seguranca-informatica.pt Open in urlscan Pro
2606:4700:3037::681b:bc6c Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/#.X...
Effective URL:
https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
Submission: On September 16 via api (September 16th 2020, 5:26:05 pm UTC) from US

Summary HTTP 215 Redirects Links 34 Behaviour Indicators

Summary

This website contacted 31 IPs in 4 countries across 28 domains to perform 215 HTTP transactions. The main IP is 2606:4700:3037::681b:bc6c, located in United States and belongs to CLOUDFLARENET, US. The main domain is seguranca-informatica.pt.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 9th 2020. Valid for: a year.

This is the only time seguranca-informatica.pt was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
65	2606:4700:303... 2606:4700:3037::681b:bc6c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:819::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
1	140.82.121.3 140.82.121.3	36459 (GITHUB) (GITHUB)
9	151.101.112.157 151.101.112.157	54113 (FASTLY) (FASTLY)
1 1	151.101.193.21 151.101.193.21	54113 (FASTLY) (FASTLY)
1	151.101.114.133 151.101.114.133	54113 (FASTLY) (FASTLY)
1	2606:4700:20:... 2606:4700:20::ac43:4a78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	23.210.248.44 23.210.248.44	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700::68... 2606:4700::6812:e134	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:803::200e	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
5	2a00:1450:400... 2a00:1450:4001:81c::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:817::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:81c::2002	15169 (GOOGLE) (GOOGLE)
1	185.199.110.154 185.199.110.154	54113 (FASTLY) (FASTLY)
4	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
3	199.232.196.134 199.232.196.134	54113 (FASTLY) (FASTLY)
1	23.210.250.213 23.210.250.213	16625 (AKAMAI-AS) (AKAMAI-AS)
12	192.0.77.48 192.0.77.48	2635 (AUTOMATTIC) (AUTOMATTIC)
6	2606:4700::68... 2606:4700::6812:a913	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	151.101.0.134 151.101.0.134	54113 (FASTLY) (FASTLY)
41	2606:2800:134... 2606:2800:134:1a0d:1429:742:782:b6	15133 (EDGECAST) (EDGECAST)
2	2a03:2880:f01... 2a03:2880:f01c:800e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
2	199.232.53.140 199.232.53.140	54113 (FASTLY) (FASTLY)
2	151.101.36.84 151.101.36.84	54113 (FASTLY) (FASTLY)
15	2606:2800:233... 2606:2800:233:8173:898f:63b3:95c3:79d2	15133 (EDGECAST) (EDGECAST)
2	2606:2800:233... 2606:2800:233:7ee2:97c:ab4c:6c70:be36	15133 (EDGECAST) (EDGECAST)
1	151.101.112.64 151.101.112.64	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:801::2001	15169 (GOOGLE) (GOOGLE)
1 1	104.244.42.72 104.244.42.72	13414 (TWITTER) (TWITTER)
215	31

65 2606:4700:3037::681b:bc6c (United States)

ASN13335 (CLOUDFLARENET, US)

seguranca-informatica.pt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
feed.seguranca-informatica.pt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:819::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 140.82.121.3 (United States)

ASN36459 (GITHUB, US)
PTR: lb-140-82-121-3-fra.github.com

gist.github.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 151.101.112.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.21 (United States) 1 redirects

ASN54113 (FASTLY, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.133 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:4a78 (United States)

ASN13335 (CLOUDFLARENET, US)

licensebuttons.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 23.210.248.44 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-44.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api-public.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
q.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:e134 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:81c::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:817::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

docs.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:81c::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.199.110.154 (United States)

ASN54113 (FASTLY, US)

github.githubassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 199.232.196.134 (United States)

ASN54113 (FASTLY, US)

seguranca-informatica.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.210.250.213 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-250-213.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 192.0.77.48 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: s.w.org

s.w.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6812:a913 (United States)

ASN13335 (CLOUDFLARENET, US)

c.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.0.134 (United States)

ASN54113 (FASTLY, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

41 2606:2800:134:1a0d:1429:742:782:b6 (United States)

ASN15133 (EDGECAST, US)

cdn.syndication.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pbs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:800e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK, US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.232.53.140 (United States)

ASN54113 (FASTLY, US)

www.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.36.84 (Amsterdam, Netherlands)

ASN54113 (FASTLY, US)

widgets.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2606:2800:233:8173:898f:63b3:95c3:79d2 (United States)

ASN15133 (EDGECAST, US)

abs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:233:7ee2:97c:ab4c:6c70:be36 (United States)

ASN15133 (EDGECAST, US)

ton.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.112.64 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

links.services.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.72 (United States) 1 redirects

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
65	seguranca-informatica.pt seguranca-informatica.pt feed.seguranca-informatica.pt	5 MB
58	twimg.com cdn.syndication.twimg.com pbs.twimg.com abs.twimg.com ton.twimg.com	458 KB
12	w.org s.w.org	11 KB
10	twitter.com 1 redirects platform.twitter.com syndication.twitter.com	110 KB
8	addthis.com s7.addthis.com m.addthis.com api-public.addthis.com q.addthis.com	198 KB
8	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	195 KB
7	gstatic.com fonts.gstatic.com	70 KB
6	disquscdn.com c.disquscdn.com	231 KB
6	disqus.com seguranca-informatica.disqus.com disqus.com links.services.disqus.com	34 KB
6	facebook.com www.facebook.com graph.facebook.com	1 KB
6	doubleclick.net googleads.g.doubleclick.net
4	facebook.net connect.facebook.net	230 KB
2	pinterest.com widgets.pinterest.com	590 B
2	reddit.com www.reddit.com	2 KB
2	google.com docs.google.com adservice.google.com	168 B
2	google-analytics.com www.google-analytics.com	18 KB
1	addthisedge.com v1.addthisedge.com	1 KB
1	moatads.com z.moatads.com	1 KB
1	youtube.com www.youtube.com
1	googletagservices.com www.googletagservices.com	27 KB
1	google.de adservice.google.de	168 B
1	githubassets.com github.githubassets.com	5 KB
1	onesignal.com cdn.onesignal.com	3 KB
1	licensebuttons.net licensebuttons.net	2 KB
1	paypalobjects.com www.paypalobjects.com
1	paypal.com 1 redirects www.paypal.com	857 B
1	github.com gist.github.com	4 KB
1	googleapis.com fonts.googleapis.com	2 KB
215	28

	Domain	Requested by
64	seguranca-informatica.pt	seguranca-informatica.pt
40	pbs.twimg.com	seguranca-informatica.pt platform.twitter.com
15	abs.twimg.com	seguranca-informatica.pt
12	s.w.org	seguranca-informatica.pt
9	platform.twitter.com	seguranca-informatica.pt platform.twitter.com
7	fonts.gstatic.com	fonts.googleapis.com
6	c.disquscdn.com	seguranca-informatica.disqus.com
6	googleads.g.doubleclick.net	pagead2.googlesyndication.com
6	pagead2.googlesyndication.com	seguranca-informatica.pt pagead2.googlesyndication.com
4	www.facebook.com	seguranca-informatica.pt connect.facebook.net
4	connect.facebook.net	seguranca-informatica.pt connect.facebook.net
4	s7.addthis.com	seguranca-informatica.pt s7.addthis.com
3	seguranca-informatica.disqus.com	seguranca-informatica.pt seguranca-informatica.disqus.com
2	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com
2	ton.twimg.com	platform.twitter.com
2	widgets.pinterest.com	s7.addthis.com
2	www.reddit.com	s7.addthis.com
2	api-public.addthis.com	s7.addthis.com
2	graph.facebook.com	s7.addthis.com
2	disqus.com	seguranca-informatica.disqus.com
2	www.google-analytics.com	seguranca-informatica.pt www.google-analytics.com
1	syndication.twitter.com	1 redirects
1	links.services.disqus.com	c.disquscdn.com
1	q.addthis.com	s7.addthis.com
1	cdn.syndication.twimg.com	platform.twitter.com
1	m.addthis.com	s7.addthis.com
1	v1.addthisedge.com	s7.addthis.com
1	z.moatads.com	s7.addthis.com
1	www.youtube.com	seguranca-informatica.pt
1	www.googletagservices.com	pagead2.googlesyndication.com
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	github.githubassets.com	gist.github.com
1	docs.google.com	seguranca-informatica.pt
1	cdn.onesignal.com	seguranca-informatica.pt
1	licensebuttons.net	seguranca-informatica.pt
1	www.paypalobjects.com	seguranca-informatica.pt
1	www.paypal.com	1 redirects
1	feed.seguranca-informatica.pt	seguranca-informatica.pt
1	gist.github.com	seguranca-informatica.pt
1	fonts.googleapis.com	seguranca-informatica.pt
215	41

This site contains links to these domains. Also see Links.

