www.securityweek.com Open in urlscan Pro
2606:4700:20::6818:a003 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
Submission: On September 06 via manual (September 6th 2021, 10:21:40 pm UTC) from US

Summary HTTP 114 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 27 IPs in 3 countries across 14 domains to perform 114 HTTP transactions. The main IP is 2606:4700:20::6818:a003, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.securityweek.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 7th 2021. Valid for: a year.

This is the only time www.securityweek.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
38	2606:4700:20:... 2606:4700:20::6818:a003	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
5	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
7	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
2	2a02:26f0:10c... 2a02:26f0:10c::5f64:c15a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	185.198.189.48 185.198.189.48	62240 (CLOUVIDER...) (CLOUVIDER Clouvider - Global ASN)
6	2a00:1450:400... 2a00:1450:4001:802::200e	15169 (GOOGLE) (GOOGLE)
5	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE)
1	142.250.186.38 142.250.186.38	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2006	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
1 3	2a00:1450:400... 2a00:1450:4001:802::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::200d	15169 (GOOGLE) (GOOGLE)
1 2	104.244.42.200 104.244.42.200	13414 (TWITTER) (TWITTER)
1	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
6	168.62.202.120 168.62.202.120	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
2	137.135.51.188 137.135.51.188	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
114	27

38 2606:4700:20::6818:a003 (United States)

ASN13335 (CLOUDFLARENET, US)

www.securityweek.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:10c::5f64:c15a (Düsseldorf, Germany)

ASN20940 (AKAMAI-ASN1, NL)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.198.189.48 (London, United Kingdom)

ASN62240 (CLOUVIDER Clouvider - Global ASN, GB)

ads.securityweek.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.217.23.98 (United States)

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.38 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

9e262824252b4bf4dca5902a4e2b2e41.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:802::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.200 (United States) 1 redirects

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 168.62.202.120 (San Jose, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

app.brightinfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 137.135.51.188 (San Jose, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bia.brightinfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	securityweek.com www.securityweek.com ads.securityweek.com	669 KB
15	googlesyndication.com 9e262824252b4bf4dca5902a4e2b2e41.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	327 KB
14	google.com 1 redirects apis.google.com www.google.com adservice.google.com cse.google.com accounts.google.com	120 KB
9	twitter.com 1 redirects platform.twitter.com syndication.twitter.com	190 KB
8	brightinfo.com app.brightinfo.com bia.brightinfo.com	183 KB
7	doubleclick.net securepubads.g.doubleclick.net ad.doubleclick.net googleads4.g.doubleclick.net	159 KB
5	google-analytics.com ssl.google-analytics.com www.google-analytics.com	37 KB
5	googletagservices.com www.googletagservices.com	118 KB
2	linkedin.com platform.linkedin.com	123 KB
2	facebook.com www.facebook.com	2 KB
1	gstatic.com ssl.gstatic.com	5 KB
1	2mdn.net s0.2mdn.net	372 KB
1	google.de adservice.google.de	853 B
0	disqus.com Failed securityweek.disqus.com Failed
114	14

	Domain	Requested by
38	www.securityweek.com	www.securityweek.com
7	tpc.googlesyndication.com	ad.doubleclick.net securepubads.g.doubleclick.net tpc.googlesyndication.com
7	pagead2.googlesyndication.com	ad.doubleclick.net securepubads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
7	platform.twitter.com	www.securityweek.com platform.twitter.com
6	app.brightinfo.com	www.securityweek.com app.brightinfo.com
6	apis.google.com	www.securityweek.com apis.google.com accounts.google.com
6	ads.securityweek.com	www.securityweek.com ads.securityweek.com
5	www.google.com	1 redirects apis.google.com securepubads.g.doubleclick.net tpc.googlesyndication.com
5	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net www.securityweek.com
5	www.googletagservices.com	www.securityweek.com ad.doubleclick.net securepubads.g.doubleclick.net
3	ssl.google-analytics.com	www.securityweek.com
2	bia.brightinfo.com	app.brightinfo.com
2	www.google-analytics.com	app.brightinfo.com www.google-analytics.com
2	syndication.twitter.com	1 redirects platform.twitter.com
2	platform.linkedin.com	www.securityweek.com
2	www.facebook.com	www.securityweek.com
1	ssl.gstatic.com	accounts.google.com
1	accounts.google.com	apis.google.com
1	cse.google.com	www.securityweek.com
1	s0.2mdn.net
1	googleads4.g.doubleclick.net	ad.doubleclick.net
1	9e262824252b4bf4dca5902a4e2b2e41.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	ad.doubleclick.net	www.securityweek.com
0	securityweek.disqus.com Failed	www.securityweek.com
114	26

This site contains links to these domains. Also see Links.

Domain
www.infosecisland.com
www.securitysummits.com
securityweek.formstack.com
www.cisoforum.com
www.icscybersecurityconference.com
ads.securityweek.com
feeds.feedburner.com
twitter.com
www.facebook.com
www.linkedin.com
adclick.g.doubleclick.net

Subject Issuer	Validity	Valid
securityweek.com Cloudflare Inc ECC CA-3	`2021-06-07` - `2022-06-06`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-06-17` - `2021-09-15`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-05` - `2021-11-09`	a year	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2020-07-03` - `2022-07-08`	2 years	crt.sh
servedbyadbutler.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-01` - `2022-08-01`	a year	crt.sh
*.apis.google.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
accounts.google.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-30` - `2021-11-29`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.brightinfo.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-19` - `2022-03-24`	a year	crt.sh

This page contains 17 frames:

Primary Page: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
Frame ID: A501759FE3CA3217F78826565D61C29A
Requests: 79 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.securityweek.com%2Fapt-group-using-voice-changing-software-spear-phishing-campaign&layout=button_count&show_faces=true&width=120&action=recommend&font=tahoma&colorscheme=light&height=21
Frame ID: B6538B23A01B8962F5B05EA1D21CB849
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.securityweek.com%2Fapt-group-using-voice-changing-software-spear-phishing-campaign&layout=button_count&show_faces=true&width=120&action=recommend&font=tahoma&colorscheme=light&height=21
Frame ID: 3CB10C2CABE2203760D8D6A20FBB8CEA
Requests: 1 HTTP requests in this frame

Frame: https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&origin=https%3A%2F%2Fwww.securityweek.com&url=https%3A%2F%2Fwww.securityweek.com%2Fapt-group-using-voice-changing-software-spear-phishing-campaign&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.UYHeVG_mX5s.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCPDcESMLF74mIvk5CKxuCjzYIf5XA%2Fm%3D__features__
Frame ID: 4AB904A8B8A8A24834C34C795B0F5CD5
Requests: 2 HTTP requests in this frame

Frame: https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&origin=https%3A%2F%2Fwww.securityweek.com&url=https%3A%2F%2Fwww.securityweek.com%2Fapt-group-using-voice-changing-software-spear-phishing-campaign&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.UYHeVG_mX5s.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCPDcESMLF74mIvk5CKxuCjzYIf5XA%2Fm%3D__features__
Frame ID: BD6C1E7E96E41BF1F8562868F71533B2
Requests: 2 HTTP requests in this frame

Frame: https://9e262824252b4bf4dca5902a4e2b2e41.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 6A73C8C8206BB7B7EA9F37311E84A3DB
Requests: 1 HTTP requests in this frame

Frame: https://www.securityweek.com/ad.html
Frame ID: D6CE9522D63B86FEE8A8F27B25A56D1D
Requests: 1 HTTP requests in this frame

Frame: https://www.securityweek.com/ad.html
Frame ID: 060ED93634AD86170BE554292A5A7A6C
Requests: 5 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.f88235f49a156f8b4cab34c7bc1a0acc.html?origin=https%3A%2F%2Fwww.securityweek.com
Frame ID: 1CBE571C632F6D073A596174D26D074B
Requests: 2 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.securityweek.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.UYHeVG_mX5s.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCPDcESMLF74mIvk5CKxuCjzYIf5XA%2Fm%3D__features__
Frame ID: 5BA1656D0E0B94655D824776FFA4BECE
Requests: 3 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvsEp7sJHnViXrYjCqhwT0tZB62yEDyXZhAZkI7511_0JuTcM3600YJCCih0rQhRhxJ-VMdytxikYWVPj6zDMc0UqxGaroHttG9nHXql9J8_jRsnPHbQeEsslSbAY6Tpk24zc0dGP88K4baq2mJUIyw55DzNRbSTavDQmuf4BHdzzdxmmapt0UCs8zBMqrtOYxliQaTDO_7MtJE8x6HvzXiiA-JTee5d52ie6LpobR8x_dbhXEhB6TCezcwGdGKZBfcXBSeEx1n-7BLlfXRSeA9wP9Ujzz7MqHkx8t4cdDdC5CglN__ZtHhy9PGJfmBNHpeLvyxrNwbQtzbQPbdnvCQ&sig=Cg0ArKJSzNZBTAA54l31EAE&adurl=
Frame ID: 50E132AFD272FDB9C31CC3010664FEA7
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: A3FE006FDAFD360F10330BB4F5BB7FB3
Requests: 3 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.f88235f49a156f8b4cab34c7bc1a0acc.en.html
Frame ID: BDA2CEE4780956FFAADCDCEF158A17AF
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.f88235f49a156f8b4cab34c7bc1a0acc.en.html
Frame ID: 373DF7116222281D0B07AEED9733256B
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: DAE3B157854A25C399747C4F71B5F24E
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: CCA0FE03ECE7D33DA9D553A5B92AC6E0
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/jot.html
Frame ID: F6E1A7E69D1B3D8C0F5C0EA6932A0CD8
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

APT Group Using Voice Changing Software in Spear-Phishing Campaign | SecurityWeek.Com

Detected technologies

Drupal (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<(?:link|style)[^>]+"\/sites\/(?:default|all)\/(?:themes|modules)\//i
headers expires /19 Nov 1978/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<(?:link|style)[^>]+"\/sites\/(?:default|all)\/(?:themes|modules)\//i
headers expires /19 Nov 1978/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Plus (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /apis\.google\.com\/js\/[a-z]*\.js/i

Page Statistics

114
Requests

98 %
HTTPS

73 %
IPv6

14
Domains

26
Subdomains

27
IPs

3
Countries

2305 kB
Transfer

4849 kB
Size

2
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: http://www.infosecisland.com/
Title: Infosec Island

Search URL Search Domain Scan URL

URL: https://www.securitysummits.com/
Title: Virtual Events

Search URL Search Domain Scan URL

URL: https://securityweek.formstack.com/forms/contact
Title: WRITE FOR US

Search URL Search Domain Scan URL

URL: https://www.cisoforum.com/
Title: 2021 CISO Forum

Search URL Search Domain Scan URL

URL: https://www.icscybersecurityconference.com/
Title: ICS Cyber Security Conference

Search URL Search Domain Scan URL

URL: https://ads.securityweek.com/redirect.spark?MID=179018&plid=1521916&setID=477489&channelID=0&CID=555645&banID=520434591&PID=0&textadID=0&tc=1&mt=1630966878186613&sw=1600&sh=1200&spr=1&hc=cdc499dec714c6ccff484394aa5421936c579f25&location=

Search URL Search Domain Scan URL

URL: https://feeds.feedburner.com/securityweek

Search URL Search Domain Scan URL

URL: http://www.cisoforum.com/
Title: 2021 CISO Forum: September 21-22 - A Virtual Event

Search URL Search Domain Scan URL

URL: http://www.icscybersecurityconference.com/singapore
Title: 2021 Singapore/APAC ICS Cyber Security Conference [Virtual: June 22-24]

Search URL Search Domain Scan URL

URL: http://www.icscybersecurityconference.com/
Title: 2021 ICS Cyber Security Conference | USA [Hybrid: Oct. 25-28]

Search URL Search Domain Scan URL

URL: https://twitter.com/securityweek

Search URL Search Domain Scan URL

URL: https://www.facebook.com/pages/SecurityWeekCom/366251913615

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/groups?gid=2983767

Search URL Search Domain Scan URL

URL: https://adclick.g.doubleclick.net/pcs/click?xai=AKAOjstm6FFojJpJjLkC2BmzmY5j-C2GcaNOAuYWcMUuxdScTzlol9goxqCE-LZVWVD8L5dUOy5HYWkMUKQzpzrruqIetjEQ_LqyTO2YXFGRi-yq28qJtjJ3sJ72-CY9MSlbbcsqWqgY_Zr1&sig=Cg0ArKJSzNTA-ahIkVAp&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&adurl=https://www.netscout.com/visibility-without-borders%3Futm_source%3Dbanner%26utm_campaign%3Dvwb%26utm_medium%3Ddisplay%26utm_term%3DDetect-every-threat%26utm_keyword%3Dglitch%26utm_content%3Dcampaign_page%26utm_id%3D26053297-6557325-307467969-155047437

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/groups?mostPopular=&gid=3551517
Title: Cyber Weapon Discussion Group

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/groups?gid=4439585
Title: Security Intelligence Group

Search URL Search Domain Scan URL

URL: https://www.securitysummits.com/sponsors/
Title: Event Sponsorships

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 68

https://www.google.com/coop/intl/en/images/google_custom_search_watermark.gif HTTP 301
https://cse.google.com/coop/intl/en/images/google_custom_search_watermark.gif

Request Chain 103

https://syndication.twitter.com/i/jot HTTP 302
https://platform.twitter.com/jot.html

114 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request apt-group-using-voice-changing-software-spear-phishing-campaign Show response
www.securityweek.com/ 43 KB
11 KB 1107ms
691ms Document
text/html 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.3.29
Resource Hash: d3b2e714af4a46e55fca1fa141b13fe6144dc378cf696f3a029612f82f082e70

Request headers

:method: GET
:authority: www.securityweek.com
:scheme: https
:path: /apt-group-using-voice-changing-software-spear-phishing-campaign
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:16 GMT
content-type: text/html; charset=utf-8
x-powered-by: PHP/5.3.29
expires: Sun, 19 Nov 1978 05:00:00 GMT
cache-control: must-revalidate
set-cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674; expires=Thu, 30-Sep-2021 01:54:36 GMT; path=/; domain=.securityweek.com
last-modified: Mon, 06 Sep 2021 15:57:08 GMT
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sjbyhHt1Rs%2BMVdevYaLmZAT75njE9G61yY72cGVvtKUdG7epjvYMHw0AWPBgli2CbPeJ6c6G24AC%2Fy%2BrHvpVxXWogF0dcckrSQ%2BA%2F3F7%2BcW7XyfdL1ogzgEbh6q%2Fgz5%2F4nySCWduevU6AVrPJUbvzC5v"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 68ab16de3afe430f-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3-29 200 MtZjAddKzhFJoLq5xYGl1vZkDn8.js Show response
www.securityweek.com/cdn-cgi/apps/head/ 5 KB
3 KB 184ms
96ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/cdn-cgi/apps/head/MtZjAddKzhFJoLq5xYGl1vZkDn8.js
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f8dd5483dc29044f06c3a45f8fd05d0f122a2b4315292df6da919775189351c9

Request headers

:path: /cdn-cgi/apps/head/MtZjAddKzhFJoLq5xYGl1vZkDn8.js
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.securityweek.com
referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:16 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12125305
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: 0YRG1WV2HZS5Z7E5
x-amz-id-2: xk+C39m/81SkG2i1ixv3ME3yQjR6kZO/gFIEtCzoNmWz4aDrbfQBzN5CPmjc4r+KRsnvnH89Vjw=
last-modified: Tue, 04 Dec 2018 19:44:59 GMT
server: cloudflare
etag: W/"6998744eb932e2ecef296a28191978ed"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kpt%2Be%2B%2BxtASRZ1kN0iLtssXddtmEeCwple6hT9GL3IGcLs0yAb20l6GOKNe8rJZDIX4PqLnQv19VsKZFqaxafb%2BjZONqFOp%2FbFPxuotVkTWaWSiBzSp%2Fwzm58pUaJEPr1rASuFgY%2BCukHilybp22u0Em"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: JCMgPdMNLoo3bIn5Dbz15QtzSlH_yitT
cf-ray: 68ab16e2bd0a4eda-FRA

