URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Submission: On July 17 via api from TR — Scanned from DE

Summary

This website contacted 28 IPs in 4 countries across 18 domains to perform 104 HTTP transactions. The main IP is 2606:4700:3031::6815:90b, located in United States and belongs to CLOUDFLARENET, US. The main domain is securityaffairs.com. The Cisco Umbrella rank of the primary domain is 630994.
TLS certificate: Issued by GTS CA 1P5 on June 22nd 2023. Valid for: 3 months.
This is the only time securityaffairs.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
43 2606:4700:303... 13335 (CLOUDFLAR...)
7 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
1 108.138.36.120 16509 (AMAZON-02)
1 9 2606:4700:10:... 13335 (CLOUDFLAR...)
6 192.0.77.2 2635 (AUTOMATTIC)
3 2a00:1450:400... 15169 (GOOGLE)
2 192.0.76.3 2635 (AUTOMATTIC)
2 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:26d... 16509 (AMAZON-02)
1 18.194.192.159 16509 (AMAZON-02)
7 2a00:1450:400... 15169 (GOOGLE)
1 2a04:fa87:fff... 2635 (AUTOMATTIC)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2001:4860:480... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:225... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a04:4e42::485 54113 (FASTLY)
2 2600:9000:225... 16509 (AMAZON-02)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 52.57.34.26 16509 (AMAZON-02)
104 28
Apex Domain
Subdomains
Transfer
43 securityaffairs.com
securityaffairs.com — Cisco Umbrella Rank: 630994
625 KB
10 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 135
tpc.googlesyndication.com — Cisco Umbrella Rank: 160
210 KB
9 vlitag.com
services.vlitag.com — Cisco Umbrella Rank: 31037
assets.vlitag.com — Cisco Umbrella Rank: 47487
media.vlitag.com — Cisco Umbrella Rank: 63904
512 KB
8 wp.com
i0.wp.com — Cisco Umbrella Rank: 3650
stats.wp.com — Cisco Umbrella Rank: 2759
pixel.wp.com — Cisco Umbrella Rank: 2584
261 KB
6 gstatic.com
fonts.gstatic.com
147 KB
5 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 88
imasdk.googleapis.com — Cisco Umbrella Rank: 500
122 KB
4 consensu.org
test.quantcast.mgr.consensu.org — Cisco Umbrella Rank: 32276
quantcast.mgr.consensu.org — Cisco Umbrella Rank: 4951
audit-tcfv2.quantcast.mgr.consensu.org — Cisco Umbrella Rank: 58811
187 KB
4 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 57
stats.g.doubleclick.net — Cisco Umbrella Rank: 130
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 216
130 KB
3 google.com
adservice.google.com — Cisco Umbrella Rank: 113
region1.analytics.google.com — Cisco Umbrella Rank: 2556
www.google.com — Cisco Umbrella Rank: 10
2 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 79
208 KB
3 sharethis.com
platform-api.sharethis.com — Cisco Umbrella Rank: 4636
buttons-config.sharethis.com — Cisco Umbrella Rank: 5545
l.sharethis.com — Cisco Umbrella Rank: 4909
47 KB
2 googlevideo.com
redirector.googlevideo.com — Cisco Umbrella Rank: 649
r4---sn-4g5lznes.googlevideo.com — Cisco Umbrella Rank: 303017
995 B
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 368
1 KB
1 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 205
28 KB
1 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 1623
54 B
1 google.de
www.google.de — Cisco Umbrella Rank: 4752
408 B
1 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 1129
610 B
1 gravatar.com
secure.gravatar.com — Cisco Umbrella Rank: 2002
1 KB
104 18
Domain Requested by
43 securityaffairs.com securityaffairs.com
7 pagead2.googlesyndication.com securityaffairs.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
6 fonts.gstatic.com fonts.googleapis.com
6 i0.wp.com securityaffairs.com
4 assets.vlitag.com services.vlitag.com
4 services.vlitag.com securityaffairs.com
services.vlitag.com
4 fonts.googleapis.com securityaffairs.com
3 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
3 www.googletagmanager.com securityaffairs.com
www.googletagmanager.com
2 quantcast.mgr.consensu.org assets.vlitag.com
2 googleads.g.doubleclick.net pagead2.googlesyndication.com
1 audit-tcfv2.quantcast.mgr.consensu.org quantcast.mgr.consensu.org
1 r4---sn-4g5lznes.googlevideo.com
1 redirector.googlevideo.com 1 redirects
1 media.vlitag.com 1 redirects
1 cdn.jsdelivr.net assets.vlitag.com
1 securepubads.g.doubleclick.net www.googletagservices.com
1 www.google.com tpc.googlesyndication.com
1 test.quantcast.mgr.consensu.org assets.vlitag.com
1 imasdk.googleapis.com services.vlitag.com
1 www.googletagservices.com services.vlitag.com
1 region1.google-analytics.com www.googletagmanager.com
1 www.google.de securityaffairs.com
1 stats.g.doubleclick.net www.googletagmanager.com
1 region1.analytics.google.com www.googletagmanager.com
1 adservice.google.com pagead2.googlesyndication.com
1 partner.googleadservices.com pagead2.googlesyndication.com
1 pixel.wp.com securityaffairs.com
1 secure.gravatar.com securityaffairs.com
1 l.sharethis.com platform-api.sharethis.com
1 buttons-config.sharethis.com platform-api.sharethis.com
1 stats.wp.com securityaffairs.com
1 platform-api.sharethis.com securityaffairs.com
104 33
Subject Issuer Validity Valid
securityaffairs.com
GTS CA 1P5
2023-06-22 -
2023-09-20
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2023-06-19 -
2023-09-11
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2023-06-19 -
2023-09-11
3 months crt.sh
sharethis.com
Amazon RSA 2048 M02
2023-05-20 -
2024-06-17
a year crt.sh
vlitag.com
GTS CA 1P5
2023-06-02 -
2023-08-31
3 months crt.sh
*.wp.com
Sectigo ECC Domain Validation Secure Server CA
2022-11-14 -
2023-12-15
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2023-06-19 -
2023-09-11
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2023-06-19 -
2023-09-11
3 months crt.sh
*.gravatar.com
Sectigo ECC Domain Validation Secure Server CA
2022-11-23 -
2023-12-24
a year crt.sh
*.googleadservices.com
GTS CA 1C3
2023-06-19 -
2023-09-11
3 months crt.sh
*.google.com
GTS CA 1C3
2023-06-19 -
2023-09-11
3 months crt.sh
www.google.de
GTS CA 1C3
2023-06-19 -
2023-09-11
3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2023-06-19 -
2023-09-11
3 months crt.sh
cmp.quantcast.com
R3
2023-06-13 -
2023-09-11
3 months crt.sh
www.google.com
GTS CA 1C3
2023-06-19 -
2023-09-11
3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2022 Q4
2022-12-23 -
2024-01-24
a year crt.sh

This page contains 5 frames:

Primary Page: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Frame ID: BC6F6A6EFA0ABCB84B3D779E75BF8EF8
Requests: 98 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230711/r20190131/zrt_lookup.html
Frame ID: 5FC76D784BD307A18B5B5CC505E7D49A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&adk=1812271804&adf=3025194257&lmt=1689559963&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=308x675_l%7C308x945_r&format=0x0&url=https%3A%2F%2Fsecurityaffairs.com%2F148488%2Fapt%2Fgamaredon-ttps.html&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689559962681&bpp=341&bdt=107&idt=531&shv=r20230711&mjsv=m202307110102&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6390055356349&frm=20&pv=2&ga_vid=228210716.1689559963&ga_sid=1689559963&ga_hid=1135508768&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44788442%2C44796632%2C44789815&oid=2&pvsid=3505001797999251&tmod=1723430703&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=554
Frame ID: 2F5B31FF6FADD0950C6640362F331339
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: E3F1A3416510253F0967C54ED077E137
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9DD52F9E5E2158C10D20E65BE225A7A6
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

Russia-linked APT Gamaredon starts stealing data from victims between 30 and 50 minutes after the initial compromiseSecurity Affairs

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • quantcast\.mgr\.consensu\.org

Overall confidence: 100%
Detected patterns
  • twemoji(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

104
Requests

99 %
HTTPS

82 %
IPv6

18
Domains

33
Subdomains

28
IPs

4
Countries

2489 kB
Transfer

6497 kB
Size

9
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 97
  • https://media.vlitag.com/vid/?id=6Fk_i-JDmbY&t=y HTTP 302
  • https://redirector.googlevideo.com/videoplayback?expire=1689569582&ei=znS0ZJuuDLWAsfIP3NqOwAs&ip=184.164.141.146&id=o-AM0xFAYfMduxAdwffYfbwRhydOguNPelRbrKyq4xyApb&itag=136&aitags=134%2C136%2C160%2C243&source=youtube&requiressl=yes&mh=d6&mm=31%2C29&mn=sn-a5mekn6d%2Csn-a5msenes&ms=au%2Crdu&mv=u&mvi=4&pl=21&spc=Ul2Sq6ZPyYbekzYn2R5oULqrA3SCVftx5RlUPwQt3Q&vprv=1&svpuc=1&mime=video%2Fmp4&ns=75ruwmyYxcmsRqONwcdxjdwO&gir=yes&clen=33307029&dur=200.909&lmt=1685781129302686&mt=1689546939&fvip=3&keepalive=yes&fexp=24007246%2C24363393&beids=24350018&c=WEB&txp=6216224&n=rIrDL51jRYeTcM5jTz&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRAIgCPrV7O6gmtunSdHOXB78d5ZSnwqKY8dCrC3srWgyOwYCID4IiwybzWNrUKl8N9tw9mihGoXBIIzojtniPDbTwlel&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRgIhAImsAzY-yXIuNJE7oryoP4JYS3NG2T3vo6az-RqBjR6ZAiEAzuoj6vRMC1Ab7FGigx5O5xQqxYSJwcDkvhbnfJJCjQU%3D HTTP 302
  • https://r4---sn-4g5lznes.googlevideo.com/videoplayback?expire=1689569582&ei=znS0ZJuuDLWAsfIP3NqOwAs&ip=184.164.141.146&id=o-AM0xFAYfMduxAdwffYfbwRhydOguNPelRbrKyq4xyApb&itag=136&aitags=134%2C136%2C160%2C243&source=youtube&requiressl=yes&spc=Ul2Sq6ZPyYbekzYn2R5oULqrA3SCVftx5RlUPwQt3Q&vprv=1&svpuc=1&mime=video%2Fmp4&ns=75ruwmyYxcmsRqONwcdxjdwO&gir=yes&clen=33307029&dur=200.909&lmt=1685781129302686&keepalive=yes&fexp=24007246%2C24363393&beids=24350018&c=WEB&txp=6216224&n=rIrDL51jRYeTcM5jTz&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRAIgCPrV7O6gmtunSdHOXB78d5ZSnwqKY8dCrC3srWgyOwYCID4IiwybzWNrUKl8N9tw9mihGoXBIIzojtniPDbTwlel&cms_redirect=yes&mh=d6&mip=2001:ac8:20:3d00:1012:5f54:1942:5e5d&mm=31&mn=sn-4g5lznes&ms=au&mt=1689559535&mv=m&mvi=4&pl=50&lsparams=mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAOUypqaj7yw2cKpYUoZsQBugH1-IrYvgGVzlDriptSELAiEAvcsyFp0ZaDg9IfuDTbzLLo3mSJo846Ytpf4k_gfdKeU%3D

104 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request gamaredon-ttps.html
securityaffairs.com/148488/apt/
90 KB
21 KB
Document
General
Full URL
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aea3e803371a91fe12f21352eb8a44d15000a193bc2a8447f308fb10d9c3157d

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-edge-cache
cache,platform=wordpress
cf-ray
7e7ef6257b77bbb6-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Mon, 17 Jul 2023 02:12:42 GMT
link
<https://securityaffairs.com/wp-json/>; rel="https://api.w.org/" <https://securityaffairs.com/wp-json/wp/v2/posts/148488>; rel="alternate"; type="application/json" <https://securityaffairs.com/?p=148488>; rel=shortlink
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F%2F0pi26VEZwFvLB2X5Wj6S9pJKqtgnKtsPM%2B3oUaoM0rJkfVJ25g%2FfzCB4ug0alB%2FQ0Oy4nUlmiG1LlXYBaUMWp3XVovXxSPW%2BJZjkqZ5J9qctxNPTik%2F6D6q%2BMao2PfEHY8pP%2BbgNFWZShiqMK1TpOV"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-pingback
https://securityaffairs.com/xmlrpc.php
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
143 KB
50 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4918072057181794
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4b70843e22af862c5be0e18ecbbacc94d85fcaadc2c0634d31ce57fc0c564ee0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.com/
Origin
https://securityaffairs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
50463
x-xss-protection
0
server
cafe
etag
6155581167042660015
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 17 Jul 2023 02:12:42 GMT
style.css
securityaffairs.com/wp-includes/css/dist/block-library/
95 KB
13 KB
Stylesheet
General
Full URL
https://securityaffairs.com/wp-includes/css/dist/block-library/style.css?ver=e5229016af3a6f31e914059643d9f09a
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1009b5a8852ca3fdbdacabac3778cf9dea8f91a58d36466a5fe20d0441ead1f7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
143088
cf-polished
origSize=104503
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 29 Mar 2023 22:54:43 GMT
server
cloudflare
etag
W/"6424c1b3-19837"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K0z7l2OmQ0VsqH2rc57enkARxr41FeEoyDU8My2s308xnCsDIBwYISwyOvSnqbGYy%2BQ47PTweZfnCKrckP1EuVt2QRzQEThjZlilbBaScdvc0u002JQk2VqT%2BvPcZYRgT94soI6k3e0mWx29ZM6qnY8G"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
7e7ef6262bf2bbb6-FRA
expires
Sat, 22 Jul 2023 10:27:54 GMT
view.css
securityaffairs.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-videopress/build/block-editor/blocks/video/
602 B
589 B
Stylesheet
General
Full URL
https://securityaffairs.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-videopress/build/block-editor/blocks/video/view.css?minify=false&ver=34ae973733627b74a14e
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d749579e51cf490ba27a6782bcfe07c52e44ffa8e3fbb4db7a4dded9d0d9ef29