Domain
www.youtube.com
feed.seguranca-informatica.pt
www.welivesecurity.com
www.virustotal.com
github.com
gist.github.com
www.nirsoft.net
www.linkedin.com
www.facebook.com
twitter.com
t.me
facebook.com
plus.google.com
youtube.com
www.pinterest.pt
www.trignosfera.pt
creativecommons.org
linkedin.com
www.reddit.com
www.addthis.com
v1.addthis.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-09` - `2021-08-09`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.github.com DigiCert SHA2 High Assurance Server CA	`2020-06-22` - `2022-08-17`	2 years	crt.sh
platform.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-08-13` - `2021-08-18`	a year	crt.sh
www.paypalobjects.com DigiCert SHA2 Extended Validation Server CA	`2019-12-09` - `2021-12-13`	2 years	crt.sh
odc-prod-01.oracle.com DigiCert Secure Site ECC CA-1	`2020-07-22` - `2021-10-13`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-07-21` - `2020-10-12`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.githubassets.com DigiCert SHA2 High Assurance Server CA	`2018-10-29` - `2020-11-02`	2 years	crt.sh
*.google.de GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.disqus.com DigiCert SHA2 Secure Server CA	`2020-04-20` - `2022-05-09`	2 years	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2021-03-17`	a year	crt.sh
*.w.org Sectigo RSA Domain Validation Secure Server CA	`2019-12-19` - `2021-12-18`	2 years	crt.sh
*.twimg.com DigiCert SHA2 High Assurance Server CA	`2019-11-12` - `2020-11-18`	a year	crt.sh
*.reddit.com DigiCert SHA2 Secure Server CA	`2020-08-26` - `2021-02-22`	6 months	crt.sh
*.pinterest.com DigiCert SHA2 High Assurance Server CA	`2020-07-16` - `2021-08-04`	a year	crt.sh
f.ssl.fastly.net GlobalSign Organization Validation CA - SHA256 - G2	`2018-08-30` - `2020-12-02`	2 years	crt.sh

This page contains 20 frames:

Primary Page: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
Frame ID: 0DE6BBFEB61BFC1C123BE7E9D78B989A
Requests: 143 HTTP requests in this frame

Frame: https://docs.google.com/spreadsheets/d/e/2PACX-1vTywaGMDIQs-kCS-XY81EXjYtsUkH3G_ici8a0c3X80Q-MXpdxa70vn55MQKz4V_-4HIi1_CkSHz90q/pubchart?oid=1706041977&format=interactive
Frame ID: 013BC4DC78BB87A440CC667FC76C9F27
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20200914/r20190131/zrt_lookup.html
Frame ID: 999AB3C9D52CFC6BFD40E5EDE1E1023A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5067310443593238&output=html&h=185&slotname=8346471494&adk=3614362921&adf=3618954219&w=740&fwrn=4&lmt=1600277145&rafmt=11&psa=0&guci=1.2.0.0.2.2.0.0&format=740x185&url=https%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F%23.X2IvzT_ivIW&flash=0&wgl=1&dt=1600277144991&bpp=16&bdt=449&idt=76&shv=r20200914&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=463018679890&frm=20&pv=2&ga_vid=1235182167.1600277145&ga_sid=1600277145&ga_hid=1828674549&ga_fc=0&iag=0&icsg=137506062248&dssz=29&mdo=0&mso=0&rplot=4&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=1211&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066612&oid=3&pvsid=855104443021725&pem=750&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=Ac5YHXOloz&p=https%3A//seguranca-informatica.pt&dtd=99
Frame ID: D6343247CE1B43336BE40E15B7133363
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/eqyuAj9hvy4
Frame ID: 78E62C1B898641CAE0A62E8203605F54
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5067310443593238&output=html&adk=1812271804&adf=3025194257&lmt=1600277145&plat=1%3A32776%2C2%3A32776%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F%23.X2IvzT_ivIW&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1600277145790&bpp=1&bdt=1248&idt=1&shv=r20200914&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=740x185&nras=1&correlator=463018679890&frm=20&pv=1&ga_vid=1235182167.1600277145&ga_sid=1600277145&ga_hid=1828674549&ga_fc=0&iag=0&icsg=143675245936447&dssz=73&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066612&oid=3&pvsid=855104443021725&pem=750&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=5&uci=a!5&fsb=1&dtd=22
Frame ID: 193BC2547F2618A5E7528584A636CF7F
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.12/plugins/page.php?adapt_container_width=true&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2def0e3b9152f4%26domain%3Dseguranca-informatica.pt%26origin%3Dhttps%253A%252F%252Fseguranca-informatica.pt%252Ff2be13e8c83edd8%26relation%3Dparent.parent&container_width=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fsegurancainformatica&locale=en_US&sdk=joey&show_facepile=true&small_header=false
Frame ID: CE3B76578FEDB4294A4D7C1A01AA2115
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html?origin=https%3A%2F%2Fseguranca-informatica.pt
Frame ID: 87A8F3B282B0D2A7456F2DCB0420DAA4
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 1A72ED22E938EA8352F7DAEF195ACC2F
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 5DB378A60CB6503F134AB042C767B6B9
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5067310443593238&output=html&h=280&adk=2283147449&adf=2521252299&w=740&fwrn=4&fwrnh=100&lmt=1600277146&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7674192041&psa=1&guci=1.2.0.0.2.2.0.0&ad_type=text_image&format=740x280&url=https%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F%23.X2JKmZ6xX0P&flash=0&fwr=0&pra=3&rh=185&rw=740&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&dt=1600277146099&bpp=2&bdt=1557&idt=-M&shv=r20200914&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=740x185%2C0x0&nras=2&correlator=463018679890&frm=20&pv=1&ga_vid=1235182167.1600277145&ga_sid=1600277145&ga_hid=1828674549&ga_fc=0&iag=0&icsg=143675245936447&dssz=75&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2511&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066612&oid=3&psts=AGkb-H8Shik1Ph8hDL1ny_fSib4-96o3XqE6EKQvkzNoJ2-AtsyT0ZgxyLmhdLYMF1RthQ&pvsid=855104443021725&pem=750&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=QdLSlFRJ3n&p=https%3A//seguranca-informatica.pt&dtd=22
Frame ID: 3B15273488219CE26842B7FF02EF1CBC
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5067310443593238&output=html&h=280&adk=2283147449&adf=3924700173&w=740&fwrn=4&fwrnh=100&lmt=1600277146&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7674192041&psa=1&guci=1.2.0.0.2.2.0.0&ad_type=text_image&format=740x280&url=https%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F%23.X2JKmZ6xX0P&flash=0&fwr=0&pra=3&rh=185&rw=740&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&dt=1600277146099&bpp=1&bdt=1558&idt=-M&shv=r20200914&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=740x185%2C0x0%2C740x280&nras=3&correlator=463018679890&frm=20&pv=1&ga_vid=1235182167.1600277145&ga_sid=1600277145&ga_hid=1828674549&ga_fc=0&iag=0&icsg=143675245936447&dssz=76&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=4197&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066612&oid=3&psts=AGkb-H8Shik1Ph8hDL1ny_fSib4-96o3XqE6EKQvkzNoJ2-AtsyT0ZgxyLmhdLYMF1RthQ&pvsid=855104443021725&pem=750&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=PuSDlBD4gd&p=https%3A//seguranca-informatica.pt&dtd=28
Frame ID: BEC754EBE20AB9F8086DE22CF21A5B6A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5067310443593238&output=html&h=280&adk=2283147449&adf=2719090785&w=740&fwrn=4&fwrnh=100&lmt=1600277146&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7674192041&psa=1&guci=1.2.0.0.2.2.0.0&ad_type=text_image&format=740x280&url=https%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F%23.X2JKmZ6xX0P&flash=0&fwr=0&pra=3&rh=185&rw=740&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&dt=1600277146099&bpp=1&bdt=1558&idt=1&shv=r20200914&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=740x185%2C0x0%2C740x280%2C740x280&nras=4&correlator=463018679890&frm=20&pv=1&ga_vid=1235182167.1600277145&ga_sid=1600277145&ga_hid=1828674549&ga_fc=0&iag=0&icsg=143675245936447&dssz=76&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=5480&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066612&oid=3&psts=AGkb-H8Shik1Ph8hDL1ny_fSib4-96o3XqE6EKQvkzNoJ2-AtsyT0ZgxyLmhdLYMF1RthQ&pvsid=855104443021725&pem=750&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=87PKbDIvn2&p=https%3A//seguranca-informatica.pt&dtd=61
Frame ID: 1FC092C2387E2312C05703642CD9AB82
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/embed/index.html?creatorScreenName=p3drotavares&dnt=false&embedId=twitter-widget-0&frame=false&hideCard=false&hideThread=false&id=1305076741107519488&lang=pt&origin=https%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F&siteScreenName=sirpedrotavares&theme=light&widgetsVersion=219d021%3A1598982042171&width=550px
Frame ID: 4A4839B4C3A0573818F6C81FDF4931C0
Requests: 1 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=seguranca-informatica&t_i=8075%20https%3A%2F%2Fseguranca-informatica.pt%2F%3Fp%3D8075&t_u=https%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F&t_e=Threat%20analysis%3A%20The%20emergent%20URSA%20trojan%20impacts%20many%20countries%20using%20a%20sophisticated%20loader&t_d=Threat%20analysis%3A%20The%20emergent%20URSA%20trojan%20impacts%20many%20countries%20using%20a%20sophisticated%20loader&t_t=Threat%20analysis%3A%20The%20emergent%20URSA%20trojan%20impacts%20many%20countries%20using%20a%20sophisticated%20loader&s_o=default
Frame ID: 6E6DE5C5581E66B24E0B3CE73B5E43AE
Requests: 1 HTTP requests in this frame

Frame: https://pbs.twimg.com/card_img/1306240149634809857/SX1kerR9?format=jpg&name=600x314
Frame ID: 27D2B4F317FCB9EE0EAC4CB35F95BBA5
Requests: 63 HTTP requests in this frame

Frame: https://c.disquscdn.com/next/embed/styles/realtime.af77184dec69e96e69aff958ae2bb738.css
Frame ID: 0D17F2CA7EA607C512E14CE49504A09F
Requests: 1 HTTP requests in this frame

Frame: https://c.disquscdn.com/next/embed/styles/realtime.af77184dec69e96e69aff958ae2bb738.css
Frame ID: 1FDF04AFA4B1A2ACF5ED1C98D418B868
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html
Frame ID: E7CA453ABF5509A50DD89F4985D00FDB
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/jot.html
Frame ID: EACD8E8643AF5A606E0D84B525FB905C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

215
Requests

100 %
HTTPS

56 %
IPv6

28
Domains

41
Subdomains

31
IPs

4
Countries

6803 kB
Transfer

9071 kB
Size

17
Cookies

34 Outgoing links

These are links going to different origins than the main page.