GET
H3-29 200 css_f15388d10a618652240d5349136063c8.css
www.securityweek.com/sites/default/files/css/ 24 KB
6 KB 184ms
96ms Stylesheet
text/css 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/sites/default/files/css/css_f15388d10a618652240d5349136063c8.css
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d10a778caafc69e25249f7b7fa00a1bfaa240991b6c7cdedb7f562fff418eb21

Request headers

:path: /sites/default/files/css/css_f15388d10a618652240d5349136063c8.css
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.securityweek.com
referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:16 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 350315
cf-polished: origSize=24799
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 02 Sep 2021 21:01:53 GMT
server: cloudflare
etag: W/"3c18fb-60df-5cb097e10d84e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uOUJ2Jve5fsq3gbg2IMI4UsihlrlfwgJnIyd5A2hS0p4XXj7WK80Ak1EltVzG%2FczjTTBeTmAE7K%2FmtbkXWysfq%2BtC8ciH1u8Ybupzn9floKx119y5BnN41JCIqnlzCKx7bkHnpwpj1Q1xKAf9daTAkI0"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=1209600
cf-ray: 68ab16e2bd094eda-FRA
expires: Thu, 16 Sep 2021 21:02:41 GMT

GET
H3-29 200 css_997d6f0b4b88c41604ed9858d195eeec.css
www.securityweek.com/sites/default/files/css/ 27 KB
6 KB 179ms
92ms Stylesheet
text/css 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0deae7d488b0316e0149f1dc2caec46821b2272127b61b4ffadf6f99a303ea16

Request headers

:path: /sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.securityweek.com
referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:16 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 350315
cf-polished: origSize=27647
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 02 Sep 2021 21:01:53 GMT
server: cloudflare
etag: W/"3c191e-6bff-5cb097e10e406"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kdSJSpRFRQiOZmJUyGN0HSE0kuBr8iOVhKscu1n6pi52rws6aNOD7cvbves%2B0IYXI17a7lwczXBT1gQxhN%2Fz8sAVKde594Xmxt7%2BVWZrLJu9xqTUuYO%2FaPl80TFWh7VG%2FYxXmMOkCjsgAbXjfVMWsEwC"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=1209600
cf-ray: 68ab16e2bd084eda-FRA
expires: Thu, 16 Sep 2021 21:02:41 GMT

GET
H3-29 200 securityweek_logo.jpg
www.securityweek.com/sites/default/files/ 32 KB
33 KB 92ms
92ms Image
image/jpeg 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/sites/default/files/securityweek_logo.jpg
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9f7ff780ab397e8be4f856bed40c6223e3263c5893e84c1ccc38f9f1bdbd4d74

Request headers

:path: /sites/default/files/securityweek_logo.jpg
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.securityweek.com
referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1002584
cf-polished: origSize=42212
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 33131
last-modified: Tue, 30 Mar 2021 18:06:35 GMT
server: cloudflare
etag: "c60712-a4e4-5bec4dbe85bb4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3TYA9VV68C6qL4fsFNlSOYhjrneBWq1%2FyRHtYPuf10OX14T1aXstmeEvx2H87UxGRgHeJkCMXlkdQlc02lONKnv3N33EhlLrVmYx1Ino0JZO5BqLquuQDJmxWZ7o8tVpJq5dsjQOs5WPZuwpIrjuaXs0"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
expires: Thu, 09 Sep 2021 07:51:32 GMT
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 68ab16e35dd34eda-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 picture-142.jpg
www.securityweek.com/sites/default/files/imagecache/auth_story/pictures/ 2 KB
3 KB 170ms
169ms Image
image/jpeg 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/sites/default/files/imagecache/auth_story/pictures/picture-142.jpg
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c8c3472f82c523707024b21c9c02755fb4fc9540558895e5ec10ceb1a7ac7977

Request headers

:path: /sites/default/files/imagecache/auth_story/pictures/picture-142.jpg
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.securityweek.com
referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 954728
cf-polished: origSize=2275
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1946
last-modified: Wed, 31 Aug 2016 11:41:29 GMT
server: cloudflare
etag: "3c191c-8e3-53b5c9400d9a0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DzBmhTQEpwHziBORqHlRuyyHd5wlD%2BB5p9QpM1UNx5cUnvm1DXwRvwExSw%2Bxpl7tQMxf9%2Bi5b35YjMMnsNNskzY0H1oHDUojfLf1x2Z8nP%2FybaGjfY2GAxGolviFtNxWgCv6%2BGMYSAY0E7eT8p4ZiRfp"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
expires: Thu, 09 Sep 2021 21:09:08 GMT
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 68ab16e35ddf4eda-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 RSS-Icon.png
www.securityweek.com/images/ 3 KB
3 KB 171ms
169ms Image
image/png 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/images/RSS-Icon.png
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 62b425148295a81e4162a87cb36eba754d16b295ec5b733140e2b82c7f77a731

Request headers

:path: /images/RSS-Icon.png
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.securityweek.com
referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 47232
cf-polished: origSize=2844
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 2637
last-modified: Wed, 06 Oct 2010 06:57:24 GMT
server: cloudflare
etag: "1e133b-b1c-491ed4a241d00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2EnoK32PKRSmfQhq8GRqB6y%2FK84sGuTXXNEn4HPtMWkPBvKryj6lcjgAVo%2B0pc1bRwv5FFUMDFnevFoaKWzIBraJYGpEehvBP3dZeznLrgqG3zwPUP6gTNg%2ByCSRO38vcJmyij3Dcx%2FRKllqg8D6nehO"}],"group":"cf-nel","max_age":604800}
content-type: image/png
expires: Mon, 20 Sep 2021 09:14:04 GMT
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 68ab16e35de04eda-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 serve.php
www.securityweek.com/sites/all/modules/ad/ 695 B
1 KB 407ms
405ms Image
image/jpeg 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/sites/all/modules/ad/serve.php?o=image&a=1296
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.3.29
Resource Hash: ad853a72ac4fa4a7ea4700fb824906dbba6fd62e4f61e92449a5cba3f60ff1dc

Request headers

:path: /sites/all/modules/ad/serve.php?o=image&a=1296
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.securityweek.com
referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Sep 2021 22:21:17 GMT
cf-cache-status: DYNAMIC
last-modified: Mon, 06 Sep 2021 22:21:16 GMT
server: cloudflare
x-powered-by: PHP/5.3.29
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jYJQk0xq%2F8PO%2F%2FncZOFqkiEiyswi108vFSNUTw6boFv87bdKVnynLtX%2BtvV7iUXNtYNKX53MCuUOLoqxFucTPlO7IQmkZMC7Jk0mo5Nu93H9Mha2V%2B8%2BIGWDpm9WlWEyej%2BE8p7lxFPezuD0%2FqP5uJ0W"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
set-cookie: SESSae1377f0cbe7278b70a9339b7853afbd=146f61ee4c2f980fab2a51eb03760d9d; expires=Thu, 30-Sep-2021 01:54:36 GMT; path=/; domain=.securityweek.com
cf-ray: 68ab16e35de24eda-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3-29 200 serve.php
www.securityweek.com/sites/all/modules/ad/ 695 B
1 KB 407ms
406ms Image
image/jpeg 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/sites/all/modules/ad/serve.php?o=image&a=1030
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.3.29
Resource Hash: ad853a72ac4fa4a7ea4700fb824906dbba6fd62e4f61e92449a5cba3f60ff1dc

Request headers

:path: /sites/all/modules/ad/serve.php?o=image&a=1030
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.securityweek.com
referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Sep 2021 22:21:17 GMT
cf-cache-status: DYNAMIC
last-modified: Mon, 06 Sep 2021 22:21:16 GMT
server: cloudflare
x-powered-by: PHP/5.3.29
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XcNuFxbo0uMMAV03wVsxuMsEBubPeWjn0Q1ZOleazkeKbODF%2FrgXZS37frOV9rEiwb0H1PMOqTm0ZkZyGsz%2BC%2BKa4hFDS3vToJaPsDlZ08IGSev4OpjLkQJaLkT0CZm4ddvS9Qc8TpabVlyDRjEfQQDU"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
set-cookie: SESSae1377f0cbe7278b70a9339b7853afbd=c69783553ea10ea28a753c4d2b165f0b; expires=Thu, 30-Sep-2021 01:54:36 GMT; path=/; domain=.securityweek.com
cf-ray: 68ab16e35de54eda-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3-29 200 serve.php
www.securityweek.com/sites/all/modules/ad/ 695 B
1 KB 401ms
400ms Image
image/jpeg 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/sites/all/modules/ad/serve.php?o=image&a=894
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.3.29
Resource Hash: ad853a72ac4fa4a7ea4700fb824906dbba6fd62e4f61e92449a5cba3f60ff1dc

Request headers

:path: /sites/all/modules/ad/serve.php?o=image&a=894
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.securityweek.com
referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Sep 2021 22:21:17 GMT
cf-cache-status: DYNAMIC
last-modified: Mon, 06 Sep 2021 22:21:17 GMT
server: cloudflare
x-powered-by: PHP/5.3.29
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fcNkL1QHNrG3fJkd%2Fg2lQRwF1860v6l9AIK%2F9Tlz%2FldIMvt8mVXw1HUyvm6dCMelBBNhQlDfpKrCBU53JtZtY%2B941GjMxt8qncVsU0RJHHEIa59K5BzIMF886CxH3nfaGnWQBfUkCDPsIf5JbcjA49i%2B"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
set-cookie: SESSae1377f0cbe7278b70a9339b7853afbd=2519eaf6ce89d9fea6253c720af9f250; expires=Thu, 30-Sep-2021 01:54:36 GMT; path=/; domain=.securityweek.com
cf-ray: 68ab16e3ce7d4eda-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3-29 200 serve.php
www.securityweek.com/sites/all/modules/ad/ 695 B
1 KB 410ms
410ms Image
image/jpeg 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/sites/all/modules/ad/serve.php?o=image&a=683
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.3.29
Resource Hash: ad853a72ac4fa4a7ea4700fb824906dbba6fd62e4f61e92449a5cba3f60ff1dc

Request headers

:path: /sites/all/modules/ad/serve.php?o=image&a=683
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.securityweek.com
referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Sep 2021 22:21:17 GMT
cf-cache-status: DYNAMIC
last-modified: Mon, 06 Sep 2021 22:21:17 GMT
server: cloudflare
x-powered-by: PHP/5.3.29
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G%2Byrims7qkPZ%2B4WDrtZ3KfkPsDtMAkT%2B%2F%2BbSu7P3nyVTvOZrjZ%2B0np769MsyZWoX4DzFBIRow17EnSSXQ4%2BXGRVTUqcwEg%2BiW19uh3zL4BxMkx0QxLz33gmXDOYQHmLxt1m%2BXEHfNxWbaBpFLc9T1g72"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
set-cookie: SESSae1377f0cbe7278b70a9339b7853afbd=735e7d45a2e33ef136b52a976958b1ef; expires=Thu, 30-Sep-2021 01:54:36 GMT; path=/; domain=.securityweek.com
cf-ray: 68ab16e3ce7e4eda-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3-29 200 serve.php
www.securityweek.com/sites/all/modules/ad/ 695 B
1 KB 398ms
398ms Image
image/jpeg 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/sites/all/modules/ad/serve.php?o=image&a=693
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.3.29
Resource Hash: ad853a72ac4fa4a7ea4700fb824906dbba6fd62e4f61e92449a5cba3f60ff1dc

Request headers

:path: /sites/all/modules/ad/serve.php?o=image&a=693
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.securityweek.com
referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Sep 2021 22:21:17 GMT
cf-cache-status: DYNAMIC
last-modified: Mon, 06 Sep 2021 22:21:17 GMT
server: cloudflare
x-powered-by: PHP/5.3.29
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eORU1a2ZOcI6%2FpLcZNsJpWbYYFPYF97b56WV6NHVbCY%2FxReYT6gLg6JclM7ubeoES2dtMxPLxikNDnTjP8FEp6k3TtjSNgmUAeg2rBvjZQp4w1Rkk4fXhKKvyBEQC7SLgoY5MNxYA57WeguzcXXma9eR"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
set-cookie: SESSae1377f0cbe7278b70a9339b7853afbd=114821c1020299a0d5c6b659c23e0f04; expires=Thu, 30-Sep-2021 01:54:36 GMT; path=/; domain=.securityweek.com
cf-ray: 68ab16e3ce7f4eda-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3-29 200 tag_icon.jpg
www.securityweek.com/images/ 680 B
1 KB 92ms
92ms Image
image/jpeg 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/images/tag_icon.jpg
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 65cc8600f521d4e99aa77e95337426f53ec86dd569e8db164bcda70d5c1da388

Request headers

:path: /images/tag_icon.jpg
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.securityweek.com
referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 924539
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 680
last-modified: Fri, 06 Aug 2010 07:41:12 GMT
server: cloudflare
etag: "1e133a-2a8-48d22ca765600"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mPE7ICvpRI7c9WktTIJ8bp%2BU9rd%2FDXW1rM66yAEoQPfQwdPxatUb0%2FXHfwrhT7tw%2FnjJS%2BIe2ro2jaXc8X%2FtP1xahaTC1gZgHPl%2Ba9oS7gTj369y0rbwfycTnUoyUkXMUUuyTAyMgmjX%2BWf0viOG1Yfy"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
expires: Fri, 10 Sep 2021 05:32:17 GMT
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 68ab16e4d8114eda-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 security_newsletter.gif
www.securityweek.com/images/ 1 KB
2 KB 114ms
112ms Image
image/gif 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/images/security_newsletter.gif
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 200abde0c426b23abe8a9c501ab4e8e72c048cc0653203817cc9ff96cc6e394d

Request headers

:path: /images/security_newsletter.gif
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.securityweek.com
referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 47090
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1084
last-modified: Fri, 22 Apr 2011 17:43:08 GMT
server: cloudflare
etag: "1e134c-43c-4a185640ae300"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o0gdg6c7q9wKinAa%2F326k08DJmXO6r1MPgjOJPvSk9kLI880NH5cRzMm3EdJ6OAmts%2FHNm%2FfOaxKlrZpMq9IjXUje0y8hyQmEj8ALUSnFJQiUL6XWqQo%2Bl%2B108Kjd2eAXtlLa%2FOG%2FEbsnfq0cRWkJQPm"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
expires: Mon, 20 Sep 2021 09:16:26 GMT
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 68ab16e42f034eda-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 Twitter-security-icon.png
www.securityweek.com/sites/default/files/logos/ 1 KB
2 KB 98ms
96ms Image
image/png 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/sites/default/files/logos/Twitter-security-icon.png
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 10f0e5158e45d76ba649af69ed465a28489483ac934b3e491773cb5e4c9704f0

Request headers

:path: /sites/default/files/logos/Twitter-security-icon.png
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.securityweek.com
referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1002343
cf-polished: origSize=2314
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1238
last-modified: Tue, 12 Jan 2021 20:28:49 GMT
server: cloudflare
etag: "c6072c-90a-5b8b9deca4eed"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f1SIsOj5bfcC0l2LP60pM6vC8ewJJcZTayY9aoRji3B%2Fo67vMPGnKnRyCEQvH48ABIQxlEwc4QNhYcZdRblPhGz5vr6VZqCMXaY4MATXkWrddDe5mpW53LnY0sMle0bfRJyYbCiLCscYOI5VL9R%2BHuhU"}],"group":"cf-nel","max_age":604800}
content-type: image/png
expires: Thu, 09 Sep 2021 07:55:33 GMT
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 68ab16e42efb4eda-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 Facebook-Security-Group.png
www.securityweek.com/sites/default/files/logos/ 1 KB
2 KB 114ms
112ms Image
image/png 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/sites/default/files/logos/Facebook-Security-Group.png
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f9048e36baefc5cac0974c3e49ffc683d667c5b2081f6cd8d20f5a301b124c2