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
442780
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 05 Jul 2023 22:27:23 GMT
server
cloudflare
etag
W/"64a5ee4b-25a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vi5thUiVf7172YhAHEPuct50qaG6XRjVNO9gCrjNDLGXsNJipEM7BU06iwTl5UOSOIoIquxsPcdR%2FS1Xwip%2F%2BAVNrzziTS1LXyh1Jrw5%2FHC8o1K%2BfecVLvPHWmNUT8StoDqrqRTkKBuaM1OQ7yXTD6Dp"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
7e7ef6262bf4bbb6-FRA
expires
Tue, 18 Jul 2023 23:13:02 GMT
mediaelementplayer-legacy.min.css
securityaffairs.com/wp-includes/js/mediaelement/
11 KB
3 KB
Stylesheet
General
Full URL
https://securityaffairs.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 09 Dec 2020 23:31:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
496317
etag
W/"5fd15e34-2bf8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CwYbc2XYii5LphIqkjMKDZ7dg%2BBUmnD%2Bsg2C8z4m0iJ77ijxgj3oo8F9oKPq%2B7rKd6CVV1c%2F0Ra6FWglbIIS111g8gngeNBFBzDbuZCv77h3IQsBWjXu6vNe69a%2FsvLsOx3SI9%2FKob5xioLm0i6v%2BeR1"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
7e7ef6262bf6bbb6-FRA
alt-svc
h3=":443"; ma=86400
expires
Tue, 18 Jul 2023 08:20:45 GMT
wp-mediaelement.css
securityaffairs.com/wp-includes/js/mediaelement/
4 KB
1 KB
Stylesheet
General
Full URL
https://securityaffairs.com/wp-includes/js/mediaelement/wp-mediaelement.css?ver=e5229016af3a6f31e914059643d9f09a
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4485dc3684588728bba3e5fbbe902c36ad1ec1b47480cc62c911a9403bafecc3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
143088
cf-polished
origSize=4960
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 13 Nov 2019 23:52:08 GMT
server
cloudflare
etag
W/"5dcc9728-1360"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HC0AYTCIqjysx4uTcwB73rTTBh1h04i4%2B24oH6vSRav2oWSEpcBHBoMZGOb1UMfMnBu7by8p2j%2BG2dLoGgKSlDugY2YhoLjEA1ru6M02lbw0rY%2FD7tXt9k%2F13lRNQGF2v2ICuA6VEJejClbOIhHjxDOk"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
7e7ef6262bf8bbb6-FRA
expires
Sat, 22 Jul 2023 10:27:54 GMT
classic-themes.css
securityaffairs.com/wp-includes/css/
257 B
581 B
Stylesheet
General
Full URL
https://securityaffairs.com/wp-includes/css/classic-themes.css?ver=e5229016af3a6f31e914059643d9f09a
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a5ea1f3c6951b71eb83050cd630f9c7c1c736b5b277d38a0e4465d80a5e53d4d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
143088
cf-polished
origSize=729
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 29 Mar 2023 22:54:43 GMT
server
cloudflare
etag
W/"6424c1b3-2d9"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Czc%2FcCjutx7xUbWMlgjnuUm7E9HAnF1s36R6xZMNXNjn7%2BJa%2B0f3yvaKNM5F7Er8IXlRPeS%2F45MDG6tyfr%2BX9eRc1cLbkizxilbBnf0FSZ8u6hB%2FldCbkT3oZWrFxd2a38Cjqyc7Rbljc1F1jpR2k7zs"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
7e7ef6262bf9bbb6-FRA
expires
Sat, 22 Jul 2023 10:27:54 GMT
cookie-law-info-public.css
securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/css/
3 KB
1 KB
Stylesheet
General
Full URL
https://securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-public.css?ver=3.1.1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1f4247657f994f6c9520c982ab95f953ee1c052706594d74f521cae670cf8be

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
359069
cf-polished
origSize=3106
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 05 Jul 2023 22:27:15 GMT
server
cloudflare
etag
W/"64a5ee43-c22"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NdaKYof44wQVuw4ymOyMItleJau6tjHIWWemM8tLj6SJD17cIh%2BqjEJroGHTQWYCqQQ6FpusqgvnIWWn3gsXNTGX9v87gDRMuffE4tbCxO4JskdQihWJvBEMgf%2FXpBiFdlwNSJfS2lAyVIR%2Ft%2BzdS4%2B2"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
7e7ef6262bfcbbb6-FRA
expires
Wed, 19 Jul 2023 22:28:13 GMT
cookie-law-info-gdpr.css
securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/css/
22 KB
4 KB
Stylesheet
General
Full URL
https://securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-gdpr.css?ver=3.1.1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d0ee8b9f5976ae2dc3eefb7aace301d8540ad3d5f01c88f5049b3b7257a1d2f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
359069
cf-polished
origSize=27249
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 05 Jul 2023 22:27:15 GMT
server
cloudflare
etag
W/"64a5ee43-6a71"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZPdzmzkkJZyWCS%2Fpr1FclqIFBOLm7JGMzgDCeG94dfYQWrxRhPHEQxoC8Cd6%2Bj0dqyD8e0EC77DCATtg%2F6d%2BIPWg8mrTLrefMM6oYCxNGvxyEEQtplhYx0AYzxbgO82dASXm2XxdiExgKJUodLaxKCZ5"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
7e7ef6262bfdbbb6-FRA
expires
Wed, 19 Jul 2023 22:28:13 GMT
custom.css
securityaffairs.com/wp-content/themes/rigel_old/css/jqueryui/
15 KB
3 KB
Stylesheet
General
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/css/jqueryui/custom.css?ver=1.4.1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b33e3ff7c01e9eb947faf1bd0dd31d3d210ff9fdf809f2db3938b5b865b9cc31

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
496685
cf-polished
origSize=19858
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 16 Dec 2015 13:54:59 GMT
server
cloudflare
etag
W/"56716d33-4d92"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3xe%2BxZrQz6fPJWxRT6ft0L1M7y0n9uuytokXY%2Bf%2Bz%2BdDccbjO%2BCeyZybDEUEMn8e63IwJPLBeDIFd0TnhtHY8aW3bS649o4XfpyvZr%2FK83J7ndecYtjAxTYASwpLgn9ID2kkf6Xl2%2FzhSbrb1iB1qyzF"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
7e7ef6262bfebbb6-FRA
expires
Tue, 18 Jul 2023 08:14:37 GMT
tipsy.css
securityaffairs.com/wp-content/themes/rigel_old/css/
461 B
664 B
Stylesheet
General
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/css/tipsy.css?ver=1.4.1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0255909b7cb5511843e8e9d6414f99d023237cdb954705d68c4ff0d3cd752d6b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
496685
cf-polished
origSize=539
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 16 Dec 2015 06:58:04 GMT
server
cloudflare
etag
W/"56710b7c-21b"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZQFH4kh0LKWYyZY1CBsTSlHU5zJbCHY8Tyie6SF%2BqngevFoB9LrqK8GLeFTk%2B6RKR%2FLdjK4wFDsdNtbYQRTjjxlE7TX04%2BUerQ9iRkLKvFBZluVxMFWl32p%2By2YOup0TgwdoUQrZ%2Frp1Q8w0Bfjr8W2Z"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
7e7ef6262bffbbb6-FRA
expires
Tue, 18 Jul 2023 08:14:37 GMT
flexslider.css
securityaffairs.com/wp-content/themes/rigel_old/js/flexslider/
5 KB
2 KB
Stylesheet
General
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/js/flexslider/flexslider.css?ver=1.4.1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
751ae0b0e7b20fc45203c90e0c3391e1aa983f57327fb31d96dda46f7232ad45

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
497838
cf-polished
origSize=6225
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 16 Dec 2015 13:55:09 GMT
server
cloudflare
etag
W/"56716d3d-1851"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NtdJYjqJ2nOX%2BIGa2AHiJ3tunxn6LuWY0CqPfj2%2BaHBH79MueYu1jR3RuksyaLqeAoRaUGROP1T1RUnFuYo2nh00TJSUJIUfpKMCCrj1bW7LSDNFfsOp6VLXJLfz3q2yv5NZa5g%2BEMXd56vbznOlB8yK"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
7e7ef6262c00bbb6-FRA
expires
Tue, 18 Jul 2023 07:55:24 GMT
animation.css
securityaffairs.com/wp-content/themes/rigel_old/css/
1 KB
688 B
Stylesheet
General
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/css/animation.css?ver=1.4.1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b5643c5e548ec3aab5786c3845bce65a8ab30d48b62ba2586373ff84589ea13d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
497741
cf-polished
origSize=1716
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 16 Dec 2015 06:58:02 GMT
server
cloudflare
etag
W/"56710b7a-6b4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Dw9YquodN2vEgMQG%2F1qAcNrHJ3S4Qga2fyC5rsxgtwm%2Bk3X7p1b1mVFdbXDg3JuF%2BV1YqBXwBuWWUPoRnfrJqPOkEh7cvYfRtblW6CgS%2FWVwQYjiHBEg9ldQZ1MCTqoEDLVwjTC9vzfzFlPgy417F31"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
7e7ef6263c05bbb6-FRA
expires
Tue, 18 Jul 2023 07:57:01 GMT
font-awesome.min.css
securityaffairs.com/wp-content/themes/rigel_old/css/
17 KB
4 KB
Stylesheet
General
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 16 Dec 2015 06:58:02 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
533222
etag
W/"56710b7a-4574"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qYUmh2cCX9PgwSB8kz31EaaaXfzrb3%2FzE0oLHIzkOceB%2BUBXI6TchwkVvHmirj644nPjEgqXyH6Ow1i3RU4wg9rfN3FKdJsLQWAiaU1TN394zHsKvmC2SkN81RsgQ31P6VL3MfPiDtNGGQvWu0Drtrtz"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
7e7ef6263c06bbb6-FRA
alt-svc
h3=":443"; ma=86400
expires
Mon, 17 Jul 2023 22:05:40 GMT
swipebox.css
securityaffairs.com/wp-content/themes/rigel_old/js/
3 KB
1 KB
Stylesheet
General
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/js/swipebox.css?ver=1.4.1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c9b6164ccc60fa98562a1d315d63a961a7ffa16183117a6a5f6d5bf3893283c0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
496685
cf-polished
origSize=4493
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 16 Dec 2015 06:58:18 GMT
server
cloudflare
etag
W/"56710b8a-118d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yk7n%2B2RfmRXWccuRrjbYDfr%2BG8l5Gxummbrhp73OEXhl8enKO%2Bpkx%2FeE2ZCMUac4bfYj5smGWKGoEP8hYYiB2NMLqeg3pm3hIbSS74VjS5FFhC7AcJayEcfDr7NeFgfsgYsgauOEplKwMephcPNMYig6"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
7e7ef6263c08bbb6-FRA
expires
Tue, 18 Jul 2023 08:14:37 GMT
jquery.circliful.css
securityaffairs.com/wp-content/themes/rigel_old/css/
264 B
484 B
Stylesheet
General
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/css/jquery.circliful.css?ver=1.4.1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
28275dbcd3747f460a53102bb9dad566db20349335371cef756c72f4ab155431