URL: https://www.youtube.com/channel/UCGs6Ju6rSM9BHP5UGtVvdXw?sub_confirmation=1
Title: Youtube

Search URL Search Domain Scan URL

URL: https://feed.seguranca-informatica.pt/
Title: 0xSI_f33d

Search URL Search Domain Scan URL

URL: https://www.welivesecurity.com/2019/11/19/mispadu-advertisement-discounted-unhappy-meal/
Title: mispadu

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/23892054f9494f0ee6f4aa8749ab3ee6ac13741a0455e189596edfcdf96416b3/details
Title: MSI

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/d1fb8a5061fc40291cc02cec0f1c2d13168b17d22ffcabea62816e14ed58e925/
Title: VBscript loader

Search URL Search Domain Scan URL

URL: https://github.com/sirpedrotavares/SI-LAB-malware/blob/master/decryption%20strings%20ursa%20trojan
Title: GitHub

Search URL Search Domain Scan URL

URL: https://gist.github.com/sirpedrotavares/c71c1edfbced50479252714360359b3c/raw/955e8889ee86039d4f344df2dc46c929530846ae/Decrypt%20strings%20URSA%20trojan%20(september%202020)
Title: view raw

Search URL Search Domain Scan URL

URL: https://gist.github.com/sirpedrotavares/c71c1edfbced50479252714360359b3c#file-decrypt-strings-ursa-trojan-september-2020
Title: Decrypt strings URSA trojan (september 2020)

Search URL Search Domain Scan URL

URL: https://github.com/
Title: GitHub

Search URL Search Domain Scan URL

URL: https://github.com/dzzie/myaut_contrib
Title: GitHub

Search URL Search Domain Scan URL

URL: https://www.nirsoft.net/utils/web_browser_password.html
Title: WebBrowserPassView

Search URL Search Domain Scan URL

URL: https://www.nirsoft.net/utils/mailpv.html
Title: Mail PassView

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/sirpedrotavares/
Title: Pedro Tavares

Search URL Search Domain Scan URL

URL: https://www.facebook.com/segurancainformatica

Search URL Search Domain Scan URL

URL: https://twitter.com/sirpedrotavares

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/sirpedrotavares

Search URL Search Domain Scan URL

URL: https://feed.seguranca-informatica.pt/reports/2020/Infographic%20-%20Threat%20Report%20Portugal%20Q2%202020.pdf

Search URL Search Domain Scan URL

URL: https://feed.seguranca-informatica.pt/reports/2020/Infographic%20-%20Threat%20Report%20Portugal%20Q2%202020.png
Title: PNG

Search URL Search Domain Scan URL

URL: https://t.me/segurancainformatica

Search URL Search Domain Scan URL

URL: https://facebook.com/segurancainformatica

Search URL Search Domain Scan URL

URL: https://plus.google.com/u/0/+PedroTavaresSir

Search URL Search Domain Scan URL

URL: https://youtube.com/channel/UCGs6Ju6rSM9BHP5UGtVvdXw?sub_confirmation=1

Search URL Search Domain Scan URL

URL: https://www.pinterest.pt/sirpedrotavares/seguranca-informaticapt/

Search URL Search Domain Scan URL

URL: https://www.trignosfera.pt/

Search URL Search Domain Scan URL

URL: https://creativecommons.org/licenses/by/4.0/

Search URL Search Domain Scan URL

URL: https://github.com/sirpedrotavares
Title:

Search URL Search Domain Scan URL

URL: https://plus.google.com/+PedroTavaresSir
Title:

Search URL Search Domain Scan URL

URL: https://linkedin.com/in/sirpedrotavares
Title:

Search URL Search Domain Scan URL

URL: https://www.reddit.com/user/sirpedrotavares
Title:

Search URL Search Domain Scan URL

URL: https://www.addthis.com/website-tools/overview?utm_source=AddThis%20Tools&utm_medium=image
Title: AddThis

Search URL Search Domain Scan URL

URL: https://v1.addthis.com/live/redirect/?url=http%3A%2F%2Fseguranca-informatica.pt%2Fcomo-hackear-a-password-wifi-de-redes-wpa-wpa2-novo-ataque%2F%23at_pco%3Dsmlwn-1.0%26at_si%3D5f624a994ef66550%26at_ab%3Dper-2%26at_pos%3D0%26at_tot%3D1&uid=5f624a99f6e3bcf7&pub=ra-5a74cca42a90a07e&rev=v8.28.7-wp&per=undefined&pco=smlwn-1.0

Search URL Search Domain Scan URL

URL: https://www.addthis.com/website-tools/overview?utm_source=AddThis%20Tools&utm_medium=image&utm_campaign=Sharing%20tools%20logo
Title: AddThis

Search URL Search Domain Scan URL

URL: https://www.addthis.com/website-tools/overview?utm_source=AddThis%20Tools&utm_medium=image&utm_campaign=Recommended%20content%20logo
Title: AddThis

Search URL Search Domain Scan URL

URL: https://v1.addthis.com/live/redirect/?url=http%3A%2F%2Fseguranca-informatica.pt%2Favaliacao-da-performance-dns-cloudflare-x-google-x-opendns%2F%23at_pco%3Djrcf-1.0%26at_si%3D5f624a994ef66550%26at_ab%3Dper-2%26at_pos%3D0%26at_tot%3D3&uid=5f624a9963aba898&pub=ra-5a74cca42a90a07e&rev=v8.28.7-wp&per=undefined&pco=jrcf-1.0

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 41

https://www.paypal.com/en_PT/i/scr/pixel.gif HTTP 301
https://www.paypalobjects.com/en_PT/i/scr/pixel.gif

Request Chain 222

https://syndication.twitter.com/i/jot HTTP 302
https://platform.twitter.com/jot.html

215 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/ 133 KB
31 KB 819ms
784ms Document
text/html 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.4.10

Resource Hash

cb6f90a0263bcb4c570ea23dde36478aa894f85268ea57d6ee0a6723af317a37

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: seguranca-informatica.pt
:scheme: https
:path: /threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Wed, 16 Sep 2020 17:25:44 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=dc9c481c191867f64a824d8b2599179561600277143; expires=Fri, 16-Oct-20 17:25:43 GMT; path=/; domain=.seguranca-informatica.pt; HttpOnly; SameSite=Lax; Secure
x-powered-by: PHP/7.4.10
x-pingback: https://seguranca-informatica.pt/xmlrpc.php
link: <https://seguranca-informatica.pt/wp-json/>; rel="https://api.w.org/", <https://seguranca-informatica.pt/wp-json/wp/v2/posts/8075>; rel="alternate"; type="application/json", <https://seguranca-informatica.pt/?p=8075>; rel=shortlink, </wp-content/cache/minify/398c6.css>; rel=preload; as=style, </wp-content/cache/minify/eabb6.css>; rel=preload; as=style, </wp-content/cache/minify/021e7.css>; rel=preload; as=style, </wp-content/cache/minify/c841a.css>; rel=preload; as=style
vary: Accept-Encoding
referrer-policy
cf-cache-status: DYNAMIC
cf-request-id: 05398c78cc0000977ee097c200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 5d3c49d47c54977e-FRA
content-encoding: br
cf-h2-pushed: </wp-content/cache/minify/398c6.css>,</wp-content/cache/minify/eabb6.css>,</wp-content/cache/minify/021e7.css>,</wp-content/cache/minify/c841a.css>

GET
H2 200 398c6.css
seguranca-informatica.pt/wp-content/cache/minify/ 60 KB
8 KB 192ms
0ms Stylesheet
text/css 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/cache/minify/398c6.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db0de0d4de1311eb99b9327550146b23da220725b6739baa3158eb12f12d358a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
cf-polished: origSize=63257
status: 200
vary: Accept-Encoding
cf-request-id: 05398c7bd60000977ee09a6200000001
referrer-policy
last-modified: Tue, 12 May 2020 12:49:28 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/css
cache-control: max-age=14400
cf-ray: 5d3c49d95f09977e-FRA
cf-bgj: minify

GET
H2 200 eabb6.css
seguranca-informatica.pt/wp-content/cache/minify/ 44 KB
9 KB 189ms
0ms Stylesheet
text/css 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/cache/minify/eabb6.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc1c1f202d4a020cd9d584b2cc0c5fa966204473cfcc87bf8ea574537e9d1724

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:44 GMT
content-encoding: br
referrer-policy
cf-cache-status: MISS
last-modified: Tue, 12 May 2020 18:15:42 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-request-id: 05398c7bd60000977ee09a7200000001
content-type: text/css
status: 200
cache-control: max-age=14400
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 5d3c49d95f0b977e-FRA
x-content-type-options: nosniff

GET
H2 200 021e7.css
seguranca-informatica.pt/wp-content/cache/minify/ 85 KB
10 KB 194ms
0ms Stylesheet
text/css 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/cache/minify/021e7.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c08d34e96d34a37c16d4353b630225e5e1b9e02808eb2eaf32783be2a38e109d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:44 GMT
content-encoding: br
referrer-policy
cf-cache-status: MISS
last-modified: Tue, 12 May 2020 09:18:59 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-request-id: 05398c7bd60000977ee09a8200000001
content-type: text/css
status: 200
cache-control: max-age=14400
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 5d3c49d95f0c977e-FRA
x-content-type-options: nosniff