Request headers

:path: /sites/default/files/logos/Facebook-Security-Group.png
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.securityweek.com
referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 47089
cf-polished: origSize=2335
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1315
last-modified: Tue, 12 Jan 2021 20:31:23 GMT
server: cloudflare
etag: "c6072e-91f-5b8b9e7f5d191"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N7anktMWZBZuFDjC0lFydSwEAWrAsZ5%2FOhd2GrL73KhgssBPPK05iqox3%2FesbP3jURU8CmhAjfq63lzUfmNW8DfMfMxFwP1UiXmopF0ElL71PJcMgVYzaiRqd0Ph79NipQQp4GIZ%2F29fN%2FFhgxwLNot2"}],"group":"cf-nel","max_age":604800}
content-type: image/png
expires: Mon, 20 Sep 2021 09:16:27 GMT
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 68ab16e42f024eda-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 LinkedIn-Cybersecurity-icon.png
www.securityweek.com/sites/default/files/logos/ 1 KB
2 KB 97ms
96ms Image
image/png 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/sites/default/files/logos/LinkedIn-Cybersecurity-icon.png
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f3d36be68e6a795cf0d621b7d8b4beb4b9f9caea3f3682f2f8f59a846000893

Request headers

:path: /sites/default/files/logos/LinkedIn-Cybersecurity-icon.png
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.securityweek.com
referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 88574
cf-polished: origSize=2404
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1369
last-modified: Tue, 12 Jan 2021 20:28:18 GMT
server: cloudflare
etag: "c6072a-964-5b8b9dce83b9e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F7P%2BdXL2SpECVC709TwBJPdkEOCXvbHLzof3FPMyfs9eAxL%2Beiki31KTTnOApt%2FohbGIKMMwbRsyzdX4Ux55SAbbtLVnXeiqBFALwPXskU%2BSTp5tuuGqEkb9Hp0sNiJjeQBtx0c5zwN16fdSthMmqlF4"}],"group":"cf-nel","max_age":604800}
content-type: image/png
expires: Sun, 19 Sep 2021 21:45:02 GMT
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 68ab16e42efc4eda-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 Cybersecurity_News_Feed.png
www.securityweek.com/sites/default/files/logos/ 1 KB
2 KB 99ms
97ms Image
image/png 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/sites/default/files/logos/Cybersecurity_News_Feed.png
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: efb9d49a04efcc971667386f67fb420e20fd130339f1c994fc7359bc34771ef9

Request headers

:path: /sites/default/files/logos/Cybersecurity_News_Feed.png
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.securityweek.com
referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 89037
cf-polished: origSize=2414
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1398
last-modified: Tue, 12 Jan 2021 20:27:46 GMT
server: cloudflare
etag: "c60731-96e-5b8b9db04a596"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8XqepGvX4QC0d%2FujWs9v6FMcM7eLQwVh%2FSyOMIUxgEqvXk%2BsCiir4tbC%2FTlOA%2FoIH4xgjkvgbjs64%2Bij7XRipQjmvEbhaDte6HWX2biJqjc1K8Cj3hKTqADvlnMdvgqBndZhlqG7XSXG391EVjhlz%2Fu6"}],"group":"cf-nel","max_age":604800}
content-type: image/png
expires: Sun, 19 Sep 2021 21:37:19 GMT
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 68ab16e42efa4eda-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 JsfVAji5wHtjMw9KWartCq34fZY.js Show response
www.securityweek.com/cdn-cgi/apps/body/ 23 KB
8 KB 94ms
94ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/cdn-cgi/apps/body/JsfVAji5wHtjMw9KWartCq34fZY.js
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/apps/head/MtZjAddKzhFJoLq5xYGl1vZkDn8.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c9b185e1e937971dfedaafecf01bc14813a2ece31cc9af4a2097f9b3ecb061d

Request headers

:path: /cdn-cgi/apps/body/JsfVAji5wHtjMw9KWartCq34fZY.js
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.securityweek.com
referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:16 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12008354
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: 300VP89BZSCJWGRZ
x-amz-id-2: 0f6NRGNGMTS1VY/46l8FblH0RzU+Un/jiSWNmiBKpn2+hU7deX5fsnNegiFKndT60QAOEu1Awgg=
last-modified: Tue, 04 Dec 2018 19:44:58 GMT
server: cloudflare
etag: W/"cb0ca31f11dc8247de26e3dcd49db722"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ugl0BT%2FlpqfrczLPI7hEA1EKbG264c6ZiEa0bMANGCH%2BsBclYKunin%2F2jIoqksjvyOW3iMDp0m4ei%2BJOmdmGERzpkXUy2LxRCnWacFzTBHChmT30duQdHvEBEOAD89fUKripSxBXeuH%2FfrCXBifXMgMn"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: h5OK1yTQAx2t7V4blDMielr1pB4gwYKR
cf-ray: 68ab16e4d8134eda-FRA

GET
H2 200 like.php Show response
www.facebook.com/plugins/ Frame B653 0
120 B 426ms
153ms Document
text/html 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.securityweek.com%2Fapt-group-using-voice-changing-software-spear-phishing-campaign&layout=button_count&show_faces=true&width=120&action=recommend&font=tahoma&colorscheme=light&height=21

Requested by

Host: www.securityweek.com
URL: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /plugins/like.php?href=http%3A%2F%2Fwww.securityweek.com%2Fapt-group-using-voice-changing-software-spear-phishing-campaign&layout=button_count&show_faces=true&width=120&action=recommend&font=tahoma&colorscheme=light&height=21
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.securityweek.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.securityweek.com/

Response headers

content-type: text/html;charset=utf-8
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src 'self' data: blob: https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src connect.facebook.net static.xx.fbcdn.net 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net data:;connect-src wss://gateway.facebook.com wss://edge-chat.facebook.com *.facebook.com *.fbcdn.net wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com;worker-src blob:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coep_report"}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-xss-protection: 0
x-fb-debug: W/aSl+5VqgG5fWjrg+VPIAM7wVJpjoAaJTMb+LgdymbqDDiJ4dF7nHeI7pD0asd3IRBhQ/g/fSMvQU9jRuQx7w==
content-length: 0
date: Mon, 06 Sep 2021 22:21:17 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

GET
H2 200 like.php Show response
www.facebook.com/plugins/ Frame 3CB1 0
1 KB 423ms
152ms Document
text/html 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.securityweek.com
URL: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /plugins/like.php?href=http%3A%2F%2Fwww.securityweek.com%2Fapt-group-using-voice-changing-software-spear-phishing-campaign&layout=button_count&show_faces=true&width=120&action=recommend&font=tahoma&colorscheme=light&height=21
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.securityweek.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.securityweek.com/

Response headers

content-type: text/html;charset=utf-8
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src 'self' data: blob: https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src connect.facebook.net static.xx.fbcdn.net 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net data:;connect-src wss://gateway.facebook.com wss://edge-chat.facebook.com *.facebook.com *.fbcdn.net wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com;worker-src blob:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coep_report"}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-xss-protection: 0
x-fb-debug: 1ncmUvh0/RhtdLy8oDc+KOmzLyGLBRUk6yogyh+36vBcmrYYLuXAB+ZRU7pgnYcj4gZfpyOHDyyOKYlB04ZyMQ==
content-length: 0
date: Mon, 06 Sep 2021 22:21:17 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

GET
H3-29 200 wired_publishing.jpg
www.securityweek.com/images/ 2 KB
3 KB 93ms
93ms Image
image/jpeg 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/images/wired_publishing.jpg
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 08fa49f20076c343e2724c631a732d8cbd3bd0daf55f4a0f8311e07dc77be29c

Request headers

:path: /images/wired_publishing.jpg
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.securityweek.com
referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 924610
cf-polished: origSize=2601
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 2076
last-modified: Wed, 08 Dec 2010 15:26:32 GMT
server: cloudflare
etag: "1e132d-a29-496e7bef23a00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XMWO0DKPFUnkyQGvS7khFWLarpjn4uqtcxPqs6SOEL62%2BwXvCaIkSuNE4JKR7CidhCwMA0gR6c6we8Hqh%2BeGzQIpNI6McT22kny1X666kwO1UWbXGi3Taj7Iqx527YHwazxelVrNO6ZJMe4DZKwaLync"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
expires: Fri, 10 Sep 2021 05:31:06 GMT
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 68ab16e4d8154eda-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 rocket-loader.min.js Show response
www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 88ms
86ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: www.securityweek.com
URL: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.securityweek.com
referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 01 Sep 2021 15:49:24 GMT
server: cloudflare
etag: W/"612fa104-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LzfPTmQP0l393uCQ2Rv%2Fn5dSI3ZOtXiHKLCnEtGXtGqkakKwY2wXjZmnCbZo%2FkqS%2FwCshouGIZqrIFXnaR8f0yyh4xU62U9xPPeXwkGdCB6vYehCp18kPxkqXxgGUX42GZH43hrYU6pVWE%2FbqIct5Uu1"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 68ab16e578e94eda-FRA
vary: Accept-Encoding
expires: Wed, 08 Sep 2021 22:21:17 GMT

GET
H3-29 200 bg.jpg
www.securityweek.com/sites/all/themes/securityweek/images/ 475 B
1 KB 94ms
93ms Image
image/jpeg 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/sites/all/themes/securityweek/images/bg.jpg
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab74e69c44356590de92b4b7354dc5ae3887e20f3dd9d07cea55cedbdd441f95

Request headers

:path: /sites/all/themes/securityweek/images/bg.jpg
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.securityweek.com
referer: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 88574
cf-polished: origSize=13217
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 475
last-modified: Sat, 09 Aug 2014 20:02:44 GMT
server: cloudflare
etag: "3c0013-33a1-50037ce116100"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=68YJC7XM0HdFVXwA40dzH4Iau3fam4anlDqxHxuovHDz3nyx7YKERVbPR37%2BNsurL8y0J2KRemVJtpNzdnna4aYquTHOPJeS6t2FihkuvXpZCGArVw9l%2BaWaTgni5Zr5wwVXPh6qbi%2BpqkG%2BKpDZT3FW"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
expires: Sun, 19 Sep 2021 21:45:02 GMT
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 68ab16e42ef44eda-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 menu-leaf.gif
www.securityweek.com/sites/all/themes/securityweek/images/icons/ 175 B
841 B 94ms
92ms Image
image/gif 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/sites/all/themes/securityweek/images/icons/menu-leaf.gif
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 913e0bff2ebdfd8aa46e82e8282910638f68fdb9f56f447f1f6b259f3fe5e539

Request headers

:path: /sites/all/themes/securityweek/images/icons/menu-leaf.gif
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.securityweek.com
referer: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 88575
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 175
last-modified: Mon, 22 Mar 2010 15:27:51 GMT
server: cloudflare
etag: "3c002d-af-482655712cbc0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yQlvyzdhUd3kZXLILxbBdTvk6GVSt%2F6ajvOrAieMQr6aTg4hS0fhr2lK0%2BlauIU%2BldA1oH68OMNpEOtr6LNz6GgNWxpt8TYsaFAdin3cqJfu0AdlJi1ngwtR6xY0OlwJUjEKzpNWn71uPx3tx0M0a2oN"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
expires: Sun, 19 Sep 2021 21:45:02 GMT
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 68ab16e578ec4eda-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 header_bg.jpg
www.securityweek.com/sites/all/themes/securityweek/images/ 387 B
1 KB 96ms
95ms Image
image/jpeg 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/sites/all/themes/securityweek/images/header_bg.jpg
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d55e4cb97826944c4f826821ac2688b361d7cf0303b4640c2cb3eef6ee19b233

Request headers

:path: /sites/all/themes/securityweek/images/header_bg.jpg
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.securityweek.com
referer: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1157825
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 387
last-modified: Mon, 22 Mar 2010 15:27:31 GMT
server: cloudflare
etag: "3c0020-183-4826555e19ec0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3h5%2FEfFER37%2BDrG06VcsMhJROUvkTrjVgFaAXRhonCo7lDIzGudVN5uBNXy00lJEa7ypMcfT6dFUZhPWj6Rr0HWAVQ4%2FIG6iaV1Xmhj6jKEn9l818cWWZlGzt%2BBTfpCck1RQCZhSH8Snvrq14SgBNk%2Fg"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
expires: Tue, 07 Sep 2021 12:44:11 GMT
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 68ab16e42ef84eda-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 nav_bg.jpg
www.securityweek.com/sites/all/themes/securityweek/images/ 500 B
1 KB 95ms
94ms Image
image/jpeg 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/sites/all/themes/securityweek/images/nav_bg.jpg
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21b195ce0d8efa07e31b863199d8a6802cb773e2417443e534ed8c113d8949a8

Request headers

:path: /sites/all/themes/securityweek/images/nav_bg.jpg
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.securityweek.com
referer: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1002342
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 500
last-modified: Mon, 22 Mar 2010 15:28:13 GMT
server: cloudflare
etag: "3c001b-1f4-4826558627d40"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1QOpE8vzNmDkCPWZPNLES6uPYvBHR1kXdALVzlyxJi5xokTuNwMgKeulmXuGWxvsSE32YEv8ni8n8FjSY%2FrErxQ2bd4MA0o0q2jsFQfyb6y3pbHKPhCwGvNrx8fCbIRQqZA0HDCaQW6XWL58SEpRZhFC"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
expires: Thu, 09 Sep 2021 07:55:34 GMT
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 68ab16e42ef94eda-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 menu-expanded.gif
www.securityweek.com/sites/all/themes/securityweek/images/icons/ 183 B
852 B 99ms
98ms Image
image/gif 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/sites/all/themes/securityweek/images/icons/menu-expanded.gif
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa76185f417cf85d7029b35e3a6544d4495402e17f76a32633b5ba80a81faa26

Request headers

:path: /sites/all/themes/securityweek/images/icons/menu-expanded.gif
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.securityweek.com
referer: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 88575
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 183
last-modified: Mon, 22 Mar 2010 15:27:50 GMT
server: cloudflare
etag: "3c002a-b7-4826557038980"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XAJq5Ckh2dc0l7W35%2FTykPDi%2B7CnnQjDofGDEX36Vt1MtJItCOuPaflZqGHuB6zyNksZZBoVf95t%2FhTIymwHzNl6FVGvNmtI1L0TGoZonvGqjEm6JXLnFvGi3PVqbEV6fb4v0CLSQNiNP7WyJ7YRenrs"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
expires: Sun, 19 Sep 2021 21:45:02 GMT
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 68ab16e578ed4eda-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 line_dotted.jpg
www.securityweek.com/sites/all/themes/securityweek/images/ 3 KB
4 KB 92ms
92ms Image
image/jpeg 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/sites/all/themes/securityweek/images/line_dotted.jpg
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55851ffd45a0a3e9abd9c2ac844eba1efd50272a39360d0f3b396d26a7d0bfc8

Request headers

:path: /sites/all/themes/securityweek/images/line_dotted.jpg
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674; SESSae1377f0cbe7278b70a9339b7853afbd=c69783553ea10ea28a753c4d2b165f0b
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.securityweek.com
referer: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 924611
cf-polished: origSize=3724
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 3165
last-modified: Sun, 15 Jan 2012 05:43:31 GMT
server: cloudflare
etag: "3c001c-e8c-4b68a93f6a6c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UCo%2FCh7iJL4hHxrD7lxGdO10mZrp%2BGIYGD18pvBbPOwHMgQvDdKmgJgndszkHRHgg%2BKwl1BP667cJTQQ8dEnNlmqzY8oIOUI92uTmYbCtUUCU8MQwGmwAd99zCeL1o%2Bh8iO1SaO9u8Qg9LJLBYcmAN5c"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
expires: Fri, 10 Sep 2021 05:31:06 GMT
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 68ab16e5f9af4eda-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 bullet.jpg
www.securityweek.com/sites/all/themes/securityweek/images/ 2 KB
3 KB 114ms
112ms Image
image/jpeg 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/sites/all/themes/securityweek/images/bullet.jpg
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ffad58a307aa1ac6baff90296c8edc9db313f888876bc2ad453be4db8d01bf9