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
539579
cf-polished
origSize=334
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 16 Dec 2015 06:58:02 GMT
server
cloudflare
etag
W/"56710b7a-14e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2fY6RK6qbhoHCoOZdz%2BnqOlOM1n7WJv9SFht88rAg3B9TzmNR%2FEgUQRYX8DSK%2BFS6zl%2FaaTZIFhM955sAe%2FYbFRPHo1fba4DMynh6CWXdqV3ANknbcu4dGPZGFEwfP%2Bw6vln%2Fo8PH%2FWek3%2Bhcg4pRCYt"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
7e7ef6263c09bbb6-FRA
expires
Mon, 17 Jul 2023 20:19:43 GMT
screen.css
securityaffairs.com/wp-content/themes/rigel_old/css/
95 KB
17 KB
Stylesheet
General
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/css/screen.css?ver=1.4.1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a04aa9666a49a1c434d7e44268f399e0c1dc1b306a2cc6f3414551364c217b4d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
496685
cf-polished
origSize=112708
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 16 Dec 2015 06:58:04 GMT
server
cloudflare
etag
W/"56710b7c-1b844"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ljlau3iYBg44sWcsVJ8giePL5d4Wo%2FYjdwVkm471cvwdOTqRT0QmBtWYq6XQE5Z%2FpQIYPJ3UNzChLRnv9kOoeld1%2FdrpU%2BKt5Gp0YkXB0t33%2FKafEGN7K3bntpwX4QKi%2Bq6Ni5Qz%2BocfNmWHp7S5%2BXW5"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
7e7ef6263c0abbb6-FRA
expires
Tue, 18 Jul 2023 08:14:37 GMT
custom-css.php
securityaffairs.com/wp-content/themes/rigel_old/templates/
12 KB
3 KB
Stylesheet
General
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/templates/custom-css.php?ver=1.4.1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ba7c2311986ffb857dac36c0269f59bd9eb78fbf7435f2a2ebe5ba3af6fb9b2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

cf-edge-cache
cache,platform=wordpress
date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D7ZdEPfXv6XMGI5jCi2bjizpFSUyJDpVeso%2Bpyv61SZFuM5EZpBtUb3NyU5Qwc89QVmEyrXPIOrWSWljKLqpobvlFxsOWX%2BDVeQqvesNhhvHxIqswYb6aMEc%2BDjWJwXrxb5EVvq2azokGl0h9eUP2Xfc"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset: UTF-8;charset=UTF-8
cf-ray
7e7ef6263c0bbbb6-FRA
alt-svc
h3=":443"; ma=86400
css
fonts.googleapis.com/
9 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=e5229016af3a6f31e914059643d9f09a
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
77a97368f8991ef6bcba68e58a58f0aa3aaa1e61b687bb5f2c7930d12800de13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.com/
Origin
https://securityaffairs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 17 Jul 2023 02:12:42 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 17 Jul 2023 02:12:42 GMT
css
fonts.googleapis.com/
3 KB
550 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=e5229016af3a6f31e914059643d9f09a
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
699e8cb3d0af7f12172315152a58cf8154526ddc2ee3d29ed8861218e9cf91a2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.com/
Origin
https://securityaffairs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 17 Jul 2023 00:39:13 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 17 Jul 2023 02:12:42 GMT
css
fonts.googleapis.com/
4 KB
658 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=e5229016af3a6f31e914059643d9f09a
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e63ce5b7ed21eed9e79e149fd15071f7d52af26b7b50b23af810cfe3b50f7a1a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.com/
Origin
https://securityaffairs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 17 Jul 2023 02:12:42 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 17 Jul 2023 02:12:42 GMT
css
fonts.googleapis.com/
4 KB
658 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=e5229016af3a6f31e914059643d9f09a
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c31c872bd1b263e86b8127059907e0c7e94c0985a85acd24d856f4d9aa294db9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.com/
Origin
https://securityaffairs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 17 Jul 2023 02:12:42 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 17 Jul 2023 02:12:42 GMT
grid.css
securityaffairs.com/wp-content/themes/rigel_old/css/
43 KB
8 KB
Stylesheet
General
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/css/grid.css?ver=e5229016af3a6f31e914059643d9f09a
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5133a1035cbf203be573cc6e15a2d4f8477b62568bea772b2192dc68c4980e5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
143088
cf-polished
origSize=50674
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 16 Dec 2015 06:58:03 GMT
server
cloudflare
etag
W/"56710b7b-c5f2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=loPy%2Fh24gr8gRy%2BwknPvejmbH%2FP8w2Eb7re3rJ6Do2Hue71H7aELYyow%2FJkI37oRAf%2Fy6F8R%2FB5oxgevWC9KOzN0564sBUg6LUMmtF7sEBDo8CWCbTBp7NuBLTMJR8khcksH%2FzMqjylCsZ%2FsmP5wKgr0"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
7e7ef6263c0dbbb6-FRA
expires
Sat, 22 Jul 2023 10:27:54 GMT
sharing.css
securityaffairs.com/wp-content/plugins/jetpack/modules/sharedaddy/
17 KB
3 KB
Stylesheet
General
Full URL
https://securityaffairs.com/wp-content/plugins/jetpack/modules/sharedaddy/sharing.css?ver=12.3
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
42cb01112af83c39f992eb89a612ef203c0ca1571d8dcfd58c206d5f467aa34a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
358960
cf-polished
origSize=19963
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 05 Jul 2023 22:27:23 GMT
server
cloudflare
etag
W/"64a5ee4b-4dfb"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KqJQSNFLgHEpoMJgOzh1RMFVT8KpMCfiWvM8jqcoDfoU4%2BnEUD929hGZUpmZsi4dXcuwwh0Za5035l4o0Mgx2mIFvkJtRFKgRwNXQ33vImsrHZhS69QWxxBVpA8jfJgL9AcjQNKXcX6XPWOKR8dlQxrv"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
7e7ef6263c0ebbb6-FRA
expires
Wed, 19 Jul 2023 22:30:02 GMT
social-logos.css
securityaffairs.com/wp-content/plugins/jetpack/_inc/social-logos/
12 KB
8 KB
Stylesheet
General
Full URL
https://securityaffairs.com/wp-content/plugins/jetpack/_inc/social-logos/social-logos.css?ver=12.3
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b55ed724fa2620754a5290ad2cc0e87cb3dfdb61d73e4022bbc73e76c26dcac

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
358960
cf-polished
origSize=12726
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 05 Jul 2023 22:27:23 GMT
server
cloudflare
etag
W/"64a5ee4b-31b6"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rBKLsMnJv5gR55jF3lR2Nga8xqkno3MoxVp%2BFClmD%2FtVSnw2R1BXpERcgjdzEmbcucHR%2FwumMpREqvdDUyPw9s4s8RgqDc9TLFAXJB47isn5TZF0Hy%2BpHyKsi8aM2E4209dHQKVqn8rA7B1CqB7fO7az"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
7e7ef6263c0fbbb6-FRA
expires
Wed, 19 Jul 2023 22:30:02 GMT
jquery.js
securityaffairs.com/wp-includes/js/jquery/
142 KB
42 KB
Script
General
Full URL
https://securityaffairs.com/wp-includes/js/jquery/jquery.js?ver=3.6.4
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
73e52be898a7afbbfa119fdb5a95ca82c2b914da8d756404f7e5c7e0b6ff1928

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
446841
cf-polished
origSize=292478
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 29 Mar 2023 22:54:43 GMT
server
cloudflare
etag
W/"6424c1b3-4767e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aWD0nIwPii5JjPZqFQsFneVm2QGNEVJJdbelli%2BjcghHq7kVIobyr8saYXUhFyi2vzG%2B2hoJWmcg9AWnKFEXOn9JY8q4wJ2M94Q7iElhu1QlR3XkS4AoN2yWxO7gL5TQFsvBNqdDb7niVUS6a4Yp1lxG"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
7e7ef6263c10bbb6-FRA
expires
Tue, 18 Jul 2023 22:05:21 GMT
jquery-migrate.js
securityaffairs.com/wp-includes/js/jquery/
18 KB
6 KB
Script
General
Full URL
https://securityaffairs.com/wp-includes/js/jquery/jquery-migrate.js?ver=3.4.0
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c4baf058901663c6879894c0067cf923fa200cb95a0a4c25b1471a62c2a63c8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
539579
cf-polished
origSize=30789
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 29 Mar 2023 22:54:43 GMT
server
cloudflare
etag
W/"6424c1b3-7845"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e9Isp644IBXwdSSjFQplEhmh4ACIxNsZ3yQyG5M2muc3xCU4J6BNzirEKugbNbJsiV40V1iQ5%2B0QcTTHlqCxh6FhAG%2FSQ0sUbKdhUKeNWBQcrJo47OueWObmUvHGS0bpCMkjq05Tklm2D3uy8qCjnorg"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
7e7ef6263c12bbb6-FRA
expires
Mon, 17 Jul 2023 20:19:43 GMT
cookie-law-info-public.js
securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/js/
27 KB
7 KB
Script
General
Full URL
https://securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/js/cookie-law-info-public.js?ver=3.1.1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9701e3cc721b444361494b8586b90ce11a0a0fc7964c0220e2263dd836d0a254

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
359069
cf-polished
origSize=34179
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 05 Jul 2023 22:27:15 GMT
server
cloudflare
etag
W/"64a5ee43-8583"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WPNhT%2BaCnlpWOVmlWwAFC7ftHqeSkA4tfwwz10jxtjWxur5%2B%2F9NTuNNun3JnlPM%2F3tNHN%2BN1JCnPjOCN7PkzMCp0CZV96l3nRX5yqmVye7eHUPVb%2FwDFH1Mw1UxifyNdYkeK9m9fkEhrWadT2gVZ43%2BL"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
7e7ef6263c13bbb6-FRA
expires
Wed, 19 Jul 2023 22:28:13 GMT
sharethis.js
platform-api.sharethis.com/js/
203 KB
45 KB
Script
General
Full URL
https://platform-api.sharethis.com/js/sharethis.js?ver=8.4.6
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-120.muc50.r.cloudfront.net
Software
/
Resource Hash
64ffd4b2224c9e2a0f2193cf1d37239572a67ce9d2bf3d97c58d6939139af61b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:08:19 GMT
content-encoding
gzip
via
1.1 3d7648aa47c887339ebd63c859836150.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
MUC50-P2
age
414
etag
W/"32a36-40XB9TFKL290b/MnE4xfx5SGfVQ"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
edge-control
cache-maxage=60m,downstream-ttl=60m
cache-control
max-age=600, public
x-cache
Hit from cloudfront
x-amz-cf-id
XwIvcoDp-np8P1pWlj_Hjk5hRkGAk1fR23l2PkDtFqEVmsMvrNK8Dg==
/
services.vlitag.com/adv1/
574 KB
147 KB
Script
General
Full URL
https://services.vlitag.com/adv1/?q=221a5a398da89ace8729d1cd3c481ec7
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3bc7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c7931aed0cd2de6be37e8b4dd12204df6bd0fea2296ac126dac59d4c353fcd8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:43 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
server
cloudflare
cf-polished
origSize=588245
etag
W/"221a5a398da89ace8729d1cd3c481ec7 2023-07-14T06:45:32 v1 default"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=900, stale-while-revalidate=3600
x-robots-tag
noindex, nofollow, noarchive, nosnippet
cf-ray
7e7ef6288e8e68f2-FRA
alt-svc
h3=":443"; ma=86400
image-24.png
i0.wp.com/securityaffairs.com/wp-content/uploads/2023/07/
175 KB
176 KB
Image
General
Full URL
https://i0.wp.com/securityaffairs.com/wp-content/uploads/2023/07/image-24.png?resize=1024%2C653&ssl=1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
57ff5351fcc1ae58a5e6248e8b8b8c06035fbbbe801abb81fdf166f479db9597
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nc
HIT ams 5
date
Mon, 17 Jul 2023 02:12:43 GMT
x-content-type-options
nosniff
last-modified
Sat, 15 Jul 2023 19:34:44 GMT
server
nginx
etag
"267eab30eca1850d"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.com/wp-content/uploads/2023/07/image-24.png>; rel="canonical"
content-length
179592
expires
Tue, 15 Jul 2025 07:34:44 GMT
image-26.png
securityaffairs.com/wp-content/uploads/2023/07/
319 KB
320 KB
Image
General
Full URL
https://securityaffairs.com/wp-content/uploads/2023/07/image-26.png
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
853b33a271e870c8684b5d09bd3e350d77f4335bf2e92916a3b5c85d284edc13