GET
H2 200 c841a.css
seguranca-informatica.pt/wp-content/cache/minify/ 80 KB
15 KB 199ms
0ms Stylesheet
text/css 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/cache/minify/c841a.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41842b8a7787f30dd7c129b53b921da9705e8420e0926550013d0252822547ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
cf-polished: origSize=83892
status: 200
vary: Accept-Encoding
cf-request-id: 05398c7bd60000977ee09a9200000001
referrer-policy
last-modified: Tue, 12 May 2020 12:49:33 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/css
cache-control: max-age=14400
cf-ray: 5d3c49d95f0d977e-FRA
cf-bgj: minify

GET
H2 200 dI4tRH6z5eYOCbLZuWBC7Ig0Jis.js Show response
seguranca-informatica.pt/cdn-cgi/apps/head/ 6 KB
2 KB 20ms
18ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/cdn-cgi/apps/head/dI4tRH6z5eYOCbLZuWBC7Ig0Jis.js

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2a12b82bb4b7e9b29fd41e3f22c394ee3d3737f8f9af9f7ae041d0bb895d8bd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 200918
status: 200
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-amz-request-id: A1D3276D19DBE2BD
x-amz-id-2: diN2Q23/AwvTfLqoHay7uI6Ny6yVyN+WB7W7bambTYizj+KCR1BijgzxYHGzim1b1zJZEpvZ47k=
last-modified: Sun, 05 Apr 2020 15:14:50 GMT
server: cloudflare
etag: W/"0393fdb4c7fd5923b28dfb50d125f8c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: lJHzaW_9htzRbalNZ7mokDHK2gBXM6Ql
cache-control: public, max-age=31536000
cf-request-id: 05398c7be50000977ee09aa200000001
cf-ray: 5d3c49d96f17977e-FRA

GET
H2 200 css
fonts.googleapis.com/ 19 KB
2 KB 34ms
15ms Stylesheet
text/css 2a00:1450:4001:819::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C700%2C300%2C400italic%2C700italic%7CRoboto%3A400%2C700%2C300&subset=latin%2Clatin-ext

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f379411aee07042cc205d014f801463f4c212aa0f769f2c35a9c8c74dd268f63

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Origin: https://seguranca-informatica.pt
Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 16 Sep 2020 17:15:50 GMT
server: ESF
date: Wed, 16 Sep 2020 17:25:44 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 16 Sep 2020 17:25:44 GMT

GET
H2 200 jquery.js Show response
seguranca-informatica.pt/wp-includes/js/jquery/ 95 KB
32 KB 254ms
252ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:44 GMT
content-encoding: br
referrer-policy
cf-cache-status: MISS
last-modified: Tue, 21 May 2019 20:30:23 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-request-id: 05398c7be50000977ee09ab200000001
content-type: application/javascript
status: 200
cache-control: max-age=14400
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 5d3c49d96f18977e-FRA
x-content-type-options: nosniff

GET
H2 200 frontend.min.js Show response
seguranca-informatica.pt/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/ 9 KB
3 KB 215ms
214ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend.min.js?ver=6.2.2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dab98b1d5558dd15c7db5ada4438fe03a424a7c1f5e0f29567d39a0a892bcc41

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:44 GMT
content-encoding: br
referrer-policy
cf-cache-status: MISS
last-modified: Thu, 13 Aug 2020 16:02:41 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-request-id: 05398c7be50000977ee09ac200000001
content-type: application/javascript
status: 200
cache-control: max-age=14400
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 5d3c49d96f1a977e-FRA
x-content-type-options: nosniff

GET
H2 200 nivo-lightbox.min.js Show response
seguranca-informatica.pt/wp-content/plugins/responsive-lightbox/assets/nivo/ 8 KB
2 KB 197ms
196ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/plugins/responsive-lightbox/assets/nivo/nivo-lightbox.min.js?ver=2.2.3

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3391a9fa68a12cce5d9736593e3b24f78698c5f7f6a6a3a1a6644f813875403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:44 GMT
content-encoding: br
referrer-policy
cf-cache-status: MISS
last-modified: Fri, 29 May 2020 14:26:05 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-request-id: 05398c7be50000977ee09ad200000001
content-type: application/javascript
status: 200
cache-control: max-age=14400
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 5d3c49d96f1b977e-FRA
x-content-type-options: nosniff

GET
H2 200 infinite-scroll.pkgd.min.js Show response
seguranca-informatica.pt/wp-content/plugins/responsive-lightbox/assets/infinitescroll/ 25 KB
7 KB 201ms
199ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/plugins/responsive-lightbox/assets/infinitescroll/infinite-scroll.pkgd.min.js?ver=5.5.1

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f97fb27fc5a2b0b2ef192937aeea30f869e026c98518e154a796755e3d0d864

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:44 GMT
content-encoding: br
referrer-policy
cf-cache-status: MISS
last-modified: Fri, 29 May 2020 14:26:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-request-id: 05398c7be50000977ee09ae200000001
content-type: application/javascript
status: 200
cache-control: max-age=14400
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 5d3c49d96f1d977e-FRA
x-content-type-options: nosniff

GET
H2 200 front.js Show response
seguranca-informatica.pt/wp-content/plugins/responsive-lightbox/js/ 16 KB
4 KB 209ms
208ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/plugins/responsive-lightbox/js/front.js?ver=2.2.3

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9a44ab6217570448889e9e625c86288f47692343285d48fd2642e9f9e46c3158

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
cf-polished: origSize=26898
status: 200
vary: Accept-Encoding
cf-request-id: 05398c7be70000977ee09af200000001
referrer-policy
last-modified: Fri, 29 May 2020 14:26:07 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 5d3c49d97f1e977e-FRA
cf-bgj: minify

GET
H2 200 wpp.min.js Show response
seguranca-informatica.pt/wp-content/plugins/wordpress-popular-posts/assets/js/ 3 KB
1 KB 209ms
208ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/plugins/wordpress-popular-posts/assets/js/wpp.min.js?ver=5.2.4

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3caff329d1e76a3a9a8ab8030abed403362ee5490631d7bb9774372388198763

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:44 GMT
content-encoding: br
referrer-policy
cf-cache-status: MISS
last-modified: Tue, 01 Sep 2020 09:33:55 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-request-id: 05398c7be70000977ee09b0200000001
content-type: application/javascript
status: 200
cache-control: max-age=14400
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 5d3c49d97f1f977e-FRA
x-content-type-options: nosniff

GET
H2 200 logotipox600.png
seguranca-informatica.pt/logotipo/ 20 KB
20 KB 38ms
26ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/logotipo/logotipox600.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be73c16f766dc7c7a8c08a6ba72cdd7645f553ec28ca32640022b6d7355f590a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:44 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 49
status: 200
vary: Accept-Encoding
content-length: 20475
cf-request-id: 05398c7d010000977ee09ce200000001
referrer-policy
last-modified: Tue, 13 Feb 2018 18:11:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49db3829977e-FRA

GET
H2 200 twitter_PNG28-e1517184971128.png
seguranca-informatica.pt/wp-content/uploads/2018/01/ 600 B
710 B 252ms
240ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2018/01/twitter_PNG28-e1517184971128.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e60d58e3602f1b85a212115e4d7300e09234e89eeec8df6065c2568c43e3f056

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
status: 200
vary: Accept-Encoding
content-length: 600
cf-request-id: 05398c7d010000977ee09cf200000001
referrer-policy
last-modified: Mon, 29 Jan 2018 00:16:14 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49db382a977e-FRA

GET
H2 200 icon-circle-150x150-youtube.png
seguranca-informatica.pt/ 7 KB
8 KB 241ms
229ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/icon-circle-150x150-youtube.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e02a28e995334093dff6f19238e59aba7b5ba434ea2c84ef78f6a70ce260b49d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
status: 200
vary: Accept-Encoding
content-length: 7592
cf-request-id: 05398c7d0b0000977ee09d0200000001
referrer-policy
last-modified: Wed, 07 Jun 2017 10:30:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49db482c977e-FRA

GET
H2 200 0xsi-f33d-2.png
seguranca-informatica.pt/wp-content/uploads/2020/04/ 874 B
985 B 1069ms
1057ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/04/0xsi-f33d-2.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c848f8748dcbd3ae9248bd4ef3309e931660b0ebd18b20b7c3989ac54144e5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
vary: Accept-Encoding
content-length: 874
cf-request-id: 05398c7d0b0000977ee09d1200000001
referrer-policy
last-modified: Mon, 06 Apr 2020 13:02:57 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49db482e977e-FRA

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 130 KB
45 KB 33ms
22ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a80e5bc6824957c820fc176a64856461adcfdc8bf1ff884189e0c2591d5d58de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 45924
x-xss-protection: 0
server: cafe
etag: 13133778186156096072
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 16 Sep 2020 17:25:44 GMT

GET
H/1.1 200
OK c71c1edfbced50479252714360359b3c.js Show response
gist.github.com/sirpedrotavares/ 14 KB
4 KB 227ms
176ms Script
text/javascript 140.82.121.3
GITHUB

General

Check archive.org

Show headers Download Go to

Full URL

https://gist.github.com/sirpedrotavares/c71c1edfbced50479252714360359b3c.js

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

140.82.121.3 , United States, ASN36459 (GITHUB, US),

Reverse DNS

lb-140-82-121-3-fra.github.com

Software

GitHub.com /

Resource Hash

eb3aca3f4848e881a27e8d7c1c0ea1fb16bc92a49a893a1b2133052d11f9a0a3

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:44 GMT
Content-Encoding: gzip
x-content-type-options: nosniff
status: 200 OK
vary: X-PJAX, Accept-Encoding, Accept, X-Requested-With, Accept-Encoding
Content-Length: 1629
x-xss-protection: 1; mode=block
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: GitHub.com
X-GitHub-Request-Id: 2DFC:D7CD:334198C:4993CA7:5F624A98
x-frame-options: deny
etag: W/"eb3aca3f4848e881a27e8d7c1c0ea1fb"
expect-ct: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-type: text/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
Accept-Ranges: bytes

