-analytics.com/j/ 		1 B
21 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=143649044&t=pageview&_s=1&dl=https%3A%2F%2Fblogs.quickheal.com%2Fmulti-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies%2F&ul=en-us&de=UTF-8&dt=Multi-Staged%20JSOutProx%20RAT%20Targets%20Indian%20Co-operative%20Banks%20and%20Finance%20Companies&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1760872991&gjid=276853986&cid=2085091553.1644521274&tid=UA-2934888-6&_gid=2128035185.1644521274&_r=1&gtm=2ou290&z=90163220
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 10 Feb 2022 19:27:54 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://blogs.quickheal.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

104 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 function| structuredClone string| ajaxurl object| _wpemojiSettings object| twemoji object| wp function| $ function| jQuery object| wpp_params object| WordPressPopularPosts string| subbox_text function| subscribeSubmit function| Popper object| bootstrap boolean| mCustomScrollbar function| mscrollbar function| mscrollbarY function| productSlider function| faqSlider function| popularSlider function| webSlider function| webBlogSlider function| jsMobDot function| bannerSlider function| awardSlider function| articleSlider function| newsSlider function| choiceSlider function| testimonialSlider function| protectionDevicesSlider function| sayReviewSlider function| quarterlySlider function| productWebinarSlider function| jsBenefitsSlider function| fullSlider function| halfSlider function| sliderleftspace function| cartAccordian function| filterScrollFix function| fixedHeader function| filterTopSpace function| filterfixonclick function| backdrop function| searchInput function| upcomingEventSlider function| InvestoContactrSlider function| textBoxActive function| dropdownActive function| tabCart function| setCookie function| getCookie function| changeTab function| resizeToggleSlider number| page number| categoryOffset function| si_captcha_refresh function| gtag object| dataLayer object| addComment function| heateorSssLoadEvent string| heateorSssSharingAjaxUrl string| heateorSssCloseIconPath string| heateorSssPluginIconPath number| heateorSssHorizontalSharingCountEnable number| heateorSssVerticalSharingCountEnable number| heateorSssSharingOffset number| heateorSssMobileStickySharingEnabled string| heateorSssCopyLinkMessage object| heateorSssUrlCountFetched string| heateorSssSharesText string| heateorSssShareText function| heateorSssPopup string| heateorSssWhatsappShareAPI function| heateorSssCallAjax function| heateorSssGetScript function| heateorSssDetermineWhatsappShareAPI function| heateorSssMoreSharingPopup function| heateorSssFilterSharing object| heateorSssFacebookTargetUrls function| heateorSssGetSharingCounts function| heateorSssFetchFacebookShares function| heateorSssFBShareJSONCall function| heateorSssSaveFacebookShares function| heateorSssCalculateApproxCount function| heateorSssCalculateActualCount function| heateorSssCapitaliseFirstLetter function| heateorSssHideSharing function| ClipboardJS object| __twttrll object| twttr object| __twttr object| ak_js object| commentForm undefined| replyRowContainer undefined| children number| dx object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData

4 Cookies

Domain/Path Name / Value
.quickheal.com/ Name: _ga
Value: GA1.2.2085091553.1644521274
.quickheal.com/ Name: _gid
Value: GA1.2.2128035185.1644521274
.quickheal.com/ Name: _gat_gtag_UA_2934888_6
Value: 1
blogs.quickheal.com/ Name: PHPSESSID
Value: 756c9e2n329ce8c7afm0s1leri