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:43 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
41051
alt-svc
h3=":443"; ma=86400
content-length
326658
last-modified
Sun, 16 Jul 2023 14:03:41 GMT
server
cloudflare
etag
"64b3f8bd-4fc02"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BDvYNWO3scLpPYhkp%2BSVFiuKZKpfHTzjtAtkbOaQiwlwtyun5jFioirnBc5gjVE4TPiBlaJrmnlB43EdVLXwGS6VrW1pu3f29g%2BRqTBow%2FsDKMvb43ulyinpHnKgNTu0ISF10Lv0A93619sffaio9iy5"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=315360000
accept-ranges
bytes
cf-ray
7e7ef628e8419250-FRA
expires
Thu, 31 Dec 2037 23:55:55 GMT
newsletter.png
securityaffairs.com/wp-content/uploads/2015/03/
50 KB
50 KB
Image
General
Full URL
https://securityaffairs.com/wp-content/uploads/2015/03/newsletter.png
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1267fc6c8805b7f508e04bc8da776509420413adb25e197f12c9f9405c74ac6d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:43 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
98649
alt-svc
h3=":443"; ma=86400
content-length
51032
last-modified
Wed, 16 Dec 2015 11:53:22 GMT
server
cloudflare
etag
"567150b2-c758"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=20C3V5DCmWg2mJdxZ2%2FOPQcQxLZ5Z%2BWwp1mwNGrtHrDCT0zo1%2FyMBC1LvDw4oDiSysRUvnwKiK2YYOnP%2BfaaWFp4HctNQRHaJ5V2goJ58PzvCWWy5Pht8loyI55rF9XvBIDcPwor%2F%2FNpYK%2BRthYwJ2R8"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=315360000
accept-ranges
bytes
cf-ray
7e7ef628e8429250-FRA
expires
Thu, 31 Dec 2037 23:55:55 GMT
email-decode.min.js
securityaffairs.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/
1 KB
1 KB
Script
General
Full URL
https://securityaffairs.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 11 Jul 2023 16:27:41 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"64ad82fd-4d7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RjcxF74uTw5lC4jnqFphpHGFHCS6%2F0iUdaLLyg4GY1Uhipbql6fVvQOgayf%2F0cP1HBdi8RHqc7SPKvA5SN7sTYQXVU%2F0s06HyRLwt9WNkveMj57mPjrRE5QT4jCH8xEoxvB6d5M4ohgETCNepQhjXwyh"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-frame-options
DENY
cache-control
max-age=172800, public
cf-ray
7e7ef626ef5f9250-FRA
expires
Wed, 19 Jul 2023 02:12:42 GMT
image-3.png
i0.wp.com/securityaffairs.com/wp-content/uploads/2023/03/
13 KB
13 KB
Image
General
Full URL
https://i0.wp.com/securityaffairs.com/wp-content/uploads/2023/03/image-3.png?resize=300%2C300&ssl=1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
cf4b55e0e13c1ca3bbef81fe134e670085f2e6dd651893f8162ce34eda11c653
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nc
HIT ams 7
date
Mon, 17 Jul 2023 02:12:43 GMT
x-content-type-options
nosniff
last-modified
Sat, 15 Jul 2023 13:03:24 GMT
server
nginx
etag
"ff445767099e8cec"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.com/wp-content/uploads/2023/03/image-3.png>; rel="canonical"
content-length
13512
expires
Tue, 15 Jul 2025 01:03:24 GMT
js
www.googletagmanager.com/gtag/
253 KB
85 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-NPN4VEKBTY
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
edbfdb87e4528eb41e9b103e943b5f3289ec7f8a31738cb4022e5b0271e476cf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:43 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
87362
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 17 Jul 2023 02:12:43 GMT
image-cdn.js
securityaffairs.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/
701 B
868 B
Script
General
Full URL
https://securityaffairs.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
27dd9b075cc59cf5f3c0f6ee075f4bd113782d81ce30a4f16aac669ecfdc4fa2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
443075
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 05 Jul 2023 22:27:23 GMT
server
cloudflare
etag
W/"64a5ee4b-2bd"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E%2BmC6eDDfSMjqaTex9B1f8XGA%2BW2VPdA70I%2Ff4yHd5VnHN0vsX663UodHAYpvsGkMofw0A%2FM48CqKVudo%2Bx%2F2EWM9tJTs7mgzIwA1wW9KU%2F3XUi1U44KUFsoHATkupbcSP%2Fs9mlPJE8nL9R%2FUhVUHweP"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
7e7ef626ff689250-FRA
expires
Tue, 18 Jul 2023 23:08:07 GMT
ssba.js
securityaffairs.com/wp-content/plugins/simple-share-buttons-adder/js/
2 KB
1 KB
Script
General
Full URL
https://securityaffairs.com/wp-content/plugins/simple-share-buttons-adder/js/ssba.js?ver=1686486772
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
90b1f6082b0cf09c59ad2a5b87d3e0ab87eadf37c9b0b791318adfaae1a4b0d4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
48380
cf-polished
origSize=3110
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Sun, 11 Jun 2023 12:32:52 GMT
server
cloudflare
etag
W/"6485bef4-c26"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZIKxitMp23PNZQ1JaVZ8relZxU8goGdo33bJiksUQ5D83NJlfXa7u3YthWQ%2BPjn5jmQa14c1hoyR9AdjwdWPskLCgrpnSqik1a3yt4v8qi1pfRMNxAyiyhpFlpGYbOt4bcMuXkZkqgIjmRyzEu7SAOo4"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
7e7ef6272f809250-FRA
expires
Sun, 23 Jul 2023 12:46:22 GMT
hint.js
securityaffairs.com/wp-content/themes/rigel_old/js/
467 B
765 B
Script
General
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/js/hint.js?ver=1.4.1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
914c2c38bcf8be8ae0bb37e800573341c8134e54b5ced5303c1d3f172d7e6c96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
501004
cf-polished
origSize=987
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
cloudflare
etag
W/"56710b89-3db"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BbX6rtrzIMy73PduuMNpaISdU3ixIOPxVEXpUNgJ1bc3vkulUYODQ3%2FEGpW%2Bc02XLwRLvOkKjPAXS7q7OgQFxuxtwcZfiHrz8tkrsACABj2Bm4NgVc57dNQz0q2B5BwKW20UyV4gQo4liIehBOSFnWM%2F"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
7e7ef6274f879250-FRA
expires
Tue, 18 Jul 2023 07:02:38 GMT
jquery.tipsy.js
securityaffairs.com/wp-content/themes/rigel_old/js/
2 KB
1 KB
Script
General
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/js/jquery.tipsy.js?ver=1.4.1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3570b0809823e912b040bb8d99048d5e85ceabf830ef064e306c0a1901a08e11

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
499639
cf-polished
origSize=4371
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
cloudflare
etag
W/"56710b89-1113"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ln53c7RKFJDmJVLdYrO5lm%2B8N6Frt2MeZwq9%2BYVxXcIhrYQK0ieBGDV30Ssmoj3vTZIz6wvbS6AbD2wUiw6vbmX5Y55kPdt2QrdD2PnLs3oWodVFkii52nNWs%2FVnRbtcQrPO%2FuLm%2Biq40jzJtM4go8Ez"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
7e7ef6275f919250-FRA
expires
Tue, 18 Jul 2023 07:25:23 GMT
jquery.easing.js
securityaffairs.com/wp-content/themes/rigel_old/js/
4 KB
1 KB
Script
General
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/js/jquery.easing.js?ver=1.4.1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aea607f39789d4cc03dd33d5518a1e53d419c379c618b7a19d6e3a06f4f14d56

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
248080
cf-polished
origSize=8097
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
cloudflare
etag
W/"56710b89-1fa1"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U05TgNfNLhChdqJlbPzm%2BkphoH9J3MNXVY8Zj51Orrwy9ZGZPn0Z2tWTVzqjkWO8vzCqxMpE9T5O0Jtjer7CBWh%2B%2FEdo58kLaf6SpnZTQ0UEtvI6ld%2FcsUvwG3r6dF2q%2BsfjpXkNTi4KoR%2BrNRj8Az98"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
7e7ef6277fa19250-FRA
expires
Fri, 21 Jul 2023 05:18:02 GMT
browser.js
securityaffairs.com/wp-content/themes/rigel_old/js/
2 KB
1 KB
Script
General
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/js/browser.js?ver=1.4.1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bea141b0e1c016faface442cf56dae318f97789bea95d633da28014d5233a934

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
523582
cf-polished
origSize=2614
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 16 Dec 2015 06:58:16 GMT
server
cloudflare
etag
W/"56710b88-a36"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B4fTs2%2FZV5%2FU2Jm%2BToKC7c4D53JcpCa9g1HuACTWtBRzNaatVmwDRHTMnJvgLZgR58lVFNiJRGILVI28EdSnKf3qBEhWT6B5SobKJ3oHgsYMAVW97rqhgbEef8m8KeTgRoH%2BunwcrrwonewJ2xjcH77P"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
7e7ef6278fb09250-FRA
expires
Tue, 18 Jul 2023 00:46:20 GMT
jquery.flexslider-min.js
securityaffairs.com/wp-content/themes/rigel_old/js/flexslider/
21 KB
7 KB
Script
General
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/js/flexslider/jquery.flexslider-min.js?ver=1.4.1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 16 Dec 2015 13:55:10 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
86746
etag
W/"56716d3e-53ae"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qsE5psXifpm6guxtHK%2FTPSjj5PMhShLbHq5ye8GDTd3NgmIGN6wjmVrOb9lD6am%2BNRUWP3emauqrziQsI1sDgn7RFVGirKT1rXcnN511TeyJvRlskxfZgxxcgRrTv%2BqDV0zsR8dni7%2FNCZAzHIOVgkq9"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
7e7ef6279fb59250-FRA
alt-svc
h3=":443"; ma=86400
expires
Sun, 23 Jul 2023 02:06:56 GMT
waypoints.min.js
securityaffairs.com/wp-content/themes/rigel_old/js/
8 KB
3 KB
Script
General
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/js/waypoints.min.js?ver=1.4.1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 16 Dec 2015 06:58:18 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
498635
etag
W/"56710b8a-1f6c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4fHOZPghmPnSweTrxGoX%2FoeQzxZaXK%2BnhZHq0%2Bc5%2FJsdm4me98ybqSlWWioOmAHgAP0UEQsS1YjiaP50vOiN8yXVtSvAibLikVdO%2FYG1lf9mIXX17gKww8IHQhyjQU%2BLRuu8Tptno7%2Fr5uDjkLtmb7oB"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
7e7ef627bfbc9250-FRA
alt-svc
h3=":443"; ma=86400
expires
Tue, 18 Jul 2023 07:42:07 GMT
mediaelement-and-player.min.js
securityaffairs.com/wp-content/themes/rigel_old/js/mediaelement/
69 KB
20 KB
Script
General
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/js/mediaelement/mediaelement-and-player.min.js?ver=1.4.1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 16 Dec 2015 13:55:14 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
245339
etag
W/"56716d42-11571"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YVOMCwj900UQAyxv%2BlnIkc7%2F4Jp8Kl7fuKO6jG2PmQkBtqwVrVbr%2FdOuyXAJsaUh5MekSV%2FVYgAN1wipsaWX9LYoml%2BWdooUctDtt3Y2bVHWMJsmH1q8gnL9Jk9GMSuWpWP3khE1KLHwPwoXW6hO6uFT"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
7e7ef627dfc69250-FRA
alt-svc
h3=":443"; ma=86400
expires
Fri, 21 Jul 2023 06:03:43 GMT
jquery.swipebox.min.js
securityaffairs.com/wp-content/themes/rigel_old/js/
11 KB
4 KB
Script
General
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/js/jquery.swipebox.min.js?ver=1.4.1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
578695
etag
W/"56710b89-2a67"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o4%2Fh1QDxIDJFq1Ap7fNelmPM316BJMlfp01%2FlpM8vE%2Fctn1Tkq7Um4XvQ2IbGV%2FHkvUknT7oVSTiXQOuZTpz6XUe8CnLcvET04Zoq9wFyIqT76BVmYYXeKP4jSvQsxw%2BZyEpGQmN07RiYqILHyE%2Bhj5F"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
7e7ef627ffd89250-FRA
alt-svc
h3=":443"; ma=86400
expires
Mon, 17 Jul 2023 09:27:47 GMT
jquery.circliful.min.js
securityaffairs.com/wp-content/themes/rigel_old/js/
3 KB
1 KB
Script
General
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/js/jquery.circliful.min.js?ver=1.4.1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
499638
etag
W/"56710b89-c18"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YP6v6wURnTltoTZWSBKJsDeR%2BU%2BvFQl6mPdU0an5qrv2H8uOMMWbFO41jtccaGvGrSDvjgi3%2BShH%2BybOr1%2F5iO9PHRRPuNB2yq5cxVAjZwC6DXOidEVUs0HnZe9qnG6rYTBEMHJpptFkpTPSZp7Jv66s"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
7e7ef6280fe59250-FRA
alt-svc
h3=":443"; ma=86400
expires
Tue, 18 Jul 2023 07:25:24 GMT
jquery.smarticker.min.js
securityaffairs.com/wp-content/themes/rigel_old/js/
13 KB
4 KB
Script
General
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/js/jquery.smarticker.min.js?ver=1.4.1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
496761
etag
W/"56710b89-3225"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cZ5VY%2FZUCGURNnVDk6hV31ngHHw44yLqbKhRV%2FcTJB%2BxqVt6703jijthznc5kprzRHxEbN%2B9KjSQeqm3q7Kuy9M4zDl5JkAjU%2FRXfBZTLJT5ih7I2soE6DFreaz1YsjqIcZtBIDVCFscDFe5x9mIomqB"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
7e7ef6282fee9250-FRA
alt-svc
h3=":443"; ma=86400
expires
Tue, 18 Jul 2023 08:13:21 GMT
custom.js
securityaffairs.com/wp-content/themes/rigel_old/js/
10 KB
3 KB
Script
General
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/js/custom.js?ver=1.4.1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d6f712bb063293806236d362715f5f3f134ddeb3da95e66f7f7d5f1311975296

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
499638
cf-polished
origSize=12756
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 16 Dec 2015 06:58:16 GMT
server
cloudflare
etag
W/"56710b88-31d4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=whv8az1BrN4L0MRTB0j6jY16L5EnHQrge5UBWOYRVIBvWfbYMFm6%2Bs0EudX9axljblSDktE0dg3pzABAMXfcX%2FHBsYiDx5qF3xZJYt844yH2GCEyMgQZWo%2FIWCESs3ik8N2e4JQpqh83bImv1Y4fP%2Bq7"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
7e7ef6283ffd9250-FRA
expires
Tue, 18 Jul 2023 07:25:24 GMT
e-202329.js
stats.wp.com/
7 KB
3 KB
Script
General
Full URL
https://stats.wp.com/e-202329.js
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-minify-cache
hit
x-nc
HIT ams
date
Mon, 17 Jul 2023 02:12:43 GMT
content-encoding
br
server
nginx
x-minify
t
etag
W/13576-1684464982353.1523
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
expires
Mon, 15 Jul 2024 03:27:35 GMT
sharing.js
securityaffairs.com/wp-content/plugins/jetpack/modules/sharedaddy/
12 KB
4 KB
Script
General
Full URL
https://securityaffairs.com/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=12.3
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c11433c4dc7cf18972c22ca0f2cf78493b92aaf89bab4dab47c6c9b6c551d50