GET
H2 200 widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 102ms
24ms Script
application/javascript 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: a761b426004caba495cdac2c93ce7dd306c47bc4d7bdc63c4840c3d8182396a9

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:44 GMT
content-encoding: gzip
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 28881
x-served-by: cache-bwi5141-BWI, cache-hhn4030-HHN
last-modified: Tue, 01 Sep 2020 20:40:54 GMT
etag: "a58136137a93f33c1d165df7d4d973f8+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1800
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 pedro-tavares-300x200.jpg
seguranca-informatica.pt/wp-content/uploads/2018/11/ 80 KB
80 KB 304ms
293ms Image
image/jpeg 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2018/11/pedro-tavares-300x200.jpg

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8cb27788844e455b92854743ee7ecab79e95c50735dc7e23b064b92e359bbf6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
vary: Accept-Encoding
content-length: 82070
cf-request-id: 05398c7d0b0000977ee09d2200000001
referrer-policy
last-modified: Fri, 02 Nov 2018 14:44:20 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49db482f977e-FRA

GET
H2 200 si_f33d.png
seguranca-informatica.pt/wp-content/uploads/2020/04/ 5 KB
5 KB 242ms
232ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/04/si_f33d.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

575593b187efc8e164cf80d79952d18b79ecad5fb42a81b1711dedf7a2af46b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
vary: Accept-Encoding
content-length: 5308
cf-request-id: 05398c7d0b0000977ee09d3200000001
referrer-policy
last-modified: Mon, 06 Apr 2020 14:06:26 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49db4830977e-FRA

GET
H2 200 Infographic%20-%20Threat%20Report%20Portugal%20Q2%202020.png
feed.seguranca-informatica.pt/reports/2020/ 204 KB
204 KB 340ms
294ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://feed.seguranca-informatica.pt/reports/2020/Infographic%20-%20Threat%20Report%20Portugal%20Q2%202020.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

446c3281ea690a4c2b548d4b0612c494ed7b79de0da27f1671bbaf33f2cb4066

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Thu, 13 Aug 2020 16:12:35 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=14400
strict-transport-security: max-age=15552000; includeSubDomains; preload
accept-ranges: bytes
cf-ray: 5d3c49db785b977e-FRA
content-length: 208625
cf-request-id: 05398c7d260000977ee09eb200000001

GET
H2 200 cover.jpg
seguranca-informatica.pt/wp-content/uploads/2020/06/ 115 KB
115 KB 293ms
282ms Image
image/jpeg 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/06/cover.jpg

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55760f124cf01db5108e183d7ab28a3a850a6342dae625b610c83ebc5071a73c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
vary: Accept-Encoding
content-length: 118000
cf-request-id: 05398c7d0b0000977ee09d4200000001
referrer-policy
last-modified: Fri, 12 Jun 2020 18:56:11 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49db4831977e-FRA

GET
H2 200 cover-1024x431.png
seguranca-informatica.pt/wp-content/uploads/2020/06/ 849 KB
850 KB 252ms
242ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/06/cover-1024x431.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4455196ea058589b8062801e8475282f8e2eeff5b5cf3947d19f738233b90de5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
status: 200
vary: Accept-Encoding
content-length: 869346
cf-request-id: 05398c7d0b0000977ee09d5200000001
referrer-policy
last-modified: Mon, 01 Jun 2020 16:31:33 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49db4832977e-FRA

GET
H2 200 cover-3.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 732 KB
733 KB 338ms
328ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/cover-3.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ebaeeefa60775d91761bb2f938feb7e5ee155c208be9b7d482e172032a4a197

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
vary: Accept-Encoding
content-length: 749438
cf-request-id: 05398c7d0b0000977ee09d6200000001
referrer-policy
last-modified: Tue, 26 May 2020 12:15:44 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49db4833977e-FRA

GET
H2 200 blog-cover.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 589 KB
590 KB 302ms
291ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/blog-cover.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

caace78c6f887ecbf780bdf5b71e57a02776d7ef5a0e54e797e3e007130262e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
vary: Accept-Encoding
content-length: 603351
cf-request-id: 05398c7d0b0000977ee09d7200000001
referrer-policy
last-modified: Wed, 06 May 2020 22:18:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49db4834977e-FRA

GET
H2 200 cover_lampion-768x315.png
seguranca-informatica.pt/wp-content/uploads/2019/12/ 261 KB
261 KB 305ms
295ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2019/12/cover_lampion-768x315.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1fc9e562f67ac01fc3db71ce882b51a1096010a777f2d9f3a87db6a642ad19a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
vary: Accept-Encoding
content-length: 266845
cf-request-id: 05398c7d0b0000977ee09d8200000001
referrer-policy
last-modified: Sat, 28 Dec 2019 02:40:21 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49db4835977e-FRA

GET
H2 200 blog-cover__.png
seguranca-informatica.pt/wp-content/uploads/2020/05/ 86 KB
86 KB 302ms
292ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/05/blog-cover__.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8742843c9c346c419f6a487e08a8f6d6c5f3200d4f7a7c0e15dab4a4a7c0c65d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
vary: Accept-Encoding
content-length: 87653
cf-request-id: 05398c7d0b0000977ee09d9200000001
referrer-policy
last-modified: Mon, 11 May 2020 21:38:13 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49db4836977e-FRA

GET
H2 200 cover.jpg
seguranca-informatica.pt/wp-content/uploads/2020/07/ 117 KB
118 KB 245ms
235ms Image
image/jpeg 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/07/cover.jpg

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ac27da6723603ab32e05183b7e1bb1b9299d5396bad26ba082edda0ff8621eb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
status: 200
vary: Accept-Encoding
content-length: 120259
cf-request-id: 05398c7d0b0000977ee09da200000001
referrer-policy
last-modified: Mon, 06 Jul 2020 12:03:40 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49db4837977e-FRA

GET
H2 200 youtube-subscribe-button-2.png
seguranca-informatica.pt/ 4 KB
5 KB 250ms
241ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/youtube-subscribe-button-2.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8220596e6a32feeaa3c95078f2a72efb6a01025245097384816d26c2a3f38c3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
vary: Accept-Encoding
content-length: 4586
cf-request-id: 05398c7d0b0000977ee09db200000001
referrer-policy
last-modified: Wed, 07 Jun 2017 10:30:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49db4838977e-FRA

GET
H2 200 telegram.jpg
seguranca-informatica.pt/wp-content/uploads/2018/12/ 11 KB
11 KB 253ms
244ms Image
image/jpeg 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2018/12/telegram.jpg

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c36d0094cb3d176360c91599d13da78f0c77df004bc076aadd883f189fa1767e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
status: 200
vary: Accept-Encoding
content-length: 11537
cf-request-id: 05398c7d0b0000977ee09dc200000001
referrer-policy
last-modified: Thu, 27 Dec 2018 12:10:57 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49db4839977e-FRA

GET
H2 200 if_60-rss_104443.png
seguranca-informatica.pt/wp-content/uploads/2018/01/ 2 KB
2 KB 243ms
234ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2018/01/if_60-rss_104443.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b6bad8fb5327a87ba126a50844529fa2d207b42b7df8e31e104c5d48c5092d87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
vary: Accept-Encoding
content-length: 2265
cf-request-id: 05398c7d0b0000977ee09dd200000001
referrer-policy
last-modified: Mon, 29 Jan 2018 13:11:36 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49db483a977e-FRA

GET
H2 200 if_1_Media_social_website_facebook_2657542.png
seguranca-informatica.pt/wp-content/uploads/2018/01/ 2 KB
2 KB 240ms
231ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2018/01/if_1_Media_social_website_facebook_2657542.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9be7537f55bde87db7acf7c9aa482e56e3c8891f09710e19113637cdbb8143ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
vary: Accept-Encoding
content-length: 1792
cf-request-id: 05398c7d0b0000977ee09de200000001
referrer-policy
last-modified: Mon, 29 Jan 2018 12:51:40 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49db483b977e-FRA

GET
H2 200 if_18_Media_social_website_in_2657551.png
seguranca-informatica.pt/wp-content/uploads/2018/01/ 2 KB
2 KB 253ms
244ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2018/01/if_18_Media_social_website_in_2657551.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

48b3b17bf53635986804b63fb97b63fd84d72e6f2d169519f36ba2a3ca6a70a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
status: 200
vary: Accept-Encoding
content-length: 2141
cf-request-id: 05398c7d0b0000977ee09df200000001
referrer-policy
last-modified: Mon, 29 Jan 2018 12:51:34 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49db483c977e-FRA

GET
H2 200 if_12_Media_social_website_Twitter_2657545.png
seguranca-informatica.pt/wp-content/uploads/2018/01/ 3 KB
3 KB 250ms
241ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2018/01/if_12_Media_social_website_Twitter_2657545.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

066d6b6d0ac47e197c9816ecc646022123de9bd034a81b4b3efb7b790ff89963

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
vary: Accept-Encoding
content-length: 2756
cf-request-id: 05398c7d0b0000977ee09e0200000001
referrer-policy
last-modified: Mon, 29 Jan 2018 12:51:31 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49db483d977e-FRA

GET
H2 200 if_5_Media_social_website_gmail_2657573.png
seguranca-informatica.pt/wp-content/uploads/2018/01/ 2 KB
3 KB 239ms
230ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2018/01/if_5_Media_social_website_gmail_2657573.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dbab26b6050d95f1f5165ebb4114ba93bc15f011f34eca927242cb3d1f0d95f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
vary: Accept-Encoding
content-length: 2512
cf-request-id: 05398c7d0b0000977ee09e1200000001
referrer-policy
last-modified: Mon, 29 Jan 2018 12:51:27 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49db483f977e-FRA