Request headers

:path: /sites/all/themes/securityweek/images/bullet.jpg
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.securityweek.com
referer: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 88574
cf-polished: origSize=2285
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1901
last-modified: Sun, 15 Jan 2012 05:30:46 GMT
server: cloudflare
etag: "3c0019-8ed-4b68a665dad80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h08nV5HtQ4FNEN1Wbdw1AMnST0PIKMzXtUS1gcRH31kx3L6qF4dZu4n50yWw6TMELhRmvcttIOdLi27N6fQu0WF6x2qz3D3kH8Q70WpZTntF4HU0WSbBaD2KH1mFmbYZwx%2FeJOh%2BTJCmU8FixY%2FdKU9r"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
expires: Sun, 19 Sep 2021 21:45:02 GMT
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 68ab16e42f014eda-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 subscribe-btn.gif
www.securityweek.com/sites/all/themes/securityweek/images/ 2 KB
3 KB 113ms
112ms Image
image/gif 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/sites/all/themes/securityweek/images/subscribe-btn.gif
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4986aea94d23482c38fb06749a6a5c5c6ab95db97aa3bcc9feaf7eda6cbf6626

Request headers

:path: /sites/all/themes/securityweek/images/subscribe-btn.gif
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.securityweek.com
referer: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:16 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1002342
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 2249
last-modified: Tue, 25 Jan 2011 04:28:42 GMT
server: cloudflare
etag: "3c0021-8c9-49aa426bbd280"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=szKr0qkw9Le4UYnmxoIL5EyBBmDhXyEwAJ5kOtq6BU3cqz0VQriIi4JqP6YKwckFlZtgaqRUzuk%2Fzii7gq%2B4yYdQuIb1NoSKbNNa0SvmU4SmddGzhs35rFGSVtg7%2BR7k9vxqahnzfaxmLaxHj6jbK8GD"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
expires: Thu, 09 Sep 2021 07:55:34 GMT
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 68ab16e42efd4eda-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 footer_bg.jpg
www.securityweek.com/sites/all/themes/securityweek/images/ 510 B
1 KB 92ms
91ms Image
image/jpeg 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/sites/all/themes/securityweek/images/footer_bg.jpg
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3e4a85296d37106cff5d646be0fabf370fd83a9b133c3aaf41e6ffb73d108366

Request headers

:path: /sites/all/themes/securityweek/images/footer_bg.jpg
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674; SESSae1377f0cbe7278b70a9339b7853afbd=c69783553ea10ea28a753c4d2b165f0b
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.securityweek.com
referer: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 88575
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 510
last-modified: Mon, 22 Mar 2010 15:27:23 GMT
server: cloudflare
etag: "3c0015-1fe-4826555678cc0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wo%2FRBkM7qoB8seLr2aK3gclus%2BtDArw2QctBxET0unVOoQtiB%2BLOn3gU2rXGBwpFEHTvKWz7cUQDCr09C4RmF%2B08oHzIa5zk59pUqg4AjU%2FzTi4FPWRHqLEzf%2B5wYZ9pKP5%2FshMnqoc0nSyPtaeu0tTX"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
expires: Sun, 19 Sep 2021 21:45:02 GMT
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 68ab16e5f9b04eda-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 footer_partition.jpg
www.securityweek.com/sites/all/themes/securityweek/images/ 412 B
1 KB 91ms
91ms Image
image/jpeg 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/sites/all/themes/securityweek/images/footer_partition.jpg
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3d77a9a71769ddc2a85524914671fb1d031132a8e37366440a4b6b01d7ad0025

Request headers

:path: /sites/all/themes/securityweek/images/footer_partition.jpg
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674; SESSae1377f0cbe7278b70a9339b7853afbd=c69783553ea10ea28a753c4d2b165f0b
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.securityweek.com
referer: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 88575
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 412
last-modified: Mon, 22 Mar 2010 15:27:29 GMT
server: cloudflare
etag: "3c000f-19c-4826555c31a40"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t08swKmpCr1lXH851HVA2u8pL7E8dXWIkajA%2F4AmBtDajq2W%2FrWJEvvSQflKM1pa2KQoNKxTN7lAsHuuCppMAoZPFFfkoCaxxM1oajNjPaJoCfKKns3Uwq2o9jCFr19fEn99VZY%2BuITY0gqdyVcUpkzu"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
expires: Sun, 19 Sep 2021 21:45:02 GMT
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 68ab16e5f9b34eda-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 footer_h3_dotted.jpg
www.securityweek.com/sites/all/themes/securityweek/images/ 1 KB
2 KB 104ms
104ms Image
image/jpeg 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/sites/all/themes/securityweek/images/footer_h3_dotted.jpg
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11789957fc00eda3630397edd31ee6a5575a997ab4334d79b655b3830ab4caf4

Request headers

:path: /sites/all/themes/securityweek/images/footer_h3_dotted.jpg
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674; SESSae1377f0cbe7278b70a9339b7853afbd=735e7d45a2e33ef136b52a976958b1ef
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.securityweek.com
referer: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 924611
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1026
last-modified: Mon, 22 Mar 2010 15:27:27 GMT
server: cloudflare
etag: "3c001d-402-4826555a495c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FFcokzgzYmoIxQPlsU81Okj6X0CMXWFhIfqGbpGRAPpJIjzTkUFqlIoPAiL%2FBiplcf3kxigLi7hHzTSW41NyezIPizgDEN9hRcIX0slyp8CAUD%2FRvUqbm0K3Lfd3JVMGjE92VcDSQCGbDmDoOGuc2GEm"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
expires: Fri, 10 Sep 2021 05:31:06 GMT
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 68ab16e77bc14eda-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 footer_bullet.gif
www.securityweek.com/sites/all/themes/securityweek/images/ 58 B
730 B 99ms
99ms Image
image/gif 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.securityweek.com/sites/all/themes/securityweek/images/footer_bullet.gif
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f1298490f294128f086689a5654a8340ea9ec7c20c8e97f811590d5313edc9e

Request headers

:path: /sites/all/themes/securityweek/images/footer_bullet.gif
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674; SESSae1377f0cbe7278b70a9339b7853afbd=735e7d45a2e33ef136b52a976958b1ef
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.securityweek.com
referer: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/sites/default/files/css/css_997d6f0b4b88c41604ed9858d195eeec.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1002343
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 58
last-modified: Mon, 22 Mar 2010 15:27:25 GMT
server: cloudflare
etag: "3c001e-3a-4826555861140"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=83GLPOuTT9m5rMgNkWJbaGP%2BrSddD%2F4%2BgDHeqq2iOznKfqxONvHwP%2B%2BvzjtPdeW6Wnpgmw9FC93%2ByY2mgqwA1Q7onpr7wL9V8Yc5%2FS7AHmDlgglV6BX0CV8cHiG2mjAvV4tmqCcCyRowof6j8fCqTR2y"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
expires: Thu, 09 Sep 2021 07:55:34 GMT
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 68ab16e77bc44eda-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 init.js Show response
www.securityweek.com/sites/all/modules/custom_control/misc/ 1 KB
1 KB 225ms
225ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/sites/all/modules/custom_control/misc/init.js?1630943828
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 05f4004f999652bf4c69b8b17fd4813363473fabcf89c056d3da5a6d8eac0555

Request headers

:path: /sites/all/modules/custom_control/misc/init.js?1630943828
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674; SESSae1377f0cbe7278b70a9339b7853afbd=c69783553ea10ea28a753c4d2b165f0b
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.securityweek.com
referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:17 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 22 Mar 2018 21:18:02 GMT
server: cloudflare
etag: W/"3c0d00-44d-56806d7baf680"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3dEYPSr%2F8Z03BlN2mJZzsApYWyh7CIig5IlKAV1dNrVA9Rq9ay9ZXZMdF04WGolIAbQufcXwGBJo89H1UMQ%2FCpD4RCsedLvfOe6B3RTz8SEThOf8BbHbN5fE62dALnmBtSqrStCGw6dziA4U7pVW1ZB1"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1209600
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 68ab16e609b54eda-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Mon, 20 Sep 2021 22:21:17 GMT

GET
H3-29 200 js_5c872655cdc164e33a0bfec2301de02c.js Show response
www.securityweek.com/sites/default/files/js/ 785 B
1 KB 94ms
93ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/sites/default/files/js/js_5c872655cdc164e33a0bfec2301de02c.js
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8df0ba2d8af3e602eaba8677fe2c57228955b28868c91c2850a4c3c1ad8c7f68

Request headers

:path: /sites/default/files/js/js_5c872655cdc164e33a0bfec2301de02c.js
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674; SESSae1377f0cbe7278b70a9339b7853afbd=c69783553ea10ea28a753c4d2b165f0b
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.securityweek.com
referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 350316
cf-polished: origSize=1094
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 02 Sep 2021 21:01:53 GMT
server: cloudflare
etag: W/"3a0018-446-5cb097e10ff5e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VX%2BeJSyES%2FdgcADOi%2Fh4JfnwnRiEKRhy5QBzpyp%2FSKyM2vjbxyZDzVCa51B5HRUg%2B%2BA5Cdqz2mKbU5BaewS2fVRH24AOy9MHw6H7vtw8l7pOwRcIXVXtWUo1DwEQuBjQBK3URPSRHlNLGM5CiGMbJPvO"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1209600
cf-ray: 68ab16e609b64eda-FRA
expires: Thu, 16 Sep 2021 21:02:41 GMT

GET
H2 200 dcmads.js Show response
www.googletagservices.com/dcm/ 9 KB
4 KB 463ms
146ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

37bfceb04cc7a18df0c1da8269c382b3b088e870ab39a0987ae17a54589b2dba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 21:43:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2248
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4105
x-xss-protection: 0
last-modified: Wed, 04 Aug 2021 13:52:44 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 06 Sep 2021 22:43:49 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 96 KB
29 KB 558ms
138ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BE) /
Resource Hash: 8db61f95a8f3554830efc6c3942b7322efef09b9d7f0cbfe32135e0fac106d18

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Mon, 06 Sep 2021 22:21:17 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 714
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Content-Length: 28872
x-tw-cdn: VZ
Last-Modified: Mon, 02 Aug 2021 20:34:57 GMT
Server: ECS (frb/67BE)
Etag: "d405b816322f9770c70cbd10cfa87be4+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800

GET
H/1.1 200
OK in.js Show response
platform.linkedin.com/ 201 KB
61 KB 161ms
25ms Script
text/javascript 2a02:26f0:10c::5f64:c15a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.linkedin.com/in.js
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c::5f64:c15a Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Play /
Resource Hash: 1ade44855aea3dae78b47f39d5442fd06d245d7b5e2b8e64315075eaf8d1a569

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

X-LI-UUID: YWzSi79aohaw38Z58yoAAA==
Date: Mon, 06 Sep 2021 22:21:17 GMT
Content-Encoding: gzip
X-CDN-CLIENT-IP-VERSION: IPV6
Server: Play
X-Li-Pop: prod-edc2
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Cache-Control: public, max-age=3600
Connection: keep-alive
X-LI-Proto: http/1.1
Content-Length: 62393
X-CDN: AKAM
X-Li-Fabric: prod-lor1
Expires: Mon, 6 Sep 2021 23:03:14 GMT

GET
H3-29 200 js_4d9d54174768ed0e99327e5cf04e32a5.js Show response
www.securityweek.com/sites/default/files/js/ 69 KB
28 KB 94ms
93ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/sites/default/files/js/js_4d9d54174768ed0e99327e5cf04e32a5.js
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1098ef7fef25a8fd6eac7dbf1442047062c4d1400c601f8ff843742c61de640c

Request headers

:path: /sites/default/files/js/js_4d9d54174768ed0e99327e5cf04e32a5.js
pragma: no-cache
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674; SESSae1377f0cbe7278b70a9339b7853afbd=c69783553ea10ea28a753c4d2b165f0b
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.securityweek.com
referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 350316
cf-polished: origSize=90975
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 02 Sep 2021 21:01:53 GMT
server: cloudflare
etag: W/"3a0014-1635f-5cb097e10ebd6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jpd9AN8eVBGAg1fzGb67CH%2Flaqmjk3bGK8v2f1kOtr7G%2BATjOhCuwGXMjJsNLjEA28XcJnZi0vzOk9hi9un7VxRW2ue%2FdvPCqf14XKuNEqXugSW482yXky7L6drqKtIxhSqGheiC90g%2B8LQ%2F6nWiFAoD"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1209600
cf-ray: 68ab16e609b94eda-FRA
expires: Thu, 16 Sep 2021 21:02:41 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 70 KB
25 KB 154ms
154ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.securityweek.com
URL: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29d3c4400d8e49ca204c37af1f5b7a9037e02014e7db5a8ac10e27b93c83dbdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "980 / 32 of 1000 / last-modified: 1630706924"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24933
x-xss-protection: 0
expires: Mon, 06 Sep 2021 22:21:17 GMT

GET
H2 200 app.js Show response
ads.securityweek.com/ 55 KB
11 KB 676ms
170ms Script
application/javascript 185.198.189.48
Global ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.securityweek.com/app.js
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.198.189.48 London, United Kingdom, ASN62240 (CLOUVIDER Clouvider - Global ASN, GB),
Reverse DNS
Software: nginx /
Resource Hash: d667eb81ed1272cb8be644bb1277bd4a3b2a38adf5a134e68ada86c5414220f6

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:18 GMT
content-encoding: gzip
last-modified: Fri, 13 Aug 2021 18:07:34 GMT
server: nginx
etag: W/"6116b4e6-da29"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=1800
expires: Mon, 06 Sep 2021 22:51:18 GMT

GET
H2 200 plusone.js Show response
apis.google.com/js/ 54 KB
21 KB 285ms
121ms Script
application/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/plusone.js

Requested by

Host: www.securityweek.com
URL: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

92c171ba5806e8e3bd6d4cec2267a87aace951654b0ba5877a45633e593c5642

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-RtoNmsYVbIdWYSf3pnn9cg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
x-frame-options: SAMEORIGIN
etag: "79fa035d59aae046b5eec1ee2a8a5b4b"
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-RtoNmsYVbIdWYSf3pnn9cg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
expires: Mon, 06 Sep 2021 22:21:17 GMT

GET
H/1.1 200
OK in.js Show response
platform.linkedin.com/ 201 KB
61 KB 13ms
12ms Script
text/javascript 2a02:26f0:10c::5f64:c15a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.linkedin.com/in.js
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c::5f64:c15a Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Play /
Resource Hash: 1ade44855aea3dae78b47f39d5442fd06d245d7b5e2b8e64315075eaf8d1a569

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

X-LI-UUID: YWzSi79aohaw38Z58yoAAA==
Date: Mon, 06 Sep 2021 22:21:17 GMT
Content-Encoding: gzip
X-CDN-CLIENT-IP-VERSION: IPV6
Server: Play
X-Li-Pop: prod-edc2
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Cache-Control: public, max-age=3600
Connection: keep-alive
X-LI-Proto: http/1.1
Content-Length: 62393
X-CDN: AKAM
X-Li-Fabric: prod-lor1
Expires: Mon, 6 Sep 2021 23:03:14 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 96 KB
29 KB 134ms
134ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BE) /
Resource Hash: 8db61f95a8f3554830efc6c3942b7322efef09b9d7f0cbfe32135e0fac106d18