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:42 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
358728
cf-polished
origSize=18206
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 05 Jul 2023 22:27:23 GMT
server
cloudflare
etag
W/"64a5ee4b-471e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HnF46EeKqly2T%2Ff2T7Xt3RPFcyJsa1EelT0ibt5UGRTFhJNDJeuP19omzeuYS9sJi4pmQUluE%2BW9WLJnP0OEBCRyCALTXoyk20X0kYCaZmaAUOpD5EsMo8TcJUN%2FqakWK136bRVOD6imoFOzzQw4JWoO"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
7e7ef62858069250-FRA
expires
Wed, 19 Jul 2023 22:33:54 GMT
twemoji.js
securityaffairs.com/wp-includes/js/
17 KB
5 KB
Script
General
Full URL
https://securityaffairs.com/wp-includes/js/twemoji.js?ver=e5229016af3a6f31e914059643d9f09a
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a8c0bd86eee0230682ed29c5e30936b6b14ab02e1586692840ef8ea4de9dda6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:43 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
143292
cf-polished
origSize=33089
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 29 Mar 2023 22:54:43 GMT
server
cloudflare
etag
W/"6424c1b3-8141"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GAYKdD%2BTuLyL7t6BibAQ1iJ6%2FNGHpVdfA%2BLrWHzNG4lNM801cS8wwqaTjjE2hC6AsyZKgpShIo%2F2qEa8QQ51P7xr%2FrvbqPLj1EpyGnRbP5QrLvho5w%2BLhxfjs5fJbjL5YHhLq30KAP93fhqI7ZYgfcAK"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
7e7ef628e8439250-FRA
expires
Sat, 22 Jul 2023 10:24:31 GMT
wp-emoji.js
securityaffairs.com/wp-includes/js/
4 KB
2 KB
Script
General
Full URL
https://securityaffairs.com/wp-includes/js/wp-emoji.js?ver=e5229016af3a6f31e914059643d9f09a
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1528c535d339849cea1f4b18416229bd962819949c62574dcd184cdfa6d056b2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:43 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
143292
cf-polished
origSize=8969
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 29 Mar 2023 22:54:43 GMT
server
cloudflare
etag
W/"6424c1b3-2309"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EG4QYAwF2TY%2BddDcTeElBpcRspj2%2F4i%2BHZj6gqy7wGeivnFz%2F0wUYU31Dc8521SITt4d3fsGKKu6GLEM1aPfb3CNAMgHw%2FS9ZBAzPLv7f28amamIMCgfqzOsJVIK1ij0ur2KBY3izxnnCWJS28NWDDgF"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
7e7ef628e8449250-FRA
expires
Sat, 22 Jul 2023 10:24:31 GMT
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307110102/
356 KB
122 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307110102/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4918072057181794&plah=securityaffairs.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4918072057181794
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b4cfc8b03a9faff583de49b7dc2d214ff9b80f14feabc248c24f42af3ee55b56
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:43 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
125350
x-xss-protection
0
server
cafe
etag
98393788826666365
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Mon, 17 Jul 2023 02:12:43 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20230711/r20190131/ Frame 5FC7
10 KB
5 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20230711/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4918072057181794
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
50910
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4544
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 16 Jul 2023 12:04:12 GMT
etag
12368291122986407432
expires
Sun, 30 Jul 2023 12:04:12 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
63aa5463b92caa0012f81022.js
buttons-config.sharethis.com/js/
438 B
884 B
Script
General
Full URL
https://buttons-config.sharethis.com/js/63aa5463b92caa0012f81022.js
Requested by
Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js?ver=8.4.6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26da:8400:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
db4312bece8d50799c3e99a316a58218a527df0f25b93c3e075e04712e20cacf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:43 GMT
via
1.1 ed0321bab00e6823808eaacb7b137e08.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
MUC50-P4
age
22
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
438
last-modified
Wed, 28 Dec 2022 04:37:49 GMT
server
AmazonS3
etag
"d0446970cab2a3b08a2f4f8bdf2fbef7"
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=60
accept-ranges
bytes
x-amz-cf-id
4o3VeeXQgqeVjloBFryR3fCRK6edMXuBB0XjfQAF4bUo0unGck1DkA==
gtm.js
www.googletagmanager.com/
112 KB
44 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PLPJ653
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
7f8a7f45e92034dfd8d4fe05d5c4e0927d578d01f9e8e6b3642e35c91f727172
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:43 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
44163
x-xss-protection
0
last-modified
Mon, 17 Jul 2023 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 17 Jul 2023 02:12:43 GMT
pview
l.sharethis.com/
0
406 B
XHR
General
Full URL
https://l.sharethis.com/pview?event=pview&hostname=securityaffairs.com&location=%2F148488%2Fapt%2Fgamaredon-ttps.html&product=gdpr-compliance-tool-v2&url=https%3A%2F%2Fsecurityaffairs.com%2F148488%2Fapt%2Fgamaredon-ttps.html&source=simple-share-buttons-adder-wordpress&fcmp=false&fcmpv2=false&has_segmentio=false&title=Russia-linked%20APT%20Gamaredon%20starts%20stealing%20data%20from%20victims%20between%2030%20and%2050%20minutes%20after%20the%20initial%20compromiseSecurity%20Affairs&cms=unknown&publisher=63aa5463b92caa0012f81022&sop=true&version=st_sop.js&lang=en&description=Ukraine%E2%80%99s%20Computer%20Emergency%20Response%20Team%20(CERT-UA)%20states%20that%20Russia-linked%20APT%20Gamaredon%20starts%20stealing%20data%2030%20minutes%20after%20the%20initial%20compromise.%20Ukraine%E2%80%99s%20Computer%20Emergency%20Response%20Team%20(CERT-UA)%20is%20warning%20that%20the%20Russia-linked%20APT%20group%20Gamaredon%20(aka%C2%A0Shuckworm%2C%C2%A0Actinium%2C%C2%A0Armageddon%2C%C2%A0Primitive%20Bear%2C%C2%A0UAC-0010%2C%20and%C2%A0Trident%20Ursa)%20use%20to%20steal%20data%20from%20victims%E2%80%99%20networks%20in%20less%20than%20an%20hour%20after%20the%20initial%20compromise.%20Gamaredon%C2%A0has%20%5B%E2%80%A6%5D&ua=&ua_mobile=false&ua_full_version_list=
Requested by
Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js?ver=8.4.6
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.194.192.159 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-194-192-159.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Mon, 17 Jul 2023 02:12:43 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains;
Access-Control-Max-Age
1728000
Access-Control-Allow-Origin
https://securityaffairs.com
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
*
S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v24/
23 KB
23 KB
Font
General
Full URL
https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=e5229016af3a6f31e914059643d9f09a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://securityaffairs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 15 Jul 2023 00:06:44 GMT
x-content-type-options
nosniff
age
180359
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23580
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:17:22 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 14 Jul 2024 00:06:44 GMT
TK3IWkUHHAIjg75cFRf3bXL8LICs1_Fv40pKlN4NNSeSASz7FmlWHYg.woff2
fonts.gstatic.com/s/oswald/v49/
17 KB
18 KB
Font
General
Full URL
https://fonts.gstatic.com/s/oswald/v49/TK3IWkUHHAIjg75cFRf3bXL8LICs1_Fv40pKlN4NNSeSASz7FmlWHYg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=e5229016af3a6f31e914059643d9f09a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d8543b5dcaea1fc4a0301dc12b5b2adc9079e0794dd6a45879588fb844f3438e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://securityaffairs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 15 Jul 2023 20:19:04 GMT
x-content-type-options
nosniff
age
107619
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17908
x-xss-protection
0
last-modified
Mon, 18 Jul 2022 19:23:34 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 14 Jul 2024 20:19:04 GMT
fontawesome-webfont.woff
securityaffairs.com/wp-content/themes/rigel_old/fonts/
43 KB
44 KB
Font
General
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849

Request headers

Referer
https://securityaffairs.com/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Origin
https://securityaffairs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:43 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 16 Dec 2015 06:58:09 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
17452332
etag
W/"56710b81-ad90"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9YvL7tUvcExoQbZZdtqA4XGewmy4fxjVnpJHTt6TcKK%2FZuSJRiA2oapNPQZ7h24kscMUaXz%2B7MAtgrhgvIjKe%2BT9ob3nSlK6Twbt%2BJdozc5YukI82O3hYSHwKUBEIn4xOCIUp5kNP7mRV5uTQjSqQfOd"}],"group":"cf-nel","max_age":604800}
content-type
application/font-woff
cache-control
public, max-age=315360000
cf-ray
7e7ef62908529250-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2
fonts.gstatic.com/s/playfairdisplay/v30/
35 KB
35 KB
Font
General
Full URL
https://fonts.gstatic.com/s/playfairdisplay/v30/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=e5229016af3a6f31e914059643d9f09a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
22b6cdc450204c1cb32b31e679d812fea1c17ac506a7b78daeb12bd0ab25fde8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://securityaffairs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sun, 16 Jul 2023 00:54:28 GMT
x-content-type-options
nosniff
age
91095
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35764
x-xss-protection
0
last-modified
Mon, 18 Jul 2022 19:06:36 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 15 Jul 2024 00:54:28 GMT
S6u8w4BMUTPHjxsAXC-q.woff2
fonts.gstatic.com/s/lato/v24/
24 KB
24 KB
Font
General
Full URL
https://fonts.gstatic.com/s/lato/v24/S6u8w4BMUTPHjxsAXC-q.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=e5229016af3a6f31e914059643d9f09a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bca1d88ada544d9c80872d4da27133fab6d347361fa26e932b47ec9559088fd0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://securityaffairs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 13 Jul 2023 14:05:31 GMT
x-content-type-options
nosniff
age
302832
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24408
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:14:26 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 12 Jul 2024 14:05:31 GMT
S6u_w4BMUTPHjxsI5wq_Gwft.woff2
fonts.gstatic.com/s/lato/v24/
24 KB
24 KB
Font
General
Full URL
https://fonts.gstatic.com/s/lato/v24/S6u_w4BMUTPHjxsI5wq_Gwft.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=e5229016af3a6f31e914059643d9f09a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6c84348296ebe2e2a0830c3962eb02156419d9bc76371c2eadaf7329d827d550
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://securityaffairs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 15 Jul 2023 00:55:10 GMT
x-content-type-options
nosniff
age
177453
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24448
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:30:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 14 Jul 2024 00:55:10 GMT
S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v24/
23 KB
23 KB
Font
General
Full URL
https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=e5229016af3a6f31e914059643d9f09a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://securityaffairs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 15 Jul 2023 11:05:17 GMT
x-content-type-options
nosniff
age
140846
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23040
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:07:25 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 14 Jul 2024 11:05:17 GMT
truncated
/
7 KB
7 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8b672850aad14669fbcf95e2b49e71dab446a29fd5857934c074b84173cb89b0