GET
H2 200 if_11_Media_social_website_youtube_2657544.png
seguranca-informatica.pt/wp-content/uploads/2018/01/ 2 KB
3 KB 252ms
244ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2018/01/if_11_Media_social_website_youtube_2657544.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea3906631ed3ac3f02664bb801434732b02ec1b79ca261909136c5b4ef663de9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
vary: Accept-Encoding
content-length: 2502
cf-request-id: 05398c7d0b0000977ee09e2200000001
referrer-policy
last-modified: Mon, 29 Jan 2018 12:51:23 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49db4840977e-FRA

GET
H2 200 if_14_Media_social_website_pinterest_2657547.png
seguranca-informatica.pt/wp-content/uploads/2018/01/ 3 KB
3 KB 249ms
240ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2018/01/if_14_Media_social_website_pinterest_2657547.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8db469b90b8d9e2a0675931132266a305d0f080fc5ef4e7bd0f841f161b78b5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
vary: Accept-Encoding
content-length: 3147
cf-request-id: 05398c7d0b0000977ee09e3200000001
referrer-policy
last-modified: Mon, 29 Jan 2018 12:51:20 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49db4841977e-FRA

GET
H2 200 trignosfera.png
seguranca-informatica.pt/logotipo/partners/ 45 KB
45 KB 36ms
27ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/logotipo/partners/trignosfera.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3622c7c6c64b493c982f365e01b5eaa59f48da664e98025c383d4f8c57c4396

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:44 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 49
status: 200
vary: Accept-Encoding
content-length: 46166
cf-request-id: 05398c7d0b0000977ee09e4200000001
referrer-policy
last-modified: Fri, 16 Feb 2018 16:25:33 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49db4843977e-FRA

GET
H2 200 scam.gif
seguranca-informatica.pt/wp-content/uploads/2019/01/ 22 KB
23 KB 238ms
230ms Image
image/gif 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2019/01/scam.gif

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44f42160647efdb85b129d040beee22d6e3a55998c83febb2f4a03ccb0e4b714

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
status: 200
vary: Accept-Encoding
content-length: 22962
cf-request-id: 05398c7d0b0000977ee09e5200000001
referrer-policy
last-modified: Wed, 23 Jan 2019 10:49:23 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/gif
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49db4844977e-FRA

GET
H2 200 coffepaypal.png
seguranca-informatica.pt/wp-content/uploads/2019/02/ 52 KB
52 KB 39ms
32ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2019/02/coffepaypal.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce4cb34807330a0b7afe401877ad09ecc7f930f9706cac7994716bcc1b3fd886

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:44 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 49
status: 200
vary: Accept-Encoding
content-length: 53007
cf-request-id: 05398c7d0b0000977ee09e6200000001
referrer-policy
last-modified: Mon, 11 Feb 2019 23:55:59 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49db4845977e-FRA

GET
H2

404

pixel.gif
www.paypalobjects.com/en_PT/i/scr/
Redirect Chain

https://www.paypal.com/en_PT/i/scr/pixel.gif
https://www.paypalobjects.com/en_PT/i/scr/pixel.gif

0
0

250ms
195ms

Image
text/html

151.101.114.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.paypalobjects.com/en_PT/i/scr/pixel.gif
Requested by: Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Wed, 16 Sep 2020 17:25:45 GMT
via: 1.1 varnish, 1.1 varnish
server: nginx/1.14.0 (Ubuntu)
x-timer: S1600277145.922353,VS0,VE151
x-served-by: cache-lhr7364-LHR, cache-ams21027-AMS
status: 301
x-cache: MISS, MISS
location: https://www.paypalobjects.com/en_PT/i/scr/pixel.gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id: 17a7bc523316d
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes, bytes, bytes, bytes
dc: ccg11-origin-www-2.paypal.com
content-length: 0
x-cache-hits: 0, 0

GET
H2 200 88x31.png
licensebuttons.net/l/by/4.0/ 1 KB
2 KB 60ms
12ms Image
image/png 2606:4700:20::ac43:4a78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://licensebuttons.net/l/by/4.0/88x31.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4a78 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d8a628333a76cfe484a2b9c01bca786fccf08d0010d4bffca2b38b29dd4ed0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:44 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1612
cf-polished: origSize=4739
status: 200
vary: Accept-Encoding
content-length: 1283
x-xss-protection: 1; mode=block
last-modified: Thu, 30 Apr 2020 21:59:13 GMT
server: cloudflare
x-frame-options: deny
etag: "5eab4a31-1283"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000
content-type: image/png
cache-control: max-age=432000
cf-request-id: 05398c7d29000017522392b200000001
accept-ranges: bytes
cf-ray: 5d3c49db790d1752-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 cherry-js-core.min.js Show response
seguranca-informatica.pt/wp-content/plugins/cherry-search/cherry-framework/modules/cherry-js-core/assets/js/min/ 994 B
547 B 220ms
219ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/plugins/cherry-search/cherry-framework/modules/cherry-js-core/assets/js/min/cherry-js-core.min.js?ver=1.5.11

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9382c1ac33e60533971224071a03c61bd2a759689a41085dbc757872e40ec5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: br
referrer-policy
cf-cache-status: MISS
last-modified: Tue, 07 May 2019 09:01:50 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-request-id: 05398c7cea0000977ee09be200000001
content-type: application/javascript
status: 200
cache-control: max-age=14400
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 5d3c49db1ffb977e-FRA
x-content-type-options: nosniff

GET
H2 200 comment_count.js Show response
seguranca-informatica.pt/wp-content/plugins/disqus-comment-system/public/js/ 889 B
500 B 201ms
188ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.17

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cea0a05c5af6e21a409875328ed2e3dba79131b7c41f8ea07d0e0e02c7b7b59e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: br
referrer-policy
cf-cache-status: MISS
last-modified: Wed, 06 Mar 2019 09:03:33 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-request-id: 05398c7cfe0000977ee09c0200000001
content-type: application/javascript
status: 200
cache-control: max-age=14400
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 5d3c49db3818977e-FRA
x-content-type-options: nosniff

GET
H2 200 comment_embed.js Show response
seguranca-informatica.pt/wp-content/plugins/disqus-comment-system/public/js/ 1 KB
508 B 239ms
226ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.17

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f055e217bde76d711bd8b42af773f9f99b8a29d81ad9ed10b6379cc7e6c60452

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: br
referrer-policy
cf-cache-status: MISS
last-modified: Wed, 06 Mar 2019 09:03:33 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-request-id: 05398c7cfe0000977ee09c1200000001
content-type: application/javascript
status: 200
cache-control: max-age=14400
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 5d3c49db3819977e-FRA
x-content-type-options: nosniff

GET
H2 200 main.js Show response
seguranca-informatica.pt/wp-content/themes/xmag/js/ 2 KB
926 B 205ms
192ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/themes/xmag/js/main.js?ver=20170211

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

787b24b64caeab65207d03ff5655ee76f075f0201da65eb3290b255d9338db78

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: br
referrer-policy
cf-cache-status: MISS
last-modified: Sun, 04 Jun 2017 20:13:54 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-request-id: 05398c7d010000977ee09c2200000001
content-type: application/javascript
status: 200
cache-control: max-age=14400
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 5d3c49db381b977e-FRA
x-content-type-options: nosniff

GET
H2 200 jquery.sticky.js Show response
seguranca-informatica.pt/wp-content/themes/xmag/js/ 4 KB
1 KB 211ms
197ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/themes/xmag/js/jquery.sticky.js?ver=20160906

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fdf3003543c3572ba8dfc6a87a9289ebadde2db18f09a36657301eaccd157866

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
cf-polished: origSize=7171
status: 200
vary: Accept-Encoding
cf-request-id: 05398c7d010000977ee09c3200000001
referrer-policy
last-modified: Sun, 04 Jun 2017 20:13:54 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 5d3c49db381c977e-FRA
cf-bgj: minify

GET
H2 200 sticky-setting.js Show response
seguranca-informatica.pt/wp-content/themes/xmag/js/ 289 B
238 B 241ms
227ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/themes/xmag/js/sticky-setting.js?ver=20160906

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f523ff657175b7cb8d2667602adb77ccebf5e5c5c987e32800d2698b6bb0286e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: br
referrer-policy
cf-cache-status: MISS
last-modified: Sun, 04 Jun 2017 20:13:54 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-request-id: 05398c7d010000977ee09c4200000001
content-type: application/javascript
status: 200
cache-control: max-age=14400
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 5d3c49db381d977e-FRA
x-content-type-options: nosniff

GET
H2 200 comment-reply.min.js Show response
seguranca-informatica.pt/wp-includes/js/ 3 KB
1 KB 210ms
197ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-includes/js/comment-reply.min.js?ver=5.5.1

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d06df4184ba84e09a4be6a6ed101d1c3adefea0eaa833ddecf2f2251f6af33a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: br
referrer-policy
cf-cache-status: MISS
last-modified: Wed, 02 Sep 2020 01:59:39 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-request-id: 05398c7d010000977ee09c5200000001
content-type: application/javascript
status: 200
cache-control: max-age=14400
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 5d3c49db381e977e-FRA
x-content-type-options: nosniff

GET
H2 200 cherry-handler.min.js Show response
seguranca-informatica.pt/wp-content/plugins/cherry-search/cherry-framework/modules/cherry-handler/assets/js/min/ 3 KB
1 KB 240ms
227ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/plugins/cherry-search/cherry-framework/modules/cherry-handler/assets/js/min/cherry-handler.min.js?ver=1.5.11

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7f837ecf8426cc760739e8a17218b3b501156f43a7bd03afb7207949b12ab0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: br
referrer-policy
cf-cache-status: MISS
last-modified: Tue, 07 May 2019 09:01:50 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-request-id: 05398c7d010000977ee09c6200000001
content-type: application/javascript
status: 200
cache-control: max-age=14400
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 5d3c49db381f977e-FRA
x-content-type-options: nosniff