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Mon, 06 Sep 2021 22:21:17 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 714
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Content-Length: 28872
x-tw-cdn: VZ
Last-Modified: Mon, 02 Aug 2021 20:34:57 GMT
Server: ECS (frb/67BE)
Etag: "d405b816322f9770c70cbd10cfa87be4+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800

GET
H2 200 pubads_impl_2021083101.js Show response
securepubads.g.doubleclick.net/gpt/ 333 KB
117 KB 355ms
129ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

sffe /

Resource Hash

821bdc4f69b0d71c8ee65e9e97c232e0a127004991b92133da9019dbe8f90047

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 31 Aug 2021 08:39:05 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119248
x-xss-protection: 0
expires: Mon, 06 Sep 2021 22:21:18 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 76 B
733 B 348ms
124ms XHR
application/json 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.securityweek.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

cafe /

Resource Hash

284432b6c1497da4c99863248d0f22d7602d82642c6abb62d1441f771e87d795

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 06 Sep 2021 22:21:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 76
x-xss-protection: 0
expires: Mon, 06 Sep 2021 22:21:18 GMT

GET
H3-29 200 impl_v78.js Show response
www.googletagservices.com/dcm/ 37 KB
15 KB 231ms
112ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v78.js

Requested by

Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07000140ab52c28ef2a522fae638638b2783786e8e2ae8cb883cc1f0a0c00df0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 10:18:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 129754
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15595
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 17:50:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 05 Sep 2022 10:18:44 GMT

GET
H3-29 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.UYHeVG_mX5s.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCPDcESMLF74mIvk5CKxuCjzYIf5XA/ 149 KB
51 KB 418ms
147ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.UYHeVG_mX5s.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCPDcESMLF74mIvk5CKxuCjzYIf5XA/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b2487b91b81877d82ce166be25f03c9c5b55dbbf6912385c5c72a1fac44d664f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 12:32:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 121730
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52479
x-xss-protection: 0
last-modified: Mon, 23 Aug 2021 18:17:31 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Mon, 05 Sep 2022 12:32:28 GMT

GET
H3-29 200 cb=gapi.loaded_1 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.UYHeVG_mX5s.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCPDcESMLF74mIvk5CKxuCjzYIf5XA/ 96 KB
33 KB 466ms
196ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.UYHeVG_mX5s.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCPDcESMLF74mIvk5CKxuCjzYIf5XA/cb=gapi.loaded_1

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a6f0fdd079cd2bb0fa098f60d11b5823666a6b78e1c79bdb3302e4dd1325dba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 08:10:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 310231
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34107
x-xss-protection: 0
last-modified: Mon, 23 Aug 2021 18:17:31 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 Sep 2022 08:10:47 GMT

GET
H3-29 404 fastbutton Show response
apis.google.com/u/0/se/0/_/+1/ Frame 4AB9 2 KB
2 KB 407ms
143ms Document
text/html 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&origin=https%3A%2F%2Fwww.securityweek.com&url=https%3A%2F%2Fwww.securityweek.com%2Fapt-group-using-voice-changing-software-spear-phishing-campaign&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.UYHeVG_mX5s.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCPDcESMLF74mIvk5CKxuCjzYIf5XA%2Fm%3D__features__
Requested by: Host: apis.google.com
URL: https://apis.google.com/js/plusone.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: ac15d1868a55adcea61641c78efbb86feda3a65882f21bfe9fedd7348fb54be8

Request headers

:method: GET
:authority: apis.google.com
:scheme: https
:path: /u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&origin=https%3A%2F%2Fwww.securityweek.com&url=https%3A%2F%2Fwww.securityweek.com%2Fapt-group-using-voice-changing-software-spear-phishing-campaign&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.UYHeVG_mX5s.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCPDcESMLF74mIvk5CKxuCjzYIf5XA%2Fm%3D__features__
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.securityweek.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=223=gO7TpPPQh2NlR3pYqKfo_KGt_tnFgopCFvjnnl65ieHot9wvcibE26yOyLV1pJbor5WjY-XMrvGbKe92_YX_TPXKFSop-ekMN6RbxO_sJuqGXwwNjIp7F5kKit3fj_dOpX2P6wYUUL254q8rirGTnS2Ol3WXA_DWKHq8Du5l-kg
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.securityweek.com/

Response headers

content-type: text/html; charset=UTF-8
referrer-policy: no-referrer
content-length: 1585
date: Mon, 06 Sep 2021 22:21:18 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 404 fastbutton Show response
apis.google.com/u/0/se/0/_/+1/ Frame BD6C 2 KB
2 KB 399ms
137ms Document
text/html 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&origin=https%3A%2F%2Fwww.securityweek.com&url=https%3A%2F%2Fwww.securityweek.com%2Fapt-group-using-voice-changing-software-spear-phishing-campaign&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.UYHeVG_mX5s.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCPDcESMLF74mIvk5CKxuCjzYIf5XA%2Fm%3D__features__
Requested by: Host: apis.google.com
URL: https://apis.google.com/js/plusone.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: ac15d1868a55adcea61641c78efbb86feda3a65882f21bfe9fedd7348fb54be8

Request headers

:method: GET
:authority: apis.google.com
:scheme: https
:path: /u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&origin=https%3A%2F%2Fwww.securityweek.com&url=https%3A%2F%2Fwww.securityweek.com%2Fapt-group-using-voice-changing-software-spear-phishing-campaign&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.UYHeVG_mX5s.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCPDcESMLF74mIvk5CKxuCjzYIf5XA%2Fm%3D__features__
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.securityweek.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=223=gO7TpPPQh2NlR3pYqKfo_KGt_tnFgopCFvjnnl65ieHot9wvcibE26yOyLV1pJbor5WjY-XMrvGbKe92_YX_TPXKFSop-ekMN6RbxO_sJuqGXwwNjIp7F5kKit3fj_dOpX2P6wYUUL254q8rirGTnS2Ol3WXA_DWKHq8Du5l-kg
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.securityweek.com/

Response headers

content-type: text/html; charset=UTF-8
referrer-policy: no-referrer
content-length: 1585
date: Mon, 06 Sep 2021 22:21:18 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 B26053297.307467969;dc_ver=78.226;dc_eid=44728098;sz=300x250;u_sd=1;nel=1;dc_adk=247172433;ord=wzqcto;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2Cnull%5D;dc_rfl=0,ht... Show response
ad.doubleclick.net/ddm/adj/N1116303.761843SECURITYWEEK.COM/ 39 KB
20 KB 395ms
156ms Script
text/javascript 142.250.186.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N1116303.761843SECURITYWEEK.COM/B26053297.307467969;dc_ver=78.226;dc_eid=44728098;sz=300x250;u_sd=1;nel=1;dc_adk=247172433;ord=wzqcto;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2Cnull%5D;dc_rfl=0,https%3A%2F%2Fwww.securityweek.com%2Fapt-group-using-voice-changing-software-spear-phishing-campaign$0;xdt=0;crlt=4SM*nnk3mW;sttr=273;prcl=s

Requested by

Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f6.1e100.net

Software

cafe /

Resource Hash

e554e4e2d813746a2f237a641eee6369031b73ca2d3901c4ad4416489ae2dfb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Sep 2021 22:21:18 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19798
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ;ID=179018;size=728x188;setID=477489;type=async;domid=placement_477489_0;place=0;pid=289478;sw=1600;sh=1200;spr=1;rnd=289478;referrer=https%3A%2F%2Fwww.securityweek.com%2Fapt-group-using-voice-chan... Show response
ads.securityweek.com/adserve/ 714 B
960 B 138ms
138ms Script
application/x-javascript 185.198.189.48
Global ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.securityweek.com/adserve/;ID=179018;size=728x188;setID=477489;type=async;domid=placement_477489_0;place=0;pid=289478;sw=1600;sh=1200;spr=1;rnd=289478;referrer=https%3A%2F%2Fwww.securityweek.com%2Fapt-group-using-voice-changing-software-spear-phishing-campaign;click=CLICK_MACRO_PLACEHOLDER
Requested by: Host: ads.securityweek.com
URL: https://ads.securityweek.com/app.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.198.189.48 London, United Kingdom, ASN62240 (CLOUVIDER Clouvider - Global ASN, GB),
Reverse DNS
Software: nginx /
Resource Hash: 89a3535bdee177c1e19ca0ed78417c8470f5c3dd3d95e88f97d7d608ef267abd

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Sep 2021 22:21:18 GMT
server: nginx
p3p: CP="ALL DSP COR CUR ADMi DEVi CONi TELi OUR BUS UNI PRE"
access-control-allow-origin: *
cache-control: post-check=0, pre-check=0
access-control-allow-credentials: true
content-type: application/x-javascript
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ;libID=3225928
ads.securityweek.com/getad.img/ 171 KB
172 KB 140ms
139ms Image
image/gif 185.198.189.48
Global ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.securityweek.com/getad.img/;libID=3225928
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.198.189.48 London, United Kingdom, ASN62240 (CLOUVIDER Clouvider - Global ASN, GB),
Reverse DNS
Software: nginx /
Resource Hash: e24d3af875787facd05baa84d7ab1a09af2c72f0ce2899028054634b8ca4398f

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:18 GMT
last-modified: Tue, 31 Aug 2021 09:03:53 GMT
server: nginx
etag: "612df079-2ad11"
content-type: image/gif
access-control-allow-origin: https://www.securityweek.com
cache-control: max-age=31536000
access-control-allow-credentials: true
content-disposition: inline; filename="GIF_Security-Week-970x250.gif"
accept-ranges: bytes
content-length: 175377
expires: Tue, 06 Sep 2022 15:21:18 PDT

GET
H2 200 googlelogo_color_150x54dp.png
www.google.com/images/branding/googlelogo/1x/ Frame BD6C 3 KB
3 KB 65ms
63ms Image
image/png 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png

Requested by

Host: apis.google.com
URL: https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&origin=https%3A%2F%2Fwww.securityweek.com&url=https%3A%2F%2Fwww.securityweek.com%2Fapt-group-using-voice-changing-software-spear-phishing-campaign&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.UYHeVG_mX5s.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCPDcESMLF74mIvk5CKxuCjzYIf5XA%2Fm%3D__features__

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dbef5e5530003b7233e944856c23d1437902a2d3568cdfd2beaf2166e9ca9139

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:18 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3170
x-xss-protection: 0
expires: Mon, 06 Sep 2021 22:21:18 GMT

GET
H2 200 googlelogo_color_150x54dp.png
www.google.com/images/branding/googlelogo/1x/ Frame 4AB9 3 KB
3 KB 72ms
71ms Image
image/png 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dbef5e5530003b7233e944856c23d1437902a2d3568cdfd2beaf2166e9ca9139

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:18 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3170
x-xss-protection: 0
expires: Mon, 06 Sep 2021 22:21:18 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
853 B 215ms
74ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.securityweek.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 06 Sep 2021 22:21:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 266ms
93ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.securityweek.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 06 Sep 2021 22:21:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 104 KB
21 KB 294ms
176ms XHR
text/plain 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3345131136931958&correlator=4143253084752748&output=ldjh&impl=fifs&eid=31062366%2C31062351%2C31062297%2C31062312&vrg=2021083101&ptt=17&sc=1&sfv=1-0-38&ecs=20210906&iu_parts=1009451%2C300x250-Lower%2C300x600-Right-Side%2C728x90-Bottom%2CSecurityWeek-Splash-640x480%2CSecurityWeek_Home_Top_728x90%2CSecurityWeek_Home_Top_Right_300x250%2CRSA-ThreatInsights-300x600%2CRSA-ThreatInsights-728x90&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7%2C%2F0%2F8&prev_iu_szs=300x250%2C300x600%2C728x90%2C640x480%2C728x90%2C300x250%2C300x600%2C728x90&cookie_enabled=1&bc=31&abxe=1&lmt=1630943828&dt=1630966878455&dlt=1630966876432&idt=2000&frm=20&biw=1600&bih=1200&oid=2&adxs=-9%2C993%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9&adys=-9%2C612%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9&adks=2099535745%2C3057893268%2C1175233209%2C4168261516%2C3429238268%2C2944426297%2C4131204049%2C771541050&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&flash=0&url=https%3A%2F%2Fwww.securityweek.com%2Fapt-group-using-voice-changing-software-spear-phishing-campaign&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x-1%7C303x610%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1&msz=0x-1%7C300x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1&ga_vid=1912559762.1630966878&ga_sid=1630966878&ga_hid=1427031433&ga_fc=false&fws=2%2C4%2C2%2C2%2C2%2C2%2C2%2C2&ohw=0%2C998%2C0%2C0%2C0%2C0%2C0%2C0&btvi=-1%7C0%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

cafe /

Resource Hash

785b3c62235c9521e658909432f75b8af2518fc92272806d05df2c01817a5f29

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:18 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2,-2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21108
x-xss-protection: 0
google-lineitem-id: -2,5695869511,-2,81272401,-2,-2,4506530349,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2,138361658065,-2,30583699681,-2,-2,138360444774,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.securityweek.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
9e262824252b4bf4dca5902a4e2b2e41.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6A73 6 KB
3 KB 368ms
71ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9e262824252b4bf4dca5902a4e2b2e41.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 9e262824252b4bf4dca5902a4e2b2e41.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.securityweek.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.securityweek.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Mon, 06 Sep 2021 22:21:18 GMT
expires: Tue, 06 Sep 2022 22:21:18 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ 122 KB
37 KB 142ms
141ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N1116303.761843SECURITYWEEK.COM/B26053297.307467969;dc_ver=78.226;dc_eid=44728098;sz=300x250;u_sd=1;nel=1;dc_adk=247172433;ord=wzqcto;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2Cnull%5D;dc_rfl=0,https%3A%2F%2Fwww.securityweek.com%2Fapt-group-using-voice-changing-software-spear-phishing-campaign$0;xdt=0;crlt=4SM*nnk3mW;sttr=273;prcl=s

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:18 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Mon, 06 Sep 2021 22:21:18 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210901/r20110914/elements/html/ 8 KB
4 KB 239ms
77ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210901/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:12:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 526
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 20 Sep 2021 22:12:32 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ 0
545 B 385ms
145ms Ping
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstm6FFojJpJjLkC2BmzmY5j-C2GcaNOAuYWcMUuxdScTzlol9goxqCE-LZVWVD8L5dUOy5HYWkMUKQzpzrruqIetjEQ_LqyTO2YXFGRi-yq28qJtjJ3sJ72-CY9MSlbbcsqWqgY_Zr1&sig=Cg0ArKJSzI9_ZLsw2fZCEAE&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=0&cbvp=1&cisv=r20210901.99717&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Mon, 06 Sep 2021 22:21:18 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ 41 KB
15 KB 278ms
94ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 10:19:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 129685
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 05 Sep 2022 10:19:53 GMT

GET
H2 200 7442978727685881197
s0.2mdn.net/simgad/ 372 KB
372 KB 250ms
79ms Image
image/gif 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/7442978727685881197

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1c224a48da3fe6b243da8d4a6e2fe90c526ce3014952b08e6f37bdba28a2dcf2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 05:53:22 GMT
x-content-type-options: nosniff
age: 59276
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 380767
x-xss-protection: 0
last-modified: Thu, 22 Jul 2021 19:45:25 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 06 Sep 2022 05:53:22 GMT

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 409ms
133ms Script
text/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: www.securityweek.com
URL: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 5643
date: Mon, 06 Sep 2021 20:47:15 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Mon, 06 Sep 2021 22:47:15 GMT

GET embed.js
securityweek.disqus.com/ 0
0

GET
H2

200

google_custom_search_watermark.gif
cse.google.com/coop/intl/en/images/
Redirect Chain

https://www.google.com/coop/intl/en/images/google_custom_search_watermark.gif
https://cse.google.com/coop/intl/en/images/google_custom_search_watermark.gif

2 KB
2 KB

223ms
72ms

Image
image/gif

2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cse.google.com/coop/intl/en/images/google_custom_search_watermark.gif