Request headers

Referer
Origin
https://securityaffairs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type
application/octet-stream
f00db26378ef7df7c440a8ee60ead62b
secure.gravatar.com/avatar/
1 KB
1 KB
Image
General
Full URL
https://secure.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Mon, 17 Jul 2023 02:12:43 GMT
last-modified
Wed, 11 Jan 1984 08:00:00 GMT
server
nginx
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
content-disposition
inline; filename="f00db26378ef7df7c440a8ee60ead62b.png"
accept-ranges
bytes
link
<https://www.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g>; rel="canonical"
content-length
1186
expires
Mon, 17 Jul 2023 02:17:43 GMT
Digging-The-Deep-Web.png
i0.wp.com/securityaffairs.com/wp-content/uploads/2018/03/
30 KB
30 KB
Image
General
Full URL
https://i0.wp.com/securityaffairs.com/wp-content/uploads/2018/03/Digging-The-Deep-Web.png?resize=236%2C300&ssl=1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
e2a3522e6e082fa56d0eb9bf893a6bddc957911a05ff9a35a1c5e6982abe583e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nc
HIT ams 5
date
Mon, 17 Jul 2023 02:12:43 GMT
x-content-type-options
nosniff
last-modified
Tue, 27 Dec 2022 01:11:29 GMT
server
nginx
etag
"d7d085e9626a91ca"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.com/wp-content/uploads/2018/03/Digging-The-Deep-Web.png>; rel="canonical"
content-length
30524
expires
Thu, 26 Dec 2024 13:11:29 GMT
logo-center-for-cybersecurity.jpg
i0.wp.com/securityaffairs.com/wp-content/uploads/2020/10/
7 KB
7 KB
Image
General
Full URL
https://i0.wp.com/securityaffairs.com/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg?resize=290%2C300&ssl=1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
12e29fa8c4f9d7702cdea6663458a4084007fe4521117610c456c54e6644e07c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nc
HIT ams 8
date
Mon, 17 Jul 2023 02:12:43 GMT
x-content-type-options
nosniff
last-modified
Tue, 27 Dec 2022 01:11:29 GMT
server
nginx
etag
"1b2f6a2d233ae477"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.com/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg>; rel="canonical"
content-length
7234
expires
Thu, 26 Dec 2024 13:11:29 GMT
newsletter.png
i0.wp.com/securityaffairs.com/wp-content/uploads/2015/03/
19 KB
19 KB
Image
General
Full URL
https://i0.wp.com/securityaffairs.com/wp-content/uploads/2015/03/newsletter.png?resize=300%2C207&ssl=1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
167bdead3314274ec6816ae851d767dd0ca9d1f9a2858b8ed0f1820657096097
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nc
HIT ams 1
date
Mon, 17 Jul 2023 02:12:43 GMT
x-content-type-options
nosniff
last-modified
Tue, 27 Dec 2022 01:11:29 GMT
server
nginx
etag
"a2818519aa04bc5c"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.com/wp-content/uploads/2015/03/newsletter.png>; rel="canonical"
content-length
18968
expires
Thu, 26 Dec 2024 13:11:29 GMT
EU-Blog-e.jpg
i0.wp.com/securityaffairs.com/wp-content/uploads/2022/06/
13 KB
13 KB
Image
General
Full URL
https://i0.wp.com/securityaffairs.com/wp-content/uploads/2022/06/EU-Blog-e.jpg?resize=300%2C251&ssl=1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
ceb6d0c8321627007c1ca8f7de8f5fafc5a7140cceabe7d8adce562fc4885de7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-nc
HIT ams 2
date
Mon, 17 Jul 2023 02:12:43 GMT
x-content-type-options
nosniff
last-modified
Tue, 27 Dec 2022 01:11:29 GMT
server
nginx
etag
"9aeac3c1faf0be1c"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.com/wp-content/uploads/2022/06/EU-Blog-e.jpg>; rel="canonical"
content-length
13098
expires
Thu, 26 Dec 2024 13:11:29 GMT
g.gif
pixel.wp.com/
50 B
93 B
Image
General
Full URL
https://pixel.wp.com/g.gif?v=ext&blog=29506073&post=148488&tz=0&srv=securityaffairs.com&j=1%3A12.3&host=securityaffairs.com&ref=&fcp=0&rand=0.1240082091436614
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 17 Jul 2023 02:12:43 GMT
cache-control
no-cache
server
nginx
content-length
50
content-type
image/gif
cookie.js
partner.googleadservices.com/gampad/
405 B
610 B
Script
General
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.com&callback=_gfp_s_&client=ca-pub-4918072057181794
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307110102/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4918072057181794&plah=securityaffairs.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7b75c3ffd3a5df4ffc15d745898f19c923dd7eb426c23ea5e652cd29341ede7e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
258
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
456 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307110102/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4918072057181794&plah=securityaffairs.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&id=cookie-law-info-bar&ign=false&pw=1600&ph=1200&x=0&y=1130.4
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 17 Jul 2023 02:12:43 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 2F5B
603 B
218 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&adk=1812271804&adf=3025194257&lmt=1689559963&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=308x675_l%7C308x945_r&format=0x0&url=https%3A%2F%2Fsecurityaffairs.com%2F148488%2Fapt%2Fgamaredon-ttps.html&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689559962681&bpp=341&bdt=107&idt=531&shv=r20230711&mjsv=m202307110102&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6390055356349&frm=20&pv=2&ga_vid=228210716.1689559963&ga_sid=1689559963&ga_hid=1135508768&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44788442%2C44796632%2C44789815&oid=2&pvsid=3505001797999251&tmod=1723430703&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=554
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307110102/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4918072057181794&plah=securityaffairs.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
46
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 17 Jul 2023 02:12:43 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
js
www.googletagmanager.com/gtag/
226 KB
79 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-P62M3QN974&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PLPJ653
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
05f28f12bcfcb318e3548d9d253ff07668c630f2a6b0c3ca4fd82e72718664e5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:43 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
81176
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 17 Jul 2023 02:12:43 GMT
collect
region1.analytics.google.com/g/
0
256 B
Ping
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-NPN4VEKBTY&gtm=45je37c0&_p=1135508768&_gaz=1&cid=228210716.1689559963&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1689559963&sct=1&seg=0&dl=https%3A%2F%2Fsecurityaffairs.com%2F148488%2Fapt%2Fgamaredon-ttps.html&dt=Russia-linked%20APT%20Gamaredon%20starts%20stealing%20data%20from%20victims%20between%2030%20and%2050%20minutes%20after%20the%20initial%20compromiseSecurity%20Affairs&en=page_view&_fv=1&_ss=1&_ee=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-NPN4VEKBTY
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 17 Jul 2023 02:12:43 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://securityaffairs.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
247 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-NPN4VEKBTY&cid=228210716.1689559963&gtm=45je37c0&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-NPN4VEKBTY
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 17 Jul 2023 02:12:43 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://securityaffairs.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
408 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-NPN4VEKBTY&cid=228210716.1689559963&gtm=45je37c0&aip=1&z=1922882222
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/148488/apt/gamaredon-ttps.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 17 Jul 2023 02:12:43 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
221a5a398da89ace8729d1cd3c481ec7.json
services.vlitag.com/cli/
42 B
366 B
XHR
General
Full URL
https://services.vlitag.com/cli/221a5a398da89ace8729d1cd3c481ec7.json?hn=https://securityaffairs.com
Requested by
Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=221a5a398da89ace8729d1cd3c481ec7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::6816:3bc7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3f6fabd4cb6ac2294b04676d1523ea68de445c527df4a26c55a94e1d215bdeea

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 17 Jul 2023 02:12:43 GMT
cf-cache-status
BYPASS
server
cloudflare
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.com
cache-control
private, no-cache, no-store, must-revalidate
accept-ranges
bytes
x-robots-tag
noindex, nofollow, noarchive, nosnippet
cf-ray
7e7ef62a9fa69b76-FRA
content-length
42
alt-svc
h3=":443"; ma=86400
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.google-analytics.com/g/
0
54 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-P62M3QN974&gtm=45je37c0&_p=1135508768&cid=228210716.1689559963&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1689559963&sct=1&seg=0&dl=https%3A%2F%2Fsecurityaffairs.com%2F148488%2Fapt%2Fgamaredon-ttps.html&dt=Russia-linked%20APT%20Gamaredon%20starts%20stealing%20data%20from%20victims%20between%2030%20and%2050%20minutes%20after%20the%20initial%20compromiseSecurity%20Affairs&en=page_view&_fv=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-P62M3QN974&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 17 Jul 2023 02:12:43 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://securityaffairs.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/
15 KB
12 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230711&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307110102/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4918072057181794&plah=securityaffairs.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
758d888fb5a4f5e09df32d98189557b83d0868325b3417aedeabc965177eaff0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:43 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11820
x-xss-protection
0
vl.json
services.vlitag.com/vld/1689232931/
13 B
281 B
XHR
General
Full URL
https://services.vlitag.com/vld/1689232931/vl.json?page_url=https%3A%2F%2Fsecurityaffairs.com%2F148488%2Fapt%2Fgamaredon-ttps.html
Requested by
Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=221a5a398da89ace8729d1cd3c481ec7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::6816:3bc7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
76aacba4eece592e3a3281e69a5762c6f10b527a29fbba5eae5ac091f47ae554

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:43 GMT
cf-cache-status
HIT
last-modified
Sat, 15 Jul 2023 19:12:41 GMT
server
cloudflare
age
108731
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.com
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
x-robots-tag
noindex, nofollow, noarchive, nosnippet
cf-ray
7e7ef62b88279b76-FRA
content-length
13
alt-svc
h3=":443"; ma=86400
221a5a398da89ace8729d1cd3c481ec7.json
services.vlitag.com/obj/1689232931/
30 KB
4 KB
XHR
General
Full URL
https://services.vlitag.com/obj/1689232931/221a5a398da89ace8729d1cd3c481ec7.json?cc=DE&hn=https://securityaffairs.com
Requested by
Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=221a5a398da89ace8729d1cd3c481ec7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::6816:3bc7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
42b83b81388752bb52a7acd0ca073b07ff7fa7a1efa7d3328d63bd56ea5a4b2f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:43 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 13 Jul 2023 07:23:48 GMT
server
cloudflare
age
325955
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.com
cache-control
public, immutable, max-age=31536000
x-robots-tag
noindex, nofollow, noarchive, nosnippet
cf-ray
7e7ef62b88289b76-FRA
alt-svc
h3=":443"; ma=86400
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307110102/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4918072057181794&plah=securityaffairs.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 17 Jul 2023 02:12:43 GMT
cmp-v2.0.1.js
assets.vlitag.com/plugins/cmptcf2/
267 KB
72 KB
Script
General
Full URL
https://assets.vlitag.com/plugins/cmptcf2/cmp-v2.0.1.js
Requested by
Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=221a5a398da89ace8729d1cd3c481ec7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3bc7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
645c745c972fa286538b481ff3da9a58bf2a8b2fba6b8a195853f6d221a4775e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:43 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
1120816
cf-polished
origSize=489839
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
cf-bgj
minify
last-modified
Tue, 29 Dec 2020 02:18:12 GMT
server
cloudflare
etag
W/"5fea91e4-7796f"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=16070400
x-robots-tag
noindex, nofollow
cf-ray
7e7ef62bd88968f2-FRA
expires
Tue, 04 Jul 2023 03:21:01 GMT
prebid-7.48.0.js
assets.vlitag.com/prebid/default/
561 KB
172 KB
Script
General
Full URL
https://assets.vlitag.com/prebid/default/prebid-7.48.0.js
Requested by
Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=221a5a398da89ace8729d1cd3c481ec7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3bc7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
95dbbacaaa6b78654b2b74da75fa16e9986ff82fe674aea184b07e643295c871
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:43 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
671743
cf-polished
origSize=575587
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
cf-bgj
minify
last-modified
Mon, 08 May 2023 07:36:47 GMT
server
cloudflare
etag
W/"6458a68f-8c863"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=16070400
x-robots-tag
noindex, nofollow
cf-ray
7e7ef62bd88a68f2-FRA
expires
Thu, 08 Jun 2023 08:06:53 GMT
gpt.js
www.googletagservices.com/tag/js/
81 KB
28 KB
Script
General
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=221a5a398da89ace8729d1cd3c481ec7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1e8dcde3bd205011734fe01fe386d2c7de04e391ac7a3d90cad5140fee35130b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:43 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
27805
x-xss-protection
0
server
cafe
etag
387 / 19555 / 31076034 / config-hash: 3977741291496309648
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Mon, 17 Jul 2023 02:12:43 GMT
ima3.js
imasdk.googleapis.com/js/sdkloader/
345 KB
119 KB
Script
General
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=221a5a398da89ace8729d1cd3c481ec7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ab8a3637b0bea5bf31a60ecf6a82f92ee5e06f3eeb89282350962337f91c3009
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
121727
x-xss-protection
0
expires
Mon, 17 Jul 2023 02:12:43 GMT
sf_host.min.js
assets.vlitag.com/plugins/safeframe/src/js/
38 KB
17 KB
Script
General
Full URL
https://assets.vlitag.com/plugins/safeframe/src/js/sf_host.min.js
Requested by
Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=221a5a398da89ace8729d1cd3c481ec7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3bc7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1916cf4455a526aadafd82710bf7304154905dcdf69dd9e0b516a63cc82e27e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:43 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
1120901
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 01 Nov 2019 05:04:50 GMT
server
cloudflare
etag
W/"5dbbbcf2-9806"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=16070400
x-robots-tag
noindex, nofollow
cf-ray
7e7ef62bd88b68f2-FRA
expires
Tue, 04 Jul 2023 03:20:59 GMT
cmp-list.json
test.quantcast.mgr.consensu.org/GVL-v2/
10 KB
3 KB
XHR
General
Full URL
https://test.quantcast.mgr.consensu.org/GVL-v2/cmp-list.json
Requested by
Host: assets.vlitag.com
URL: https://assets.vlitag.com/plugins/cmptcf2/cmp-v2.0.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:600:3:a4cd:8380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
591effbd3500c19e856eed429dccb39e7a42b77b214cf8eaabb657821406604e

Request headers

Accept
application/json, text/plain, */*
Referer
https://securityaffairs.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sun, 16 Jul 2023 03:00:41 GMT
x-amz-version-id
IG36Y9nZkMAq0uDyI6_EbCtqVaht4e_n
content-encoding
br
via
1.1 dde951f556570d42a581084479d8b0e8.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P4
age
83523
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Thu, 13 Jul 2023 19:52:29 GMT
server
AmazonS3
etag
W/"ad9ea659adb4323526e3614837d845a7"
access-control-max-age
86400
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=172800
vary
Accept-Encoding
x-amz-cf-id
tSdt9LbfMoM8vPOesbGAy-s2okaqtAXUhTxHqvd-t-9cBZlrYkl9XQ==
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame E3F1
13 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
15012
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sun, 16 Jul 2023 22:02:31 GMT
expires
Mon, 15 Jul 2024 22:02:31 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 9DD5
783 B
1 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
da7aacb5d8e3f49c809950bef8b2ec2aa50600367c8d2120e152a13f8f559478
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-lZGKNnUJiuk2z433iOL3bA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securityaffairs.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-length
514
content-security-policy
script-src 'report-sample' 'nonce-lZGKNnUJiuk2z433iOL3bA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 17 Jul 2023 02:12:43 GMT
expires
Mon, 17 Jul 2023 02:12:43 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307100101/
391 KB
125 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307100101/pubads_impl.js?cb=31076034
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6191ac7651d440b704eac8b29a7d30a0d47d7ada32012fdec33c35e6e4f7a2d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sun, 16 Jul 2023 21:13:33 GMT
content-encoding
br
x-content-type-options
nosniff
age
17950
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
127471
x-xss-protection
0
server
cafe
etag
16392902606907886609
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Mon, 15 Jul 2024 21:13:33 GMT
latest.json
cdn.jsdelivr.net/gh/prebid/currency-file@1/
2 KB
1 KB
XHR
General
Full URL
https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20230717
Requested by
Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-7.48.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
df9f8bce75c6828a73a7b075d3eb5832e1f5027439ea0bee1a02c5974f96177d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://securityaffairs.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type
text/plain