GET
H2 200 validate.js Show response
seguranca-informatica.pt/wp-content/plugins/newsletter/subscription/ 1 KB
450 B 211ms
198ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/plugins/newsletter/subscription/validate.js?ver=6.8.7

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

717c288dc6b91d3c1774be2fcf06f0eccd923966e3df65bef32b78e26cc18b75

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: br
referrer-policy
cf-cache-status: MISS
last-modified: Sat, 12 Sep 2020 11:01:40 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-request-id: 05398c7d010000977ee09c7200000001
content-type: application/javascript
status: 200
cache-control: max-age=14400
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 5d3c49db3820977e-FRA
x-content-type-options: nosniff

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 353 KB
114 KB 140ms
49ms Script
application/javascript 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js?ver=5.5.1

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

eb12a261a24e54883613710a4c12f4d9205f634ca1a29d1df07f90105a93e746

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Thu, 04 Jun 2020 15:49:19 GMT
server: nginx/1.15.8
etag: W/"5ed917ff-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
status: 200
cache-control: public, max-age=600
date: Wed, 16 Sep 2020 17:25:44 GMT
x-host: s7.addthis.com
content-length: 116324

GET
H2 200 enlighterjs.min.js Show response
seguranca-informatica.pt/wp-content/plugins/enlighter/cache/ 57 KB
16 KB 282ms
269ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/plugins/enlighter/cache/enlighterjs.min.js?ver=m3uM2XsNNRUVDoW

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0c4a1ed3d232553d98c82ea0e04cee8975d0a67df819e161f96e7c32179e8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: br
referrer-policy
cf-cache-status: MISS
last-modified: Wed, 05 Aug 2020 09:59:17 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-request-id: 05398c7d010000977ee09c8200000001
content-type: application/javascript
status: 200
cache-control: max-age=14400
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 5d3c49db3822977e-FRA
x-content-type-options: nosniff

GET
H2 200 wp-embed.min.js Show response
seguranca-informatica.pt/wp-includes/js/ 1 KB
819 B 244ms
231ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-includes/js/wp-embed.min.js?ver=5.5.1

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: br
referrer-policy
cf-cache-status: MISS
last-modified: Wed, 01 Apr 2020 14:18:40 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-request-id: 05398c7d010000977ee09c9200000001
content-type: application/javascript
status: 200
cache-control: max-age=14400
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 5d3c49db3823977e-FRA
x-content-type-options: nosniff

GET
H2 200 scripts.js Show response
seguranca-informatica.pt/wp-content/plugins/eu-cookie-law/js/ 3 KB
1 KB 240ms
228ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/plugins/eu-cookie-law/js/scripts.js?ver=3.1.4

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b2777b2136591370735374104618934a186d85121cf3fc7dd8cabeaa9d19ecd8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: br
referrer-policy
cf-cache-status: MISS
last-modified: Thu, 02 Jul 2020 00:53:47 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-request-id: 05398c7d010000977ee09ca200000001
content-type: application/javascript
status: 200
cache-control: max-age=14400
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 5d3c49db3824977e-FRA
x-content-type-options: nosniff

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 8 KB
3 KB 29ms
21ms Script
application/javascript 2606:4700::6812:e134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=5.5.1
Requested by: Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 96e3623b4080d2a019664c7f4e55cb1536a45fb84c3b34aeaede4c04b4bae373

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:44 GMT
content-encoding: gzip
cf-cache-status: HIT
server: cloudflare
age: 822
etag: W/"f9d3ce9829dac0f7e3861df96a993d72"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=259200
cf-ray: 5d3c49db3bc0d6c5-FRA
cf-request-id: 05398c7d010000d6c5d1028200000001
expires: Sat, 19 Sep 2020 17:25:44 GMT

GET
H2 200 underscore.min.js Show response
seguranca-informatica.pt/wp-includes/js/ 16 KB
6 KB 247ms
234ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-includes/js/underscore.min.js?ver=1.8.3

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b5fc275c98a58b1073a713920cefa54fab60ad9d85a67cf6907aaf8fbb3c474

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: br
referrer-policy
cf-cache-status: MISS
last-modified: Wed, 01 Apr 2020 14:18:40 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-request-id: 05398c7d010000977ee09cb200000001
content-type: application/javascript
status: 200
cache-control: max-age=14400
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 5d3c49db3825977e-FRA
x-content-type-options: nosniff

GET
H2 200 wp-util.min.js Show response
seguranca-informatica.pt/wp-includes/js/ 1 KB
648 B 240ms
228ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-includes/js/wp-util.min.js?ver=5.5.1

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

622bd29e595894b02f5c5ab95628f99d6e6d46483bac342b4fff38bbc64a8a35

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: br
referrer-policy
cf-cache-status: MISS
last-modified: Wed, 01 Apr 2020 14:18:43 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-request-id: 05398c7d010000977ee09cc200000001
content-type: application/javascript
status: 200
cache-control: max-age=14400
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 5d3c49db3826977e-FRA
x-content-type-options: nosniff

GET
H2 200 cherry-search.min.js Show response
seguranca-informatica.pt/wp-content/plugins/cherry-search/assets/js/min/ 2 KB
1004 B 241ms
229ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/plugins/cherry-search/assets/js/min/cherry-search.min.js?ver=1.1.5

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7cd9e72894580d70b0cc6a28b3836d34eb7f907eb97a152c310bfebafb65a2f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: br
referrer-policy
cf-cache-status: MISS
last-modified: Tue, 07 May 2019 09:01:50 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-request-id: 05398c7d010000977ee09cd200000001
content-type: application/javascript
status: 200
cache-control: max-age=14400
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 5d3c49db3828977e-FRA
x-content-type-options: nosniff

GET
H2 200 qNcmPTj79EMUOrzZ4I-EprFF7Y8.js Show response
seguranca-informatica.pt/cdn-cgi/apps/body/ 28 KB
6 KB 448ms
440ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/cdn-cgi/apps/body/qNcmPTj79EMUOrzZ4I-EprFF7Y8.js

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/cdn-cgi/apps/head/dI4tRH6z5eYOCbLZuWBC7Ig0Jis.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

343bde3e98b9503c4aa226f553e1e53a20437cc8a4e3aa84eff40b5e8bd99afc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
x-amz-request-id: 51D3508C27AC4B8C
status: 200
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-amz-id-2: JWT+WOd2Ehl2DLzRUxS3PAQKMTWiN7rEK+hEIVhaZILLVl3OGf/jTEZ69FK27mX8pPve1CDMJc8=
last-modified: Sun, 05 Apr 2020 15:14:50 GMT
server: cloudflare
etag: W/"2f0664ac054357af08048b56dbb23ecd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: 39Vrrl1hwaQV.tQQHe0gpcneNyDq0WPl
cache-control: public, max-age=31536000
cf-request-id: 05398c7d0b0000977ee09e7200000001
cf-ray: 5d3c49db4847977e-FRA

GET
H3-Q050 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 30ms
23ms Script
text/javascript 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Sep 2020 01:50:37 GMT
server: Golfe2
age: 3123
date: Wed, 16 Sep 2020 16:33:41 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18650
expires: Wed, 16 Sep 2020 18:33:41 GMT

GET
H2 200 wp-emoji-release.min.js Show response
seguranca-informatica.pt/wp-includes/js/ 14 KB
4 KB 252ms
245ms Script
application/javascript 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-includes/js/wp-emoji-release.min.js?ver=5.5.1

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8cb438bd4d1961f80ade4f1a295ca7de253630adcdd10473932908e638908c5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: br
referrer-policy
cf-cache-status: REVALIDATED
last-modified: Thu, 13 Aug 2020 16:00:37 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-request-id: 05398c7d0b0000977ee09e8200000001
content-type: application/javascript
status: 200
cache-control: max-age=14400
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 5d3c49db4849977e-FRA
x-content-type-options: nosniff

POST
H2 201 popular-posts Show response
seguranca-informatica.pt/wp-json/wordpress-popular-posts/v1/ 55 B
567 B 641ms
640ms XHR
application/json 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-json/wordpress-popular-posts/v1/popular-posts

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/wp-content/plugins/wordpress-popular-posts/assets/js/wpp.min.js?ver=5.2.4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.4.10

Resource Hash

3c6325714859927a5839c9be1dfc2f395d383651c38265e76a3f2565171cbd26

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-powered-by: PHP/7.4.10
status: 201
vary: Origin,Accept-Encoding
cf-request-id: 05398c7cf40000977ee09bf200000001
referrer-policy
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
allow: GET, POST
server: cloudflare
x-wp-nonce: 94e7e8563d
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-methods: OPTIONS, GET, POST, PUT, PATCH, DELETE
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://seguranca-informatica.pt
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
x-robots-tag: noindex
access-control-allow-credentials: true
cf-ray: 5d3c49db280f977e-FRA
link: <https://seguranca-informatica.pt/wp-json/>; rel="https://api.w.org/"

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 135 KB
34 KB 30ms
23ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

097afea517679d2e0b986d77cb3fe7808026882b52ca074a050e03e7a4a6996b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 34302
x-xss-protection: 0
pragma: public
x-fb-debug: 2na/fdzrw1OpsAhiP3LYw7BP/tBNTd06HPbZ92qD0et9tsiJGnqgIAYhTy0pwHGGSFSUL7CA0kspaPBA3SuJGQ==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Wed, 16 Sep 2020 17:25:44 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 30ms
23ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8c00bc4dc76920c141870cd6266e0e7bb507407e9017b43dc0d7667bb14b6d54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: KIrYlQ3q5kvPX7uZNEisbA==
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1779
etag: "c762d917a44424b12fd6b214fe34ffe4"
x-fb-debug: rpnwdB82OIOhol+unX5l/gINidEQ6y9DLPoifu/UqzobGrrkNEv2dVC5LQG6MO2anx2lOi2UXCBjtzQo1jg4Ow==
x-fb-trip-id: 664085054
x-fb-content-md5: 59732cf312ceb4adee735d0556c78600
x-frame-options: DENY
date: Wed, 16 Sep 2020 17:25:44 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 16 Sep 2020 17:28:45 GMT