1 Console Messages

Source Level URL
Text
security error
Message:
Error with Permissions-Policy header: Parse of permissions policy failed because of errors reported by structured header parser.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN ALLOW-FROM https://blogs.quickheal.com
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blogs.quickheal.com
cdnjs.cloudflare.com
fonts.googleapis.com
maxcdn.bootstrapcdn.com
platform.twitter.com
syndication.twitter.com
www.google-analytics.com
www.googletagmanager.com
104.244.42.8
2606:2800:234:59:254c:406:2366:268c
2606:4700::6810:135e
2606:4700::6812:acf
2a00:1450:4001:808::200e
2a00:1450:4001:830::200a
2a00:1450:4001:831::2008
64.185.181.238
0219ff363240ec5b1a233d052229e68f241343660952c20e4898b1fe6637d19a
0515cbd1f8aee97e1c8e0d1d015ca96c86def13e90d2e73bf813072ccc23d531
06ae3e94b415d410ff333f9e6bb2a39d0c8b00f3e9a2be1b1d64281abc183fcc
0a06df48db68818d909fef4ca1f9940344aa038f4a474e38c39ba873e83e47b4
0b38fb5c436f55c30b976f7d46509bcb32c2653e5065b1e33253e1e1bc7c9de2
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
0f8a76154e9d4d4f95724c6fa01caa18d4511ad594363004e03055859da90ccf
0fb1bbca73646e8e2b93c82e8d8b219647b13d4b440c48e338290b9a685b8de1
103e38eb9f321279273c34a872d013016b82efc4eb07b2cabc38c051bf66fc7b
10b9897038db24ada365f99e6e9a8cfc026306b8905d4fefeed4bf5599ccc6f9
182cab990c2118fcdb18feab5115335e4eb4bc0b38bb30a36c4e73c92b080ea4
191c24e8b57dacfddef6db59cddd5bedf9d17df7fd32a9fbafedd714e6d272a9
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1
1bcee1b4d83dac08181855b025b990b8ed2653996d066ef2ac79cd947f5d268e
1f5a3cbf19a41df9f5e59f05ac4c668b3caa896cb3c2e5c96f7addf4f6a96479
1fef10664a08f7b6e533160c274d4d62f7706aa66cb49c9aea71423509e1cb4c
227ce490d0f195a8b3e07b28368c16aaaeec5bbd2c5b6d02af976a96c1226994
2662e0eef0f270830358bb255f079f695da71794ecbe8ba0825200862d8e9746
2bf3f6f78d36d158d2d6f37904c9c8e20a21520dd290086f51fd91eaba51d750
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
30a941cb44cbd09a0b3dea97e70bce73940c0c345b5d1d41bb559e93bb67eb6f
3496da18b7f560714bb86419fa61c3493caeefbc110d4af9a5a4f7d19db85788
3caff329d1e76a3a9a8ab8030abed403362ee5490631d7bb9774372388198763
48d1d7078b27223c895b4a9604916429879cc4e00e3a8772d64c76aa406711f6
4af082818f56e79456b2062b31e9365573bf6aed29b217463e702eb4233cdbbf
54c9560cb0117d8d1f955aefe0f88b843517964e118512d8f1a224a8a9b662f4
55cf38f7c9dc8c516a9674dba9a0f89debd5ea1606e038e338bcf9cc124abd67
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
56cc08515b709db5d8896465935d6015fc9b5da4dd63b4e2cc3238d5dd021414
5870e116107aac4c15a929d309de5b6fad3d10e27ecb63578d7beb01e7609d07
5ac7017782855b44f36da92da024c5de980002bd06ca9c94dc631e8c26e9b57c
63fc653edb51bfa3d49559c3a85663887048a0a230b3e4b3f9f51bc8daf9368e
6a946b7bb1b1b4ee0f110d91fc7f20bea2222a67511231d119065c8465b735b3
6b6b686ecaa56e02ec5aced95541a03f922f599b31f1b4cd429ceca824a6e669
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3
7369eb7217705e08010dbd6c0ed5433f75e66391ff6f365372381b658b1f1da9
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7efa72f5d3878a1f7145d552d8d2186bac3942fce7b3d7e3a51550c3bc9ab3cb
83fd16710166d84bf5f975d9c898c79b259dd07ca23ee868a29be1227cbdfeb6
8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af
8cb438bd4d1961f80ade4f1a295ca7de253630adcdd10473932908e638908c5e
8e73a30d35c83ea6a597c3343324d2b7df097ad26e67b62efb5266ee12d317b5
946c135b26cea56f2b3867bd23d45c75eb81f65cb6a6213706ae326a4138f179
947b5c4c79ffba494426204d0bfc3c86c8fb8e2ce3706fc7142fa180bdb0509c
9632ebdf5438da339f0ab1eda33daee0eb72e3b4c19618ec96cbab7165388e48
9a4d7d9a0106d9d3051a41da5640ff7b299a9c10557eadb08cff8ae7f7c89fd1
9a5756f5f69fac107538f53ce9b0733ce44c94b1316544fab7e1b8f8cf9358db
9b52f94241a23c0614e1dc71bf305ac914a73e0cbabdb6f09a5c8519ed67b43c
9e2ba925b0679c27ec34e25225bb429fc65912f44012cf0e20bdb4de27aec855
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
b980f62a2d545d64f24e6f96902c8fbf5da0018569c369bc18f9e5b5fcf099ed
bf3bdcf2de703f24db84e167ce024c84db5b27cddb4aa21a09b1b10ba2217154
c152dffa8c8ade08590b0895b7397952e9869e1125508c11d09e086986749009
c2e8b4fba49f90cfca5a43371c09879aed7447e0ba2ed4abd75b81448776c4f7
c52d8ecaada50da7a9739ca285872b431fad51042eccf398e2c2ecad8013880b
c664d4a549fddc358dbfdbcd8d595bc18ac0bf0a0cd98840add23ff82c79013b
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e
ca6495abad9c91ebd650db661d0f9fc8430ebeb3fc25bbdb8787fb98805f9c8a
d06df4184ba84e09a4be6a6ed101d1c3adefea0eaa833ddecf2f2251f6af33a3
d31374e862fe63f0cfabb3f4cebf0723e3ee46c70589a8576daa1643cebdd651
d33cb4483ae22716a581b89f523332a52e07ebc94f845e02c5bc3e47633cc40c
d38246a9e9054a2a5ac454b2d79552250ad88a642228930e9d3c085a2c24fce0
d58ad6f49f6f268e1640104190bd2196306450aac1d7398cbda98e8330ab3a9b
d75e1f844d778cf6f8b25b1df8396fb57ea44255711218d62a3390439eacc28a
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
ec9e533468bbc524beb33f6306a8ac0d4c928d4d91608d4fa01e778715c30087
f7e248392cea6eed6651423f5b9a4adafec5b15921a2f16ec54e1012be0aaee5
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e