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Mon, 17 Jul 2023 02:12:43 GMT
x-content-type-options
nosniff
content-encoding
br
age
36716
x-jsd-version
1.0.1753
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
947
x-served-by
cache-fra-eddf8230052-FRA
x-jsd-version-type
version
etag
W/"63f-SVU7uIku+ztki4OpWmQrR04FGGE"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
1679645040.png
assets.vlitag.com/widget/2023/03/24/
98 KB
99 KB
Image
General
Full URL
https://assets.vlitag.com/widget/2023/03/24/1679645040.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3bc7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c43f2cfd502f8404bf58060207dfd8294ad0c7f1bc08e69db75713552f915795
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:43 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
1120840
cf-polished
origFmt=png, origSize=323185
content-disposition
inline; filename="1679645040.webp"
alt-svc
h3=":443"; ma=86400
content-length
100856
x-xss-protection
1; mode=block
cf-bgj
imgq:85,h2pri
last-modified
Fri, 24 Mar 2023 08:04:00 GMT
server
cloudflare
etag
"641d5970-4ee71"
vary
Accept
content-type
image/webp
cache-control
max-age=16070400
accept-ranges
bytes
x-robots-tag
noindex, nofollow
cf-ray
7e7ef62cf93368f2-FRA
expires
Tue, 30 May 2023 21:31:32 GMT
vendor-list.json
quantcast.mgr.consensu.org/GVL-v2/
417 KB
50 KB
XHR
General
Full URL
https://quantcast.mgr.consensu.org/GVL-v2/vendor-list.json
Requested by
Host: assets.vlitag.com
URL: https://assets.vlitag.com/plugins/cmptcf2/cmp-v2.0.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225b:1800:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
201a4b6fa8909d8db0e929b1ff0d10adf169fd684e9f4f0b902b5a2fefbe10d4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sun, 16 Jul 2023 03:00:42 GMT
content-encoding
br
via
1.1 777f1d1b9036eab1bd4b9cdaea74f798.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
age
83522
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
last-modified
Wed, 28 Jun 2023 15:58:34 GMT
server
AmazonS3
etag
W/"e092bb8c1dd2a678752e44a3fc689aae"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=86400
access-control-allow-credentials
true
vary
Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id
f0gwjJhyIb2SK6Mo7tbGGTychfdh67b4tkVpEazgx-1NxDofGP0gpA==
videoplayback
r4---sn-4g5lznes.googlevideo.com/
Redirect Chain
  • https://media.vlitag.com/vid/?id=6Fk_i-JDmbY&t=y
  • https://redirector.googlevideo.com/videoplayback?expire=1689569582&ei=znS0ZJuuDLWAsfIP3NqOwAs&ip=184.164.141.146&id=o-AM0xFAYfMduxAdwffYfbwRhydOguNPelRbrKyq4xyApb&itag=136&aitags=134%2C136%2C160%2C...
  • https://r4---sn-4g5lznes.googlevideo.com/videoplayback?expire=1689569582&ei=znS0ZJuuDLWAsfIP3NqOwAs&ip=184.164.141.146&id=o-AM0xFAYfMduxAdwffYfbwRhydOguNPelRbrKyq4xyApb&itag=136&aitags=134%2C136%2C...
162 KB
0
Media
General
Full URL
https://r4---sn-4g5lznes.googlevideo.com/videoplayback?expire=1689569582&ei=znS0ZJuuDLWAsfIP3NqOwAs&ip=184.164.141.146&id=o-AM0xFAYfMduxAdwffYfbwRhydOguNPelRbrKyq4xyApb&itag=136&aitags=134%2C136%2C160%2C243&source=youtube&requiressl=yes&spc=Ul2Sq6ZPyYbekzYn2R5oULqrA3SCVftx5RlUPwQt3Q&vprv=1&svpuc=1&mime=video%2Fmp4&ns=75ruwmyYxcmsRqONwcdxjdwO&gir=yes&clen=33307029&dur=200.909&lmt=1685781129302686&keepalive=yes&fexp=24007246%2C24363393&beids=24350018&c=WEB&txp=6216224&n=rIrDL51jRYeTcM5jTz&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRAIgCPrV7O6gmtunSdHOXB78d5ZSnwqKY8dCrC3srWgyOwYCID4IiwybzWNrUKl8N9tw9mihGoXBIIzojtniPDbTwlel&cms_redirect=yes&mh=d6&mip=2001:ac8:20:3d00:1012:5f54:1942:5e5d&mm=31&mn=sn-4g5lznes&ms=au&mt=1689559535&mv=m&mvi=4&pl=50&lsparams=mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAOUypqaj7yw2cKpYUoZsQBugH1-IrYvgGVzlDriptSELAiEAvcsyFp0ZaDg9IfuDTbzLLo3mSJo846Ytpf4k_gfdKeU%3D
Protocol
H3
Server
2a00:1450:4001:10::9 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gvs 1.0 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

client-protocol
quic
date
Mon, 17 Jul 2023 02:12:44 GMT
x-restrict-formats-hint
None
x-content-type-options
nosniff
last-modified
Sat, 03 Jun 2023 08:32:09 GMT
server
gvs 1.0
vary
Origin
content-type
video/mp4
Content-Range
bytes 0-33307028/33307029
cache-control
private, max-age=9318
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length
33307029
expires
Mon, 17 Jul 2023 02:12:44 GMT

Redirect headers

pragma
no-cache
date
Mon, 17 Jul 2023 02:12:44 GMT
x-content-type-options
nosniff
server
ClientMapServer
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
location
https://r4---sn-4g5lznes.googlevideo.com/videoplayback?expire=1689569582&ei=znS0ZJuuDLWAsfIP3NqOwAs&ip=184.164.141.146&id=o-AM0xFAYfMduxAdwffYfbwRhydOguNPelRbrKyq4xyApb&itag=136&aitags=134%2C136%2C160%2C243&source=youtube&requiressl=yes&spc=Ul2Sq6ZPyYbekzYn2R5oULqrA3SCVftx5RlUPwQt3Q&vprv=1&svpuc=1&mime=video%2Fmp4&ns=75ruwmyYxcmsRqONwcdxjdwO&gir=yes&clen=33307029&dur=200.909&lmt=1685781129302686&keepalive=yes&fexp=24007246%2C24363393&beids=24350018&c=WEB&txp=6216224&n=rIrDL51jRYeTcM5jTz&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRAIgCPrV7O6gmtunSdHOXB78d5ZSnwqKY8dCrC3srWgyOwYCID4IiwybzWNrUKl8N9tw9mihGoXBIIzojtniPDbTwlel&cms_redirect=yes&mh=d6&mip=2001:ac8:20:3d00:1012:5f54:1942:5e5d&mm=31&mn=sn-4g5lznes&ms=au&mt=1689559535&mv=m&mvi=4&pl=50&lsparams=mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAOUypqaj7yw2cKpYUoZsQBugH1-IrYvgGVzlDriptSELAiEAvcsyFp0ZaDg9IfuDTbzLLo3mSJo846Ytpf4k_gfdKeU%3D
cache-control
no-cache, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1325
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 9DD5
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230711&jk=3505001797999251&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

JuxDZWINa7otHwaisCqyMSq7iwQyCfHq_LhnNSU0b2U.js
pagead2.googlesyndication.com/bg/ Frame E3F1
37 KB
14 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/JuxDZWINa7otHwaisCqyMSq7iwQyCfHq_LhnNSU0b2U.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
26ec4365620d6bba2d1f06a2b02ab2312abb8b043209f1eafcb8673525346f65
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sun, 16 Jul 2023 21:59:12 GMT
content-encoding
br
x-content-type-options
nosniff
age
15211
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14572
x-xss-protection
0
last-modified
Mon, 26 Jun 2023 15:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 15 Jul 2024 21:59:12 GMT
cmp2ui-en.js
quantcast.mgr.consensu.org/tcfv2/23/
469 KB
134 KB
Script
General
Full URL
https://quantcast.mgr.consensu.org/tcfv2/23/cmp2ui-en.js
Requested by
Host: assets.vlitag.com
URL: https://assets.vlitag.com/plugins/cmptcf2/cmp-v2.0.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225b:1800:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
587e2e7350886d6b5fd31e385638ffe5cf3331c82260e8fe76523f99cda27a42

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sun, 16 Jul 2023 01:15:40 GMT
content-encoding
gzip
via
1.1 32700c539a5f821aadd3624288c4aeb6.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
age
90021
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
cross-origin-resource-policy
cross-origin
last-modified
Fri, 18 Dec 2020 15:09:43 GMT
server
AmazonS3
etag
W/"b999c652510fc4edd897a1d667aaee33"
access-control-max-age
604800
access-control-allow-methods
GET
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=172800
vary
Accept-Encoding
x-amz-cf-id
9dIDlA4vmu5gDOBHcA-K3l7LtCARK6nLqCv2S0v_LeQcqr6stuEuJw==
generate_204
tpc.googlesyndication.com/ Frame E3F1
0
10 B
Image
General
Full URL
https://tpc.googlesyndication.com/generate_204?DS6NXA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 02:12:43 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
/
audit-tcfv2.quantcast.mgr.consensu.org/
2 B
101 B
XHR
General
Full URL
https://audit-tcfv2.quantcast.mgr.consensu.org/?log=%7B%22domain%22%3A%22securityaffairs.com%22%2C%22publisher%22%3A%22%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.23%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22%22%2C%22clientTimestamp%22%3A1689559963912%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-jfkojn5ll1uxw9tbe43h%22%7D
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2ui-en.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.57.34.26 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-57-34-26.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept
application/json, text/plain, */*
Referer
https://securityaffairs.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 17 Jul 2023 02:12:43 GMT
content-length
2
content-type
text/plain; charset=utf-8
sodar
pagead2.googlesyndication.com/pagead/
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230711&jk=3505001797999251&bg=!ubqluu7NAAb90kgr3dI7ADkAdvg8WiVWhm7qT56Crm-NwqRrtigzn6SfAq2YhswvbRjcd5uF7q1ovFf4NfvU5wIvCaGPW72MnRoCAAAAglIAAAARaAEHmQKrhhpVULcGXws73CuqfbE31iU6sJwE6eS2gnnydadopoUKEl4jqN-FelWK1K73tB-kYg3M9PFnIH--jilIamhfd1zoZ78HCIBSWEn8oNySiDHGs99ppLbWrvJUoeBm6-mOYI7bedMrBOTP6gxCeldCt3nHeDim-fAwdDMGlcUjkJnntjh_IH9BOfAAG-KtibsRa5nzTdmePH6a1uSvBGQWkbEvC9yK0ViHf_Jlq22mNlQLch_tTd1UGf007yjOepTqia4mxpucl5Sp8eMcbyIRIcEaiTXF8dwJoySxZs1pMvV5s8qMi2EJ8UimKPkfRPdGIdY76lR_o3TgUK99M1s41qxnXiGyZKh3WFWsYZBYz-KJbRCY2qye2RSwLC4yLuTxldyhEkJMDoe_6kBi0vND4NAyTZpEUUmgDy2CYPb-_UyW8dghzaJci45O0aikVSYrd46J_C6EvIRg5VHbk8PKA5YXTU_HAjwyQfT6h_CrNfniGKWQrpR1HDCJu8Uz7iIdZjLxodL268dJDNdcnQLsw0GOIiqKHc5aUQNL2xxn7DggLj8fatq3Dwgl9lKbeZ205lgKZUkONggEeBaySYupXvslvP62IvAghRmlwliwwk2OnHtFA0mASzU7V-PEwG-4Wum2a8cH2nZIdbi5cU1MSAgcSjGkeKwZgEy-oDAleH6e0w_W5MAbV35upt664uAgPNwq1E2AfeQItymizDhEILfzUd5KZgX1npRfKgPREoPpeU-9syq5ehwkKJ50N2fjsHMi-K1f8aNrxuq8Bw9GFyARdoi_1pv2uJz-Xu2ABLY0EXjheWxmcCChIhF64XNn79YOhpM1aIA1lGkbMf1HrYqaXVfRPLh-YqNxSVZCiqW_l41nI6jTh5cycczddVAjHM_iHK160btjmDQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