GET
H2 200 cover-2.png
seguranca-informatica.pt/wp-content/uploads/2020/09/ 694 KB
695 KB 332ms
326ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/09/cover-2.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53d33383295f134946acb4185b90d16520506ff678352eda4a02d8e330ad8950

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
vary: Accept-Encoding
content-length: 710503
cf-request-id: 05398c7d0b0000977ee09e9200000001
referrer-policy
last-modified: Mon, 14 Sep 2020 21:39:54 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49db484b977e-FRA

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v18/ 9 KB
9 KB 38ms
4ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C700%2C300%2C400italic%2C700italic%7CRoboto%3A400%2C700%2C300&subset=latin%2Clatin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://seguranca-informatica.pt
Referer: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C700%2C300%2C400italic%2C700italic%7CRoboto%3A400%2C700%2C300&subset=latin%2Clatin-ext
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 18:20:36 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:28 GMT
server: sffe
age: 83108
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9132
x-xss-protection: 0
expires: Wed, 15 Sep 2021 18:20:36 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 38ms
6ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C700%2C300%2C400italic%2C700italic%7CRoboto%3A400%2C700%2C300&subset=latin%2Clatin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://seguranca-informatica.pt
Referer: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C700%2C300%2C400italic%2C700italic%7CRoboto%3A400%2C700%2C300&subset=latin%2Clatin-ext
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 11:04:00 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:58 GMT
server: sffe
age: 195704
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11020
x-xss-protection: 0
expires: Tue, 14 Sep 2021 11:04:00 GMT

GET
H2 200 simple-line-icons.ttf
seguranca-informatica.pt/wp-content/themes/xmag/fonts/ 18 KB
12 KB 285ms
253ms Font
font/ttf 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/themes/xmag/fonts/simple-line-icons.ttf?v=2.2.2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/wp-content/cache/minify/eabb6.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

88731bd32d2242a6918772bd11e6e16f46c2e3c05c7bbd4ed47d162cff9683f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://seguranca-informatica.pt
Referer: https://seguranca-informatica.pt/wp-content/cache/minify/eabb6.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: br
referrer-policy
cf-cache-status: MISS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-request-id: 05398c7d1d0000977ee09ea200000001
content-type: font/ttf
status: 200
cache-control: max-age=14400
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 5d3c49db6853977e-FRA
x-content-type-options: nosniff

GET
H2 200 mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/ 9 KB
9 KB 37ms
5ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C700%2C300%2C400italic%2C700italic%7CRoboto%3A400%2C700%2C300&subset=latin%2Clatin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://seguranca-informatica.pt
Referer: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C700%2C300%2C400italic%2C700italic%7CRoboto%3A400%2C700%2C300&subset=latin%2Clatin-ext
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 18:20:36 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:27 GMT
server: sffe
age: 83108
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9080
x-xss-protection: 0
expires: Wed, 15 Sep 2021 18:20:36 GMT

GET
H2 200 pubchart
docs.google.com/spreadsheets/d/e/2PACX-1vTywaGMDIQs-kCS-XY81EXjYtsUkH3G_ici8a0c3X80Q-MXpdxa70vn55MQKz4V_-4HIi1_CkSHz90q/ Frame 013B 0
0 300ms
296ms Document
text/html 2a00:1450:4001:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://docs.google.com/spreadsheets/d/e/2PACX-1vTywaGMDIQs-kCS-XY81EXjYtsUkH3G_ici8a0c3X80Q-MXpdxa70vn55MQKz4V_-4HIi1_CkSHz90q/pubchart?oid=1706041977&format=interactive

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self';object-src 'self';report-uri https://docs.google.com/spreadsheets/cspreport;script-src 'report-sample' 'nonce-wiAB49+sZVDGZ4YLZGYFxQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';worker-src 'self'
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: docs.google.com
:scheme: https
:path: /spreadsheets/d/e/2PACX-1vTywaGMDIQs-kCS-XY81EXjYtsUkH3G_ici8a0c3X80Q-MXpdxa70vn55MQKz4V_-4HIi1_CkSHz90q/pubchart?oid=1706041977&format=interactive
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Response headers

status: 200
content-type: text/html; charset=utf-8
x-robots-tag: noindex, nofollow, nosnippet
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: gzip
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-security-policy: base-uri 'self';object-src 'self';report-uri https://docs.google.com/spreadsheets/cspreport;script-src 'report-sample' 'nonce-wiAB49+sZVDGZ4YLZGYFxQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';worker-src 'self'
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
set-cookie: NID=204=UrHOcYtfKALbwz8PP5EHX8TzaTqBDUkGLQ3zFXFYku_HbFTnVuPuON0jwlpkM2Y-3DOw4lKRfjfAn-aoC9NkUU7QTnG5wEvoZ-g1bY6SoeD_MjS8i3qe7cYH6eSKWVcU2Pfmmo4afIw8643pQQi434jn4TTdIOTlICiXJVxiNIs; expires=Thu, 18-Mar-2021 17:25:44 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none S=apps-spreadsheets=8k5uiMUsjQzyLJxpY3eOugOH8JRXYSYK2oqbNqgFCJs; Domain=.docs.google.com; Expires=Wed, 16-Sep-2020 18:25:45 GMT; Path=/spreadsheets/d/e/2PACX-1vTywaGMDIQs-kCS-XY81EXjYtsUkH3G_ici8a0c3X80Q-MXpdxa70vn55MQKz4V_-4HIi1_CkSHz90q; Secure; HttpOnly; Priority=LOW; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 memnYaGs126MiZpBA-UFUKWiUNhrIqOxjaPX.woff2
fonts.gstatic.com/s/opensans/v18/ 9 KB
9 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKWiUNhrIqOxjaPX.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C700%2C300%2C400italic%2C700italic%7CRoboto%3A400%2C700%2C300&subset=latin%2Clatin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d6762417b3b91c64f1d9c9689deb17a1120dfaf507b547b6bf5a11fdf0968a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://seguranca-informatica.pt
Referer: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C700%2C300%2C400italic%2C700italic%7CRoboto%3A400%2C700%2C300&subset=latin%2Clatin-ext
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 18:28:01 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:28 GMT
server: sffe
age: 82663
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9416
x-xss-protection: 0
expires: Wed, 15 Sep 2021 18:28:01 GMT

GET
H2 200 mem6YaGs126MiZpBA-UFUK0Zdc1GAK6b.woff2
fonts.gstatic.com/s/opensans/v18/ 10 KB
10 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem6YaGs126MiZpBA-UFUK0Zdc1GAK6b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C700%2C300%2C400italic%2C700italic%7CRoboto%3A400%2C700%2C300&subset=latin%2Clatin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ffcde34efda55a63cb66dbec4bf10acb531014d581e2d8e511836b84e08c2305

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://seguranca-informatica.pt
Referer: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C700%2C300%2C400italic%2C700italic%7CRoboto%3A400%2C700%2C300&subset=latin%2Clatin-ext
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 18:20:36 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:34 GMT
server: sffe
age: 83108
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9728
x-xss-protection: 0
expires: Wed, 15 Sep 2021 18:20:36 GMT

GET
H3-Q050 200 KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C700%2C300%2C400italic%2C700italic%7CRoboto%3A400%2C700%2C300&subset=latin%2Clatin-ext

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://seguranca-informatica.pt
Referer: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C700%2C300%2C400italic%2C700italic%7CRoboto%3A400%2C700%2C300&subset=latin%2Clatin-ext
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 09:06:17 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:52 GMT
server: sffe
age: 202767
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11180
x-xss-protection: 0
expires: Tue, 14 Sep 2021 09:06:17 GMT

GET
H3-Q050 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C700%2C300%2C400italic%2C700italic%7CRoboto%3A400%2C700%2C300&subset=latin%2Clatin-ext

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://seguranca-informatica.pt
Referer: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C700%2C300%2C400italic%2C700italic%7CRoboto%3A400%2C700%2C300&subset=latin%2Clatin-ext
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 09:06:19 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 202765
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11016
x-xss-protection: 0
expires: Tue, 14 Sep 2021 09:06:19 GMT

GET
H2 200 table1-278x300.png
seguranca-informatica.pt/wp-content/uploads/2020/09/ 31 KB
31 KB 258ms
257ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/09/table1-278x300.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02fb6ff42ec54d5cc760ddb6ac057ec7efb377888690ba496d04a7c76b732011

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
vary: Accept-Encoding
content-length: 31571
cf-request-id: 05398c7d6d0000977ee09f2200000001
referrer-policy
last-modified: Mon, 14 Sep 2020 11:30:20 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49dbe899977e-FRA

GET
H2 200 phishing-templates1.png
seguranca-informatica.pt/wp-content/uploads/2020/09/ 442 KB
443 KB 289ms
289ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/09/phishing-templates1.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bd5170ae2799156ffbaa1861ec8e9620cb2be471f80c8a25601c32ea21b3bd84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
vary: Accept-Encoding
content-length: 452815
cf-request-id: 05398c7d6d0000977ee09f3200000001
referrer-policy
last-modified: Mon, 14 Sep 2020 11:33:03 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49dbe89a977e-FRA

GET
H2 200 2-file.png
seguranca-informatica.pt/wp-content/uploads/2020/09/ 400 KB
401 KB 293ms
293ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2020/09/2-file.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78d2c259c6634b9eb8