Requested by

Host: www.securityweek.com
URL: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

pfe /

Resource Hash

4b4b65dc5e87ed8215fb3d74834cd100069e7eb8aaf903a4665e26079fb0777d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:15:03 GMT
x-content-type-options: nosniff
last-modified: Wed, 08 Feb 2012 18:07:38 GMT
server: pfe
age: 375
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: public, max-age=1800
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2024
x-xss-protection: 0
expires: Mon, 06 Sep 2021 22:45:03 GMT

Redirect headers

date: Mon, 06 Sep 2021 21:52:09 GMT
x-content-type-options: nosniff
server: sffe
age: 1749
content-type: text/html; charset=UTF-8
location: https://cse.google.com/coop/intl/en/images/google_custom_search_watermark.gif
cache-control: public, max-age=1800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 274
x-xss-protection: 0
expires: Mon, 06 Sep 2021 22:22:09 GMT

GET ad.html
www.securityweek.com/ Frame D6CE 0
0

GET
H3-29 200 ad.html Show response
www.securityweek.com/ Frame 060E 1 KB
1 KB 589ms
588ms Document
text/html 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securityweek.com/ad.html
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 72b0deadf1b32374504bb51f264d4b10fe071ec70b82414896371619ba0ba9ce

Request headers

:method: GET
:authority: www.securityweek.com
:scheme: https
:path: /ad.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SESSc3f2c9572aa8f3f5ea6f60501affecb3=3138061102dfee06862a4a626148b674; SESSae1377f0cbe7278b70a9339b7853afbd=735e7d45a2e33ef136b52a976958b1ef; has_js=1; sessid=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign

Response headers

date: Mon, 06 Sep 2021 22:21:19 GMT
content-type: text/html
last-modified: Tue, 11 May 2021 18:31:48 GMT
cache-control: max-age=1209600
expires: Mon, 20 Sep 2021 22:21:19 GMT
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pHEF3OtmCIhM00sN%2FKFG5pzE4ozmjvKi0AR%2FkBx7YdS5pnsmP%2FOudU0MafHrdfJC5PIzPpzmXzKDWpI7mgonaYevjpqI4sy2Vhl7VWz80PDXozFcpVuieoe317uHMx4QwID6H%2FbSxnPaokbSgJ6x8Kq%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 68ab16efaeee4eda-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H/1.1 200
OK widget_iframe.f88235f49a156f8b4cab34c7bc1a0acc.html Show response
platform.twitter.com/widgets/ Frame 1CBE 319 KB
103 KB 130ms
130ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.f88235f49a156f8b4cab34c7bc1a0acc.html?origin=https%3A%2F%2Fwww.securityweek.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67D5) /
Resource Hash: c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.securityweek.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.securityweek.com/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 362436
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Mon, 06 Sep 2021 22:21:18 GMT
Etag: "8321d7cf58d70200c1423dfa0bca40f6+gzip"
Last-Modified: Mon, 02 Aug 2021 20:33:53 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67D5)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105433

GET
H2 200 postmessageRelay Show response
accounts.google.com/o/oauth2/ Frame 5BA1 566 B
877 B 454ms
170ms Document
text/html 2a00:1450:4001:828::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.securityweek.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.UYHeVG_mX5s.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCPDcESMLF74mIvk5CKxuCjzYIf5XA%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.UYHeVG_mX5s.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCPDcESMLF74mIvk5CKxuCjzYIf5XA/cb=gapi.loaded_1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9aba25433f2e172a914184811973e96b4884f77c8f2329d6846e159c88513e87

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-5oHboWAf9YlWwlGtcP8fxw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: accounts.google.com
:scheme: https
:path: /o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.securityweek.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.UYHeVG_mX5s.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCPDcESMLF74mIvk5CKxuCjzYIf5XA%2Fm%3D__features__
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.securityweek.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=223=gO7TpPPQh2NlR3pYqKfo_KGt_tnFgopCFvjnnl65ieHot9wvcibE26yOyLV1pJbor5WjY-XMrvGbKe92_YX_TPXKFSop-ekMN6RbxO_sJuqGXwwNjIp7F5kKit3fj_dOpX2P6wYUUL254q8rirGTnS2Ol3WXA_DWKHq8Du5l-kg
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.securityweek.com/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 06 Sep 2021 22:21:19 GMT
content-security-policy: script-src 'report-sample' 'nonce-5oHboWAf9YlWwlGtcP8fxw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 50E1 0
0 148ms
148ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvsEp7sJHnViXrYjCqhwT0tZB62yEDyXZhAZkI7511_0JuTcM3600YJCCih0rQhRhxJ-VMdytxikYWVPj6zDMc0UqxGaroHttG9nHXql9J8_jRsnPHbQeEsslSbAY6Tpk24zc0dGP88K4baq2mJUIyw55DzNRbSTavDQmuf4BHdzzdxmmapt0UCs8zBMqrtOYxliQaTDO_7MtJE8x6HvzXiiA-JTee5d52ie6LpobR8x_dbhXEhB6TCezcwGdGKZBfcXBSeEx1n-7BLlfXRSeA9wP9Ujzz7MqHkx8t4cdDdC5CglN__ZtHhy9PGJfmBNHpeLvyxrNwbQtzbQPbdnvCQ&sig=Cg0ArKJSzNZBTAA54l31EAE&adurl=

Requested by

Host: www.securityweek.com
URL: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 06 Sep 2021 22:21:18 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/ Frame 50E1 18 KB
7 KB 267ms
130ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47b2e4e5ae504cbefc5c71d8bab25c4571c65321f1009411150b689dcc2901f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:18:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 186
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7645
x-xss-protection: 0
server: cafe
etag: 13200147268341533873
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 20 Sep 2021 22:18:13 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/ Frame 50E1 2 KB
1 KB 267ms
130ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:20:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 63
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 20 Sep 2021 22:20:16 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 50E1 122 KB
37 KB 143ms
143ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:18 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Mon, 06 Sep 2021 22:21:18 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 50E1 0
0 145ms
144ms Image
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaScZC0dbpAK-XQYZIHJ5ywaU39WolyLM1vUIA3wmENTJCION6WrF3eaOOiW7efGviqpgnRoM1YVQCiJ22tx8kwNXVMRmA
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H3-29 200 6787411938818801361
tpc.googlesyndication.com/simgad/ Frame 50E1 242 KB
242 KB 296ms
160ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6787411938818801361

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d37992eedde150d742556310ecee7404a944ae4915e89a50a3fc2ec188127c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 20:10:17 GMT
x-content-type-options: nosniff
age: 7862
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 247398
x-xss-protection: 0
last-modified: Tue, 31 Aug 2021 08:24:06 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 06 Sep 2022 20:10:17 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 287ms
147ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021083101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bb84689a92cf5af3b849f52905cdc247f5a957d338b8eced54681a0d95340b4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 06 Sep 2021 22:21:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8457
x-xss-protection: 0

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 1CBE 232 B
432 B 442ms
226ms Fetch
application/json 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=0f60e3726cda5a82c44201c79be186caff01da12

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.f88235f49a156f8b4cab34c7bc1a0acc.html?origin=https%3A%2F%2Fwww.securityweek.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:18 GMT
content-encoding: gzip
last-modified: Mon, 06 Sep 2021 22:21:19 GMT
server: tsa_f
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: a56ad0967f24212a6f284c088e8b5b29433ab4bc418169a7ce87084ba5878450
content-length: 166

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame A3FE 22 KB
8 KB 192ms
134ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.securityweek.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.securityweek.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Sun, 05 Sep 2021 10:19:55 GMT
expires: Mon, 05 Sep 2022 10:19:55 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 129684
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 1291055585-postmessagerelay.js Show response
ssl.gstatic.com/accounts/o/ Frame 5BA1 10 KB
5 KB 252ms
81ms Script
text/javascript 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.gstatic.com/accounts/o/1291055585-postmessagerelay.js

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.securityweek.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.UYHeVG_mX5s.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCPDcESMLF74mIvk5CKxuCjzYIf5XA%2Fm%3D__features__

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bceb42c38849f45f8eccea1ad752b5ccea22eba051598d3890607f03941e301e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 17:11:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 104996
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4306
x-xss-protection: 0
last-modified: Fri, 27 Aug 2021 00:29:47 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 05 Sep 2022 17:11:23 GMT

GET
H2 403 rpc:shindig_random.js
apis.google.com/js/ Frame 5BA1 0
0 562ms
562ms Script
text/html 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://apis.google.com/js/rpc:shindig_random.js?onload=init
Requested by: Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.securityweek.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.UYHeVG_mX5s.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCPDcESMLF74mIvk5CKxuCjzYIf5XA%2Fm%3D__features__
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H/1.1 200
OK BrightInfoVersion.aspx Show response
app.brightinfo.com/ 512 B
948 B 1400ms
252ms Script
text/javascript 168.62.202.120
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://app.brightinfo.com/BrightInfoVersion.aspx
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 168.62.202.120 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/8.0 / ASP.NET
Resource Hash: 0c6b49159486bd2c1c03647de94f05ab95b2a1abe6ca0a1d4a54a57a592bb7d5

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 06 Sep 2021 22:21:19 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: no-cache, no-store
Content-Type: text/javascript; charset=utf-8
Content-Length: 509
Expires: -1

GET
H2 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
197 B 154ms
154ms Image
image/gif 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=2008506021&utmhn=www.securityweek.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=APT%20Group%20Using%20Voice%20Changing%20Software%20in%20Spear-Phishing%20Campaign%20%7C%20SecurityWeek.Com&utmhid=1427031433&utmr=-&utmp=%2Fapt-group-using-voice-changing-software-spear-phishing-campaign&utmht=1630966879127&utmac=UA-11590534-1&utmcc=__utma%3D89563204.994935301.1630966879.1630966879.1630966879.1%3B%2B__utmz%3D89563204.1630966879.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=285867481&utmredir=1&utmu=qBAAAAAAAAAAAAAAAAAAAAAE~

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Sep 2021 22:21:19 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js Show response
pagead2.googlesyndication.com/bg/ Frame A3FE 35 KB
13 KB 156ms
74ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0cfe1534cf66865ac13a161e60ef74f768ebd78b86b894afff55660e435c182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 11:06:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40465
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13264
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 06 Sep 2022 11:06:54 GMT

GET
H3-29 200 rocket-loader.min.js Show response
www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ Frame 060E 12 KB
4 KB 89ms
89ms Script
application/javascript 2606:4700:20::6818:a003
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securityweek.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: www.securityweek.com
URL: https://www.securityweek.com/ad.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::6818:a003 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
pragma: no-cache
cookie: __utma=89563204.994935301.1630966879.1630966879.1630966879.1; __utmc=89563204; __utmz=89563204.1630966879.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=89563204.1.10.1630966879
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.securityweek.com
referer: https://www.securityweek.com/ad.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.securityweek.com/ad.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 01 Sep 2021 15:49:24 GMT
server: cloudflare
etag: W/"612fa104-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LtoFGeELqz3DDThJfNrX2bVO%2BJf21kurca6SOKg%2Fb3LYi3o8lMccY0K54CqIBCfC7ZIEEtPB95dj5p%2F9a8vC864EnierLIMAN74aBDS5TE2dZOmWLkd2lrSRxaliGOwLK93iacxxkrnCTBp%2BrZIv8kVI"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 68ab16f35bf04eda-FRA
vary: Accept-Encoding
expires: Wed, 08 Sep 2021 22:21:19 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 409ms
409ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Mon, 06 Sep 2021 22:21:19 GMT

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 50E1 0
0 265ms
149ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssXOX3plCq5NxNXc2JO8BtGKCqXYoVvqjzCJS79GvvfUKU6ecd8NmNsvaw1p1ulo9tvgFIZ-llBJ1CVEecuV5YXpk7kkmEVso6Rjx9dQE057n-rlOrM2r9xs7Ld66_hCCGvlu_qcykG7eKV83IgpwI8-4kEJbNuLMtfQ3J3MxYW6yZX2vcTa32FnJC3esJC7rVisNq-QCC6UPXP5XCx-OKvgxUUcXi82aytNn_K04KGvxMkTcc58Oiwp4OpS7sWNXMMDE3VWxDp9A4P5qTQ5pZzhr_KwjppiZAInYPQekqQ3zcgrgs8-Nr9g7obFHpQwsv-TFgh&sig=Cg0ArKJSzIEhh_sVgjnvEAE&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 06 Sep 2021 22:21:19 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 06 Sep 2021 22:21:19 GMT

GET
DATA 200
OK truncated
/ Frame 50E1 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e076d73374a77ccf80a904d8c29c0ea814558a542d4610c73e07c6eea1a997eb

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 app.js Show response
ads.securityweek.com/ Frame 060E 55 KB
11 KB 111ms
111ms Script
application/javascript 185.198.189.48
Global ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.securityweek.com/app.js
Requested by: Host: www.securityweek.com
URL: https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.198.189.48 London, United Kingdom, ASN62240 (CLOUVIDER Clouvider - Global ASN, GB),
Reverse DNS
Software: nginx /
Resource Hash: d667eb81ed1272cb8be644bb1277bd4a3b2a38adf5a134e68ada86c5414220f6

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:19 GMT
content-encoding: gzip
last-modified: Fri, 13 Aug 2021 18:07:34 GMT
server: nginx
etag: W/"6116b4e6-da29"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=1800
expires: Mon, 06 Sep 2021 22:51:19 GMT

GET
H/1.1 200
OK button.5d16ecc02fbaf599a24dfb57ab239320.js Show response
platform.twitter.com/js/ 7 KB
3 KB 135ms
135ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.5d16ecc02fbaf599a24dfb57ab239320.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BE) /
Resource Hash: 3ee8351e156e2e80d99018a585c18c0dbd9098e3bea84a131d8cbad1ec72c81e

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Mon, 06 Sep 2021 22:21:19 GMT
Content-Encoding: gzip
Last-Modified: Mon, 02 Aug 2021 20:33:39 GMT
Server: ECS (frb/67BE)
Age: 362438
Etag: "6b95f5a9a2ff4b885e2eafdf446d70d0+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 2296

GET
H2 200 ;ID=179018;size=640x480;setID=479628;type=async;domid=placement_479628_0;place=0;pid=3164795;sw=1600;sh=1200;spr=1;rnd=3164795;referrer=https%3A%2F%2Fwww.securityweek.com%2Fapt-group-using-voice-ch... Show response
ads.securityweek.com/adserve/ Frame 060E 728 B
974 B 117ms
117ms Script
application/x-javascript 185.198.189.48
Global ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.securityweek.com/adserve/;ID=179018;size=640x480;setID=479628;type=async;domid=placement_479628_0;place=0;pid=3164795;sw=1600;sh=1200;spr=1;rnd=3164795;referrer=https%3A%2F%2Fwww.securityweek.com%2Fapt-group-using-voice-changing-software-spear-phishing-campaign;click=CLICK_MACRO_PLACEHOLDER
Requested by: Host: ads.securityweek.com
URL: https://ads.securityweek.com/app.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.198.189.48 London, United Kingdom, ASN62240 (CLOUVIDER Clouvider - Global ASN, GB),
Reverse DNS
Software: nginx /
Resource Hash: 36d360e0767c9d7af7985aa993e542e656eb77948fe99778e204df537fb39d32

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Sep 2021 22:21:19 GMT
server: nginx
p3p: CP="ALL DSP COR CUR ADMi DEVi CONi TELi OUR BUS UNI PRE"
access-control-allow-origin: *
cache-control: post-check=0, pre-check=0
access-control-allow-credentials: true
content-type: application/x-javascript
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A3FE 0
20 B 113ms
113ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BAodLXpQ2YdreGIbV7_UP2MOT0A0AAAAAOAHgBAI&bg=!3t2l3ZnNAAYJpm41CaY7ACkAdvg8WpTvq-LWee8jGRtnadaJ2qojcpj6WlzN5znVV2PvR28YEJO59QIAAABCUgAAAAZoAQcKAHh4UsrHiu85C1EPLMYDJnJxbM6UawDNglAs-Eke7Ah7JEFc-CxIxff3SsbePORyaDx-t3HaXt0QvOaphCW_HiA6H3cBPCDbYdOrI6U7WBAfJ0RZgeHrL6wDTwUgVql6JQWGdTn4xrLKWWXaXP0ssgfumlRmwQjDTieZAovHMZfnZb6llkxH85Jp0s_McQYbSki4rtWF8-Dzwp_QLjBBHfeVvilPrAdmi5OAFEEu9FC2I6dKCUr71JhT-3YPAzvp8qoYDTyvENAoChCk6H63GCWboFbg1a3TEC_OyMoY46-G0PuqQDi7IJW9bl4Ez-oki1zmptgNhsvBSIIJ33rGFuIbbceBulg07CzN_tC1ZBF-GwXDUJPjemF_shrvKxd6O60z5IwRpN2mMSPCumY1vRp2fc9r6zzb4E0xI9H3dfW2m4NNAxxLf3I84_QOndcPI3LCV26XYEeW0e-uAhF-fCybugetlgviupP2vcIpSaUo8i1kV5twiDmQIU8Kcunm88arlVgs6dyPLcf5Fa2swJ-hGE5X4r9qTpCqj83Dt4v3_7lB6NBP-en-OuotDATbRX9G-dqtVlWZ77DwUr-5reIp1KrpWIlpKJB99ddTAeZUUJB59o1WEwl2FPSdHNKZ4tAucGXKDFqtouy6xlbseBiTKPXrxeJkDqXwjpn-EREXWXbtOiAhL9kwDYhOcTotv2ZZgsSk9pOaDJbWN-NDrEeLsYHFcvLIqHjMyQugCCcCnoln05tfH2923M6f4ihnEtnhzoNd-G8sLM1vfbCm4AnM4NSbjC6bcLrojyWZK2nZ85i4Numhv_ZZkQMkvNblx_HVAcbX41Sb9WDfNIk8M11nNEEfqbFwGnU2TnqHS-55GtWk4Z820FIw86UnmPKeOQoatMVU59YZNbXPwiKVD-n9FOhCj78d44_QSOXN4t7UXGe2WMcn4KHUIKAWvBra8nzrac5tyPvf4m81ggECmPLGUKGw79TOzRFv56KGkg5mWL6G-NI6FHuQAZbiRoqlVzVbmzHazFQ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Sep 2021 22:21:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK tweet_button.f88235f49a156f8b4cab34c7bc1a0acc.en.html Show response
platform.twitter.com/widgets/ Frame BDA2 32 KB
12 KB 128ms
127ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.f88235f49a156f8b4cab34c7bc1a0acc.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BE) /
Resource Hash: 06b34901b9ee1d57c9e0a37a7665c7aa77f6ab8b884cda5e8caad1c3f8b8c639

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.securityweek.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.securityweek.com/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 362437
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Mon, 06 Sep 2021 22:21:19 GMT
Etag: "909c8b457796b3e08dbae7ea22074354+gzip"
Last-Modified: Mon, 02 Aug 2021 20:33:46 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67BE)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 12257

GET
H/1.1 200
OK tweet_button.f88235f49a156f8b4cab34c7bc1a0acc.en.html Show response
platform.twitter.com/widgets/ Frame 373D 32 KB
12 KB 253ms
125ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.f88235f49a156f8b4cab34c7bc1a0acc.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BE) /
Resource Hash: 06b34901b9ee1d57c9e0a37a7665c7aa77f6ab8b884cda5e8caad1c3f8b8c639

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.securityweek.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.securityweek.com/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 362437
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Mon, 06 Sep 2021 22:21:19 GMT
Etag: "909c8b457796b3e08dbae7ea22074354+gzip"
Last-Modified: Mon, 02 Aug 2021 20:33:46 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67BE)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 12257

GET
H2 200 ;libID=3197141
ads.securityweek.com/getad.img/ Frame 060E 322 KB
323 KB 110ms
110ms Image
image/png 185.198.189.48
Global ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.securityweek.com/getad.img/;libID=3197141
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.198.189.48 London, United Kingdom, ASN62240 (CLOUVIDER Clouvider - Global ASN, GB),
Reverse DNS
Software: nginx /
Resource Hash: a63c717d241f691c6d189bde3dbc07f5ff7af6c2a928f36b78dcd0bef19714ba

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:21:19 GMT
last-modified: Tue, 27 Jul 2021 02:03:14 GMT
server: nginx
etag: "60ff6962-50844"
content-type: image/png
access-control-allow-origin: https://www.securityweek.com
cache-control: max-age=31536000
access-control-allow-credentials: true
content-disposition: inline; filename="CISO_Forum-640x480-Date.png"
accept-ranges: bytes
content-length: 329796
expires: Tue, 06 Sep 2022 15:21:19 PDT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame DAE3 12 KB
5 KB 132ms
131ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.securityweek.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.securityweek.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Mon, 06 Sep 2021 20:09:40 GMT
expires: Tue, 06 Sep 2022 20:09:40 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 7899
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame CCA0 783 B
536 B 127ms
127ms Document
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8f90a387bf870558e96f92c67b397f6fd856ab2a45d69820f9cf4455be91e594

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-eazUF0zH4/JKpX4vRJOFvg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.securityweek.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.securityweek.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 06 Sep 2021 22:21:19 GMT
date: Mon, 06 Sep 2021 22:21:19 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-eazUF0zH4/JKpX4vRJOFvg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame BDA2 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 373D 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-29 200 rWlMBfa9MpU8odUgYO2XS-jQK_KO9aJyNzJvjgjzx8o.js Show response
pagead2.googlesyndication.com/bg/ Frame DAE3 35 KB
13 KB 75ms
75ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/rWlMBfa9MpU8odUgYO2XS-jQK_KO9aJyNzJvjgjzx8o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad694c05f6bd32953ca1d52060ed974be8d02bf28ef5a27237326f8e08f3c7ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 22:16:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 282
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13326
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 06 Sep 2022 22:16:37 GMT

GET
H/1.1

200
OK

jot.html Show response
platform.twitter.com/ Frame F6E1
Redirect Chain

https://syndication.twitter.com/i/jot
https://platform.twitter.com/jot.html

80 B
571 B

130ms
130ms

Document
text/html

2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/jot.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BE) /
Resource Hash: 90214d135602962e47ea9587a7eeb62fac1c64a541e373ea76e2b4e8b33e3f88

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
Origin: https://www.securityweek.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 362439
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Mon, 06 Sep 2021 22:21:20 GMT
Etag: "d9592a6c704736fa4da218d4357976dd"
Last-Modified: Mon, 02 Aug 2021 20:34:56 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67BE)
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 80

Redirect headers

date: Mon, 06 Sep 2021 22:21:20 GMT
pragma: no-cache
server: tsa_f
status: 302 Found
expires: Tue, 31 Mar 1981 05:00:00 GMT
location: https://platform.twitter.com/jot.html
content-type: text/html;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified: Mon, 06 Sep 2021 22:21:20 GMT
x-transaction: 4398b4185e618ff6
content-length: 0
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-content-type-options: nosniff
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
x-connection-hash: a56ad0967f24212a6f284c088e8b5b29433ab4bc418169a7ce87084ba5878450

GET
H3-29 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 100ms
99ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&t=2&li=gpt_2021083101&jk=3345131136931958&bg=!Li2lLWnNAAYJpm41CaY7ACkAdvg8WmbFR4BXedSMwlS7exnh3q0ZIDBEZb4deeuQCgsK6OiZvrSSMwIAAABNUgAAAAxoAQcKAI4b7oUSbbB5bk9zbPn67DYzNEFWkcsOCM2ar2KyRIIyvHUdAB9fPQvxX_P5GQuAv20HWoiqc-T4wSPR0nG-nr-Ml0LJnVAop-YGc7qs3PMq7uFjGZ2ntQd0aRi_bnKQhP1_IYqAPM5nQ8InGOzpMgW6aNUVKpbsX9VkLFEodv72mK6rf7KKejQyh7qCyqjWmQKH5dQrH7U9qHPieSOaHKrFVCQuhikJffIj066VI7GuXpAECidBMBvSREME-aEJlDsMDs2kHgu2tl3YH_MgSKdh4GtfHOyznIWmu0L7LGlaoZ-Z8T8AlivKVDGDIBFSULUldks99M6bxt7d22E6gvmO5O1N7jA0XQBYoVyFNiO9qzrFHVFLrFWf9YWoz-fnQT06VzOgKxPenE9gQkE0N7PBDWzvkVCqFCcVI-odBXkmCSThPJ9zQNM-_ERF4ItwlDibuCzVoakf-4srPfFN17xwXeqWbB1SbTIPVghDpi1BDMcXB34TBKbuP-BEzFvyoTg7RZVE_uJDS1cESN2YCj6Ott6I5JjQydQ9-VwkiLqFJpA0ZyBq3ZwrhHGujlqtg3GWBgS-b--VvNDuBLLZO_l1vNVvIYDMUSlM-3YIYh3t4DATWsTN1tGbWBdTmCGg3CgZwhGFR-ROqqES8gfXDjBSxIaasyh8Wmh5jA7HjeDNedWnICEJrDNsW0wLRMoyebeeTWoxmfLdS5WwQnWW-4a1wSUDEHS8pPaS1_r5-z5ZiGMFWsVEV_Riv0QmKVmI0ete0fV_giwl4UMyQkflKVDRnY844-RXm-4EI2ewgEYWstdfcHxm4SHmg8a-wKAaiUhqCRPPtP4f1dSX1d2Gy9LHjjBD5qv5rSgm1GpI83zTTMCbkGsSdcMcPd4Lh1fksw0-E0YSSoX3hhh1NzAJN_8oYw1jFv0hwB9IGadraJBD0bwwos8-CjmQ27-vYVj4Cw40UBHRwPompCqPuGmHCIuNCVk98FcyrKLLj6EZAAyA4n5UXcCb8yuMbmj_KCQKJbtbLtU34NVPYP3ztT3w_L5FZMHTHIVNS7Y
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 50E1 42 B
64 B 165ms
164ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss0XvZ7xg6q8ak9yhrkz_Y0yjnj0FGJ4ZiMLRKqT09x6OK9oML03lnx-HWWoMvr5lq1UxYBKjFd5P9fZQDDjnCspjVAm9fV1Sg8PL8mcQBi15a1ffoM&sig=Cg0ArKJSzLXprqNcGlNIEAE&id=lidar2&mcvt=1000&p=0,0,600,300&asp=612,993,1212,1293&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20210901&bin=7&avms=nio&bs=1600,1200&mc=0.98&app=0&itpl=3&adk=3057893268&rs=4&met=mue&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1630966878858&rpt=384&isd=0&lsd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Sep 2021 22:21:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK bi.js Show response
app.brightinfo.com/Scripts/ 260 KB
75 KB 444ms
444ms Script
text/javascript 168.62.202.120
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://app.brightinfo.com/Scripts/bi.js?bi_ver=132602162452114280
Requested by: Host: app.brightinfo.com
URL: https://app.brightinfo.com/BrightInfoVersion.aspx
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 168.62.202.120 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/8.0 / ASP.NET
Resource Hash: e7f61c3e36793216dad1bf2ff34a22b55684cbaf63596081b1918a1c2ec744bd

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Mon, 06 Sep 2021 22:21:20 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Type: text/javascript; charset=utf-8
Cache-Control: private
Content-Length: 76351
Expires: Tue, 06 Sep 2022 22:21:20 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 127ms
127ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: app.brightinfo.com
URL: https://app.brightinfo.com/Scripts/bi.js?bi_ver=132602162452114280

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 5664
date: Mon, 06 Sep 2021 20:46:57 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Mon, 06 Sep 2021 22:46:57 GMT

GET
H/1.1 200
OK bia.aspx Show response
bia.brightinfo.com/ 19 B
409 B 1438ms
261ms Script
text/javascript 137.135.51.188
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bia.brightinfo.com/bia.aspx?callback=jQuery20303427422700957887_1630966881244&type=biLoad&version=2&jsonString=%7B%22url%22%3A%22https%3A%2F%2Fwww.securityweek.com%2Fapt-group-using-voice-changing-software-spear-phishing-campaign%22%2C%22cts%22%3A1630966881258%2C%22cid%22%3A%22wiredbusinessmedia-14532-1%22%2C%22pu%22%3A%22https%3A%2F%2Fwww.securityweek.com%2Fapt-group-using-voice-changing-software-spear-phishing-campaign%22%2C%22ru%22%3A%22%22%2C%22type%22%3A%22biLoad%22%2C%22sid%22%3A%22gFxhnXgySpKs3ZNB6Waz%22%2C%22mobile%22%3A0%2C%22browser%22%3A%22chrome%22%2C%22accountId%22%3A%2214532%22%2C%22version%22%3A2%7D&_=1630966881245
Requested by: Host: app.brightinfo.com
URL: https://app.brightinfo.com/Scripts/bi.js?bi_ver=132602162452114280
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 137.135.51.188 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 0e688d02687c4c64094dd0a75f5189ea12b955acf8c91f7bd5ac4948f1429cb9

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Mon, 06 Sep 2021 22:21:22 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: private
Content-Length: 136

GET
H/1.1 200
OK bi-animate.min.css
app.brightinfo.com/ui/ 47 KB
5 KB 253ms
253ms Stylesheet
text/css 168.62.202.120
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://app.brightinfo.com/ui/bi-animate.min.css?bi_ver=132602162452114280&id=wiredbusinessmedia-14532-1&sid=gFxhnXgySpKs3ZNB6Waz
Requested by: Host: app.brightinfo.com
URL: https://app.brightinfo.com/Scripts/bi.js?bi_ver=132602162452114280
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 168.62.202.120 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/8.0 / ASP.NET
Resource Hash: 46cad46571cab06c5901e4e867aba4f0783dc88d3db626cfb73d58f00d130a16

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Mon, 06 Sep 2021 22:21:20 GMT
Content-Encoding: gzip
Last-Modified: Mon, 01 Feb 2021 15:48:17 GMT
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
ETag: "80f644a8b1f8d61:0"
Vary: Accept-Encoding
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 4661

GET
H/1.1 200
OK bi.min.css
app.brightinfo.com/ui/ 47 KB
7 KB 501ms
248ms Stylesheet
text/css 168.62.202.120
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://app.brightinfo.com/ui/bi.min.css?bi_ver=132602162452114280&id=wiredbusinessmedia-14532-1&sid=gFxhnXgySpKs3ZNB6Waz
Requested by: Host: app.brightinfo.com
URL: https://app.brightinfo.com/Scripts/bi.js?bi_ver=132602162452114280
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 168.62.202.120 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/8.0 / ASP.NET
Resource Hash: 810956c722149065eabd5b5c4f62f98cb74cda6fb5e3695ab97958e53d6791ca

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Mon, 06 Sep 2021 22:21:20 GMT
Content-Encoding: gzip
Last-Modified: Mon, 01 Feb 2021 15:48:17 GMT
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
ETag: "80f644a8b1f8d61:0"
Vary: Accept-Encoding
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 7239

GET
H/1.1 200
OK bi-custom.css
app.brightinfo.com/ui/custom/wiredbusinessmedia-14532-1/ 548 KB
91 KB 1066ms
570ms Stylesheet
text/css 168.62.202.120
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://app.brightinfo.com/ui/custom/wiredbusinessmedia-14532-1/bi-custom.css?bi_ver=132602162452114280&id=wiredbusinessmedia-14532-1&sid=gFxhnXgySpKs3ZNB6Waz
Requested by: Host: app.brightinfo.com
URL: https://app.brightinfo.com/Scripts/bi.js?bi_ver=132602162452114280
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 168.62.202.120 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/8.0 / ASP.NET
Resource Hash: 5690a1bcc83d00312ef6260da791205a71d80bed7b35ca9701c7b29cfd62b3fe

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Mon, 06 Sep 2021 22:21:22 GMT
Content-Encoding: gzip
ETag: "4f8a33845096d71:0"
Last-Modified: Sat, 21 Aug 2021 05:50:59 GMT
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/css
Transfer-Encoding: chunked
Accept-Ranges: bytes

GET
H/1.1 200
OK bi.aspx Show response
app.brightinfo.com/ 6 KB
3 KB 863ms
369ms Script
text/javascript 168.62.202.120
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://app.brightinfo.com/bi.aspx?method=load&callback=jQuery20303427422700957887_1630966881246&id=wiredbusinessmedia-14532-1&sid=gFxhnXgySpKs3ZNB6Waz&u=https%3A%2F%2Fwww.securityweek.com%2Fapt-group-using-voice-changing-software-spear-phishing-campaign&r=&testModeKey=&biSettings=&fip=&fvs=&fcs=&fec=&fic=&force=&forceHide=false&sw=1600&sh=1200&w=1600&h=1200&utma=89563204.gFxhnXgySpKs3ZNB6Waz.1630966879.1630966879.1630966879.1&ga=&logId=&iframe=false&startTime=637665636803977900&_=1630966881247
Requested by: Host: app.brightinfo.com
URL: https://app.brightinfo.com/Scripts/bi.js?bi_ver=132602162452114280
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 168.62.202.120 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/8.0 / ASP.NET
Resource Hash: bf91ae75504343e8f401a2df56b182795e0181f4e7f50b0ff089ec61ba690251

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Mon, 06 Sep 2021 22:21:22 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: private
Content-Type: text/javascript; charset=utf-8
Content-Length: 2584

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
114 B 134ms
134ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1427031433&t=pageview&_s=1&dl=https%3A%2F%2Fwww.securityweek.com%2Fapt-group-using-voice-changing-software-spear-phishing-campaign&ul=en-us&de=UTF-8&dt=APT%20Group%20Using%20Voice%20Changing%20Software%20in%20Spear-Phishing%20Campaign%20%7C%20SecurityWeek.Com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_utma=89563204.1593287551.1630966879.1630966879.1630966879.1&_utmz=89563204.1630966879.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1630966882152&_u=KQBCAEABGAAAAC~&jid=320128586&gjid=273760166&cid=1593287551.1630966879&tid=UA-72146139-2&_gid=1523183208.1630966882&_r=1&_slc=1&cd2=1630966882151&cd3=Hidden&cd4=No%20recommended%20content&cd5=No%20Value&cd6=No%20Value&cd7=No%20Value&cd8=No%20Value&cd9=No%20Value&cd10=No%20Value&cd11=No%20Value&cd12=No%20Value&cd13=No%20Value&cd14=No%20Value&cd15=Default%20Content&z=1981536672

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 06 Sep 2021 22:21:22 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.securityweek.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK bia.aspx Show response
bia.brightinfo.com/ 25 B
414 B 585ms
246ms Script
text/javascript 137.135.51.188
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bia.brightinfo.com/bia.aspx?callback=jQuery20303427422700957887_1630966881246&type=biVisit&version=2&jsonString=%7B%22url%22%3A%22https%3A%2F%2Fwww.securityweek.com%2Fapt-group-using-voice-changing-software-spear-phishing-campaign%22%2C%22cts%22%3A1630966882154%2C%22cid%22%3A%22wiredbusinessmedia-14532-1%22%2C%22pu%22%3A%22https%3A%2F%2Fwww.securityweek.com%2Fapt-group-using-voice-changing-software-spear-phishing-campaign%22%2C%22ru%22%3A%22%22%2C%22type%22%3A%22biVisit%22%2C%22mobile%22%3A0%2C%22browser%22%3A%22chrome%22%2C%22accountId%22%3A14532%2C%22gatedPromotion%22%3Afalse%2C%22seq%22%3A1%2C%22siteId%22%3A14522%2C%22vs%22%3A%22Hidden%22%2C%22cs%22%3A%22Default+Content%22%2C%22version%22%3A2%2C%22promoId%22%3A0%7D&_=1630966881248
Requested by: Host: app.brightinfo.com
URL: https://app.brightinfo.com/Scripts/bi.js?bi_ver=132602162452114280
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 137.135.51.188 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: ff6616b4a28c3407b10c28873184aabcca21c4b741b8bc190e21cccacf24d9c6

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Mon, 06 Sep 2021 22:21:22 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: private
Content-Length: 141

GET
H2 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
99 B 133ms
133ms Image
image/gif 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1719273456&utmhn=www.securityweek.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=APT%20Group%20Using%20Voice%20Changing%20Software%20in%20Spear-Phishing%20Campaign%20%7C%20SecurityWeek.Com&utmhid=1427031433&utmr=-&utmp=%2Fapt-group-using-voice-changing-software-spear-phishing-campaign&utmht=1630966882140&utmac=UA-72146139-1&utmcc=__utma%3D89563204.1593287551.1630966879.1630966879.1630966879.1%3B%2B__utmz%3D89563204.1630966879.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1312864192&utmredir=1&utmmt=1&utmu=qRAAAAAAIAQAAAAAAAAAAAgE~

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.securityweek.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Sep 2021 22:21:22 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: securityweek.disqus.com
URL: http://securityweek.disqus.com/embed.js

Domain: www.securityweek.com
URL: https://www.securityweek.com/ad.html

Verdicts & Comments Add Verdict or Comment

126 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.securityweek.com/	1970-01-19 21:36:06	Name: SESSae1377f0cbe7278b70a9339b7853afbd Value: 735e7d45a2e33ef136b52a976958b1ef
			.securityweek.com/	1970-01-19 21:36:06	Name: SESSc3f2c9572aa8f3f5ea6f60501affecb3 Value: 3138061102dfee06862a4a626148b674

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

9e262824252b4bf4dca5902a4e2b2e41.safeframe.googlesyndication.com
accounts.google.com
ad.doubleclick.net
ads.securityweek.com
adservice.google.com
adservice.google.de
apis.google.com
app.brightinfo.com
bia.brightinfo.com
cse.google.com
googleads4.g.doubleclick.net
pagead2.googlesyndication.com
platform.linkedin.com
platform.twitter.com
s0.2mdn.net
securepubads.g.doubleclick.net
securityweek.disqus.com
ssl.google-analytics.com
ssl.gstatic.com
syndication.twitter.com
tpc.googlesyndication.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagservices.com
www.securityweek.com
securityweek.disqus.com
www.securityweek.com
104.244.42.200
137.135.51.188
142.250.185.130
142.250.186.38
168.62.202.120
172.217.23.98
185.198.189.48
2606:2800:234:59:254c:406:2366:268c
2606:4700:20::6818:a003
2a00:1450:4001:800::2003
2a00:1450:4001:801::2002
2a00:1450:4001:802::2004
2a00:1450:4001:802::200e
2a00:1450:4001:809::2008
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::200e
2a00:1450:4001:811::2001
2a00:1450:4001:812::2006
2a00:1450:4001:813::200e
2a00:1450:4001:828::2002
2a00:1450:4001:828::200d
2a00:1450:4001:82a::2002
2a00:1450:4001:830::2001
2a00:1450:4001:830::2004
2a02:26f0:10c::5f64:c15a
2a03:2880:f11c:8183:face:b00c:0:25de
0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467
05f4004f999652bf4c69b8b17fd4813363473fabcf89c056d3da5a6d8eac0555
06b34901b9ee1d57c9e0a37a7665c7aa77f6ab8b884cda5e8caad1c3f8b8c639
07000140ab52c28ef2a522fae638638b2783786e8e2ae8cb883cc1f0a0c00df0
08fa49f20076c343e2724c631a732d8cbd3bd0daf55f4a0f8311e07dc77be29c
0c6b49159486bd2c1c03647de94f05ab95b2a1abe6ca0a1d4a54a57a592bb7d5
0d37992eedde150d742556310ecee7404a944ae4915e89a50a3fc2ec188127c7
0deae7d488b0316e0149f1dc2caec46821b2272127b61b4ffadf6f99a303ea16
0e688d02687c4c64094dd0a75f5189ea12b955acf8c91f7bd5ac4948f1429cb9
1098ef7fef25a8fd6eac7dbf1442047062c4d1400c601f8ff843742c61de640c
10f0e5158e45d76ba649af69ed465a28489483ac934b3e491773cb5e4c9704f0
11789957fc00eda3630397edd31ee6a5575a997ab4334d79b655b3830ab4caf4
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1ade44855aea3dae78b47f39d5442fd06d245d7b5e2b8e64315075eaf8d1a569
1c224a48da3fe6b243da8d4a6e2fe90c526ce3014952b08e6f37bdba28a2dcf2
200abde0c426b23abe8a9c501ab4e8e72c048cc0653203817cc9ff96cc6e394d
21b195ce0d8efa07e31b863199d8a6802cb773e2417443e534ed8c113d8949a8
284432b6c1497da4c99863248d0f22d7602d82642c6abb62d1441f771e87d795
29d3c4400d8e49ca204c37af1f5b7a9037e02014e7db5a8ac10e27b93c83dbdc
2f1298490f294128f086689a5654a8340ea9ec7c20c8e97f811590d5313edc9e
36d360e0767c9d7af7985aa993e542e656eb77948fe99778e204df537fb39d32
37bfceb04cc7a18df0c1da8269c382b3b088e870ab39a0987ae17a54589b2dba
3d77a9a71769ddc2a85524914671fb1d031132a8e37366440a4b6b01d7ad0025
3e4a85296d37106cff5d646be0fabf370fd83a9b133c3aaf41e6ffb73d108366
3ee8351e156e2e80d99018a585c18c0dbd9098e3bea84a131d8cbad1ec72c81e
46cad46571cab06c5901e4e867aba4f0783dc88d3db626cfb73d58f00d130a16
47b2e4e5ae504cbefc5c71d8bab25c4571c65321f1009411150b689dcc2901f5
4986aea94d23482c38fb06749a6a5c5c6ab95db97aa3bcc9feaf7eda6cbf6626
4b4b65dc5e87ed8215fb3d74834cd100069e7eb8aaf903a4665e26079fb0777d
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
55851ffd45a0a3e9abd9c2ac844eba1efd50272a39360d0f3b396d26a7d0bfc8
5690a1bcc83d00312ef6260da791205a71d80bed7b35ca9701c7b29cfd62b3fe
5f3d36be68e6a795cf0d621b7d8b4beb4b9f9caea3f3682f2f8f59a846000893
62b425148295a81e4162a87cb36eba754d16b295ec5b733140e2b82c7f77a731
65cc8600f521d4e99aa77e95337426f53ec86dd569e8db164bcda70d5c1da388
6a6f0fdd079cd2bb0fa098f60d11b5823666a6b78e1c79bdb3302e4dd1325dba
726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3
72b0deadf1b32374504bb51f264d4b10fe071ec70b82414896371619ba0ba9ce
785b3c62235c9521e658909432f75b8af2518fc92272806d05df2c01817a5f29
810956c722149065eabd5b5c4f62f98cb74cda6fb5e3695ab97958e53d6791ca
821bdc4f69b0d71c8ee65e9e97c232e0a127004991b92133da9019dbe8f90047
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
89a3535bdee177c1e19ca0ed78417c8470f5c3dd3d95e88f97d7d608ef267abd
8c9b185e1e937971dfedaafecf01bc14813a2ece31cc9af4a2097f9b3ecb061d
8db61f95a8f3554830efc6c3942b7322efef09b9d7f0cbfe32135e0fac106d18
8df0ba2d8af3e602eaba8677fe2c57228955b28868c91c2850a4c3c1ad8c7f68
8f9048e36baefc5cac0974c3e49ffc683d667c5b2081f6cd8d20f5a301b124c2
8f90a387bf870558e96f92c67b397f6fd856ab2a45d69820f9cf4455be91e594
8ffad58a307aa1ac6baff90296c8edc9db313f888876bc2ad453be4db8d01bf9
90214d135602962e47ea9587a7eeb62fac1c64a541e373ea76e2b4e8b33e3f88
913e0bff2ebdfd8aa46e82e8282910638f68fdb9f56f447f1f6b259f3fe5e539
92c171ba5806e8e3bd6d4cec2267a87aace951654b0ba5877a45633e593c5642
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
9aba25433f2e172a914184811973e96b4884f77c8f2329d6846e159c88513e87
9f7ff780ab397e8be4f856bed40c6223e3263c5893e84c1ccc38f9f1bdbd4d74
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a63c717d241f691c6d189bde3dbc07f5ff7af6c2a928f36b78dcd0bef19714ba
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
aa76185f417cf85d7029b35e3a6544d4495402e17f76a32633b5ba80a81faa26
ab74e69c44356590de92b4b7354dc5ae3887e20f3dd9d07cea55cedbdd441f95
ac15d1868a55adcea61641c78efbb86feda3a65882f21bfe9fedd7348fb54be8
ad694c05f6bd32953ca1d52060ed974be8d02bf28ef5a27237326f8e08f3c7ca
ad853a72ac4fa4a7ea4700fb824906dbba6fd62e4f61e92449a5cba3f60ff1dc
b2487b91b81877d82ce166be25f03c9c5b55dbbf6912385c5c72a1fac44d664f
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
bb84689a92cf5af3b849f52905cdc247f5a957d338b8eced54681a0d95340b4f
bceb42c38849f45f8eccea1ad752b5ccea22eba051598d3890607f03941e301e
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
bf91ae75504343e8f401a2df56b182795e0181f4e7f50b0ff089ec61ba690251
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e
c8c3472f82c523707024b21c9c02755fb4fc9540558895e5ec10ceb1a7ac7977
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d10a778caafc69e25249f7b7fa00a1bfaa240991b6c7cdedb7f562fff418eb21
d3b2e714af4a46e55fca1fa141b13fe6144dc378cf696f3a029612f82f082e70
d55e4cb97826944c4f826821ac2688b361d7cf0303b4640c2cb3eef6ee19b233
d667eb81ed1272cb8be644bb1277bd4a3b2a38adf5a134e68ada86c5414220f6
dbef5e5530003b7233e944856c23d1437902a2d3568cdfd2beaf2166e9ca9139
e076d73374a77ccf80a904d8c29c0ea814558a542d4610c73e07c6eea1a997eb
e0cfe1534cf66865ac13a161e60ef74f768ebd78b86b894afff55660e435c182
e24d3af875787facd05baa84d7ab1a09af2c72f0ce2899028054634b8ca4398f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e554e4e2d813746a2f237a641eee6369031b73ca2d3901c4ad4416489ae2dfb6
e7f61c3e36793216dad1bf2ff34a22b55684cbaf63596081b1918a1c2ec744bd
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb9d49a04efcc971667386f67fb420e20fd130339f1c994fc7359bc34771ef9
f8dd5483dc29044f06c3a45f8fd05d0f122a2b4315292df6da919775189351c9
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
ff6616b4a28c3407b10c28873184aabcca21c4b741b8bc190e21cccacf24d9c6

www.securityweek.com Open in urlscan Pro 2606:4700:20::6818:a003 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

114 Requests

98 %HTTPS

73 %IPv6

14 Domains

26 Subdomains

27 IPs

3 Countries

2305 kBTransfer

4849 kBSize

2 Cookies

17 Outgoing links

Redirected requests

114 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.securityweek.com Open in urlscan Pro
2606:4700:20::6818:a003 Public Scan

Screenshot
Live screenshot

Full Image

114
Requests

98 %
HTTPS

73 %
IPv6

14
Domains

26
Subdomains

27
IPs

3
Countries

2305 kB
Transfer

4849 kB
Size

2
Cookies

114 HTTP transactions
3 data transactions