130 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 boolean| credentialless object| onbeforetoggle object| onscrollend object| _wpemojiSettings function| advanced_ads_ready object| advanced_ads_ready_queue object| google_js_reporting_queue number| google_srt object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac object| google_persistent_state_async boolean| google_measure_js_timing object| google_tag_data object| google_reactive_ads_global_state object| adsbygoogle object| google_sa_queue function| google_process_slots number| google_rum_task_id_counter string| google_user_agent_client_hint undefined| $ function| jQuery object| Cli_Data object| cli_cookiebar_settings object| log_object object| CLI_Cookie object| CLI object| cliBlocker string| CLI_ACCEPT_COOKIE_NAME string| CLI_PREFERNCE_COOKIE number| CLI_ACCEPT_COOKIE_EXPIRE boolean| CLI_COOKIEBAR_AS_POPUP object| st object| __stdos__ boolean| tpcCookiesEnableCheckingDone boolean| tpcCookiesEnabledStatus function| __sharethis__docReady object| __sharethis__ object| ua_fields object| dataLayer object| vitag function| google_spfd number| google_unique_id object| google_sv_map function| gtag object| WPCOM_sharing_counts object| Main object| BrowserDetect object| mejs function| onYouTubePlayerAPIReady function| onYouTubePlayerReady function| MediaElement function| MediaElementPlayer function| $j function| imagePreview object| _stq object| sharing_js_options object| WPCOMSharing undefined| windowOpen function| st_go function| linktracker_init object| wpcom object| wp object| twemoji string| currentText string| categoryCookie object| categoryCookieValue object| cli_chkbox_elm string| cli_chkbox_data_id string| cli_chkbox_data_id_trimmed object| google_tag_manager function| google_sa_impl boolean| _gfp_p_ object| google_image_requests function| processGoogleToken object| googleToken object| googleIMState number| google_global_correlator object| google_prev_clients object| gaGlobal object| ampInaboxIframes object| ampInaboxPendingMessages function| onYouTubeIframeAPIReady object| regeneratorRuntime object| _PBCFG string| tagApi object| viAPItag object| GoogleGcLKhOms function| getEidsByVLI function| __tcfapi function| __uspapi boolean| _isUserInEU boolean| _isUserInUS boolean| __VLICMP object| $sf function| __tcfapiui object| vlipbChunk object| vlipb object| _pbjsGlobals object| ADAGIO object| mnet string| nobidVersion object| nobid object| googletag object| _google_rum_ns_ function| Goog_AdSense_Lidar_sendVastEvent function| Goog_AdSense_Lidar_getViewability function| Goog_AdSense_Lidar_getUrlSignalsArray function| Goog_AdSense_Lidar_getUrlSignalsList object| google object| module$exports$google3$javascript$ads$interactivemedia$sdk$clientside$api$companion_ad_selection_settings object| module$exports$google3$javascript$ads$interactivemedia$sdk$clientside$api$ads_rendering_settings object| ima object| module$exports$google3$javascript$ads$interactivemedia$sdk$clientside$api$ad_error object| module$exports$google3$javascript$ads$interactivemedia$sdk$clientside$api$ad_error_event object| module$contents$ima$AdEvent_AdEvent object| module$contents$ima$AdsManagerLoadedEvent_AdsManagerLoadedEvent object| observeElementInViewport string| cnsntv2 object| scCGSHMRCache

9 Cookies

Domain/Path Name / Value
securityaffairs.com/ Name: cookielawinfo-checkbox-necessary
Value: yes
securityaffairs.com/ Name: cookielawinfo-checkbox-non-necessary
Value: yes
.securityaffairs.com/ Name: _ga_NPN4VEKBTY
Value: GS1.1.1689559963.1.0.1689559963.60.0.0
.securityaffairs.com/ Name: _ga
Value: GA1.1.228210716.1689559963
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.securityaffairs.com/ Name: __gads
Value: ID=55410712ac739024-22c87b70bfe20064:T=1689559963:RT=1689559963:S=ALNI_MYKJ8vFEopeWIuN5hGHmlnZyVAFug
.securityaffairs.com/ Name: __gpi
Value: UID=00000c3e8b00d1d6:T=1689559963:RT=1689559963:S=ALNI_MZ0fXcVtAm5-_5Z2yAG7457Tj5NlA
.securityaffairs.com/ Name: _ga_P62M3QN974
Value: GS1.1.1689559963.1.0.1689559963.0.0.0
securityaffairs.com/ Name: __ppIdCC
Value: aexuritywddwira_xon2108.55..0348.

1 Console Messages

Source Level URL
Text
network error URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&adk=1812271804&adf=3025194257&lmt=1689559963&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=308x675_l%7C308x945_r&format=0x0&url=https%3A%2F%2Fsecurityaffairs.com%2F148488%2Fapt%2Fgamaredon-ttps.html&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689559962681&bpp=341&bdt=107&idt=531&shv=r20230711&mjsv=m202307110102&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6390055356349&frm=20&pv=2&ga_vid=228210716.1689559963&ga_sid=1689559963&ga_hid=1135508768&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44788442%2C44796632%2C44789815&oid=2&pvsid=3505001797999251&tmod=1723430703&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=554
Message:
Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
assets.vlitag.com
audit-tcfv2.quantcast.mgr.consensu.org
buttons-config.sharethis.com
cdn.jsdelivr.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
i0.wp.com
imasdk.googleapis.com
l.sharethis.com
media.vlitag.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.wp.com
platform-api.sharethis.com
quantcast.mgr.consensu.org
r4---sn-4g5lznes.googlevideo.com
redirector.googlevideo.com
region1.analytics.google.com
region1.google-analytics.com
secure.gravatar.com
securepubads.g.doubleclick.net
securityaffairs.com
services.vlitag.com
stats.g.doubleclick.net
stats.wp.com
test.quantcast.mgr.consensu.org
tpc.googlesyndication.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
108.138.36.120
18.194.192.159
192.0.76.3
192.0.77.2
2001:4860:4802:32::36
2600:9000:225b:1800:9:46dc:4700:93a1
2600:9000:225e:600:3:a4cd:8380:93a1
2600:9000:26da:8400:c:abe:f440:93a1
2606:4700:10::6816:3bc7
2606:4700:3031::6815:90b
2a00:1450:4001:10::9
2a00:1450:4001:800::2002
2a00:1450:4001:803::2002
2a00:1450:4001:806::2008
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::200a
2a00:1450:4001:80f::200e
2a00:1450:4001:811::2002
2a00:1450:4001:827::2002
2a00:1450:4001:827::200a
2a00:1450:4001:828::2003
2a00:1450:4001:829::2002
2a00:1450:4001:829::2004
2a00:1450:4001:82b::2001
2a00:1450:400c:c0c::9c
2a04:4e42::485
2a04:fa87:fffe::c000:4902
52.57.34.26
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
0255909b7cb5511843e8e9d6414f99d023237cdb954705d68c4ff0d3cd752d6b
05f28f12bcfcb318e3548d9d253ff07668c630f2a6b0c3ca4fd82e72718664e5
0b55ed724fa2620754a5290ad2cc0e87cb3dfdb61d73e4022bbc73e76c26dcac
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849
1009b5a8852ca3fdbdacabac3778cf9dea8f91a58d36466a5fe20d0441ead1f7
1267fc6c8805b7f508e04bc8da776509420413adb25e197f12c9f9405c74ac6d
12e29fa8c4f9d7702cdea6663458a4084007fe4521117610c456c54e6644e07c
1528c535d339849cea1f4b18416229bd962819949c62574dcd184cdfa6d056b2
167bdead3314274ec6816ae851d767dd0ca9d1f9a2858b8ed0f1820657096097
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea
18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c
1916cf4455a526aadafd82710bf7304154905dcdf69dd9e0b516a63cc82e27e0
1e8dcde3bd205011734fe01fe386d2c7de04e391ac7a3d90cad5140fee35130b
201a4b6fa8909d8db0e929b1ff0d10adf169fd684e9f4f0b902b5a2fefbe10d4
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3
22b6cdc450204c1cb32b31e679d812fea1c17ac506a7b78daeb12bd0ab25fde8
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
26ec4365620d6bba2d1f06a2b02ab2312abb8b043209f1eafcb8673525346f65
27dd9b075cc59cf5f3c0f6ee075f4bd113782d81ce30a4f16aac669ecfdc4fa2
28275dbcd3747f460a53102bb9dad566db20349335371cef756c72f4ab155431
2ba7c2311986ffb857dac36c0269f59bd9eb78fbf7435f2a2ebe5ba3af6fb9b2
2d0ee8b9f5976ae2dc3eefb7aace301d8540ad3d5f01c88f5049b3b7257a1d2f
3570b0809823e912b040bb8d99048d5e85ceabf830ef064e306c0a1901a08e11
3f6fabd4cb6ac2294b04676d1523ea68de445c527df4a26c55a94e1d215bdeea
42b83b81388752bb52a7acd0ca073b07ff7fa7a1efa7d3328d63bd56ea5a4b2f
42cb01112af83c39f992eb89a612ef203c0ca1571d8dcfd58c206d5f467aa34a
4485dc3684588728bba3e5fbbe902c36ad1ec1b47480cc62c911a9403bafecc3
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6
4b70843e22af862c5be0e18ecbbacc94d85fcaadc2c0634d31ce57fc0c564ee0
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
57ff5351fcc1ae58a5e6248e8b8b8c06035fbbbe801abb81fdf166f479db9597
587e2e7350886d6b5fd31e385638ffe5cf3331c82260e8fe76523f99cda27a42
591effbd3500c19e856eed429dccb39e7a42b77b214cf8eaabb657821406604e
5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74
6191ac7651d440b704eac8b29a7d30a0d47d7ada32012fdec33c35e6e4f7a2d8
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
645c745c972fa286538b481ff3da9a58bf2a8b2fba6b8a195853f6d221a4775e
64ffd4b2224c9e2a0f2193cf1d37239572a67ce9d2bf3d97c58d6939139af61b
699e8cb3d0af7f12172315152a58cf8154526ddc2ee3d29ed8861218e9cf91a2
6c7931aed0cd2de6be37e8b4dd12204df6bd0fea2296ac126dac59d4c353fcd8
6c84348296ebe2e2a0830c3962eb02156419d9bc76371c2eadaf7329d827d550
73e52be898a7afbbfa119fdb5a95ca82c2b914da8d756404f7e5c7e0b6ff1928
751ae0b0e7b20fc45203c90e0c3391e1aa983f57327fb31d96dda46f7232ad45
758d888fb5a4f5e09df32d98189557b83d0868325b3417aedeabc965177eaff0
76aacba4eece592e3a3281e69a5762c6f10b527a29fbba5eae5ac091f47ae554
77a97368f8991ef6bcba68e58a58f0aa3aaa1e61b687bb5f2c7930d12800de13
7b75c3ffd3a5df4ffc15d745898f19c923dd7eb426c23ea5e652cd29341ede7e
7c11433c4dc7cf18972c22ca0f2cf78493b92aaf89bab4dab47c6c9b6c551d50
7c4baf058901663c6879894c0067cf923fa200cb95a0a4c25b1471a62c2a63c8
7f8a7f45e92034dfd8d4fe05d5c4e0927d578d01f9e8e6b3642e35c91f727172
853b33a271e870c8684b5d09bd3e350d77f4335bf2e92916a3b5c85d284edc13
8a8c0bd86eee0230682ed29c5e30936b6b14ab02e1586692840ef8ea4de9dda6
8b672850aad14669fbcf95e2b49e71dab446a29fd5857934c074b84173cb89b0
90b1f6082b0cf09c59ad2a5b87d3e0ab87eadf37c9b0b791318adfaae1a4b0d4
914c2c38bcf8be8ae0bb37e800573341c8134e54b5ced5303c1d3f172d7e6c96
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
95dbbacaaa6b78654b2b74da75fa16e9986ff82fe674aea184b07e643295c871
9701e3cc721b444361494b8586b90ce11a0a0fc7964c0220e2263dd836d0a254
a04aa9666a49a1c434d7e44268f399e0c1dc1b306a2cc6f3414551364c217b4d
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ea1f3c6951b71eb83050cd630f9c7c1c736b5b277d38a0e4465d80a5e53d4d
ab8a3637b0bea5bf31a60ecf6a82f92ee5e06f3eeb89282350962337f91c3009
aea3e803371a91fe12f21352eb8a44d15000a193bc2a8447f308fb10d9c3157d
aea607f39789d4cc03dd33d5518a1e53d419c379c618b7a19d6e3a06f4f14d56
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8
b1f4247657f994f6c9520c982ab95f953ee1c052706594d74f521cae670cf8be
b33e3ff7c01e9eb947faf1bd0dd31d3d210ff9fdf809f2db3938b5b865b9cc31
b4cfc8b03a9faff583de49b7dc2d214ff9b80f14feabc248c24f42af3ee55b56
b5643c5e548ec3aab5786c3845bce65a8ab30d48b62ba2586373ff84589ea13d
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
bca1d88ada544d9c80872d4da27133fab6d347361fa26e932b47ec9559088fd0
bea141b0e1c016faface442cf56dae318f97789bea95d633da28014d5233a934
c31c872bd1b263e86b8127059907e0c7e94c0985a85acd24d856f4d9aa294db9
c43f2cfd502f8404bf58060207dfd8294ad0c7f1bc08e69db75713552f915795
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
c9b6164ccc60fa98562a1d315d63a961a7ffa16183117a6a5f6d5bf3893283c0
ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258
ceb6d0c8321627007c1ca8f7de8f5fafc5a7140cceabe7d8adce562fc4885de7
cf4b55e0e13c1ca3bbef81fe134e670085f2e6dd651893f8162ce34eda11c653
d5133a1035cbf203be573cc6e15a2d4f8477b62568bea772b2192dc68c4980e5
d6f712bb063293806236d362715f5f3f134ddeb3da95e66f7f7d5f1311975296
d749579e51cf490ba27a6782bcfe07c52e44ffa8e3fbb4db7a4dded9d0d9ef29
d8543b5dcaea1fc4a0301dc12b5b2adc9079e0794dd6a45879588fb844f3438e
da7aacb5d8e3f49c809950bef8b2ec2aa50600367c8d2120e152a13f8f559478
db4312bece8d50799c3e99a316a58218a527df0f25b93c3e075e04712e20cacf
df9f8bce75c6828a73a7b075d3eb5832e1f5027439ea0bee1a02c5974f96177d
e2a3522e6e082fa56d0eb9bf893a6bddc957911a05ff9a35a1c5e6982abe583e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e63ce5b7ed21eed9e79e149fd15071f7d52af26b7b50b23af810cfe3b50f7a1a
edbfdb87e4528eb41e9b103e943b5f3289ec7f8a31738cb4022e5b0271e476cf
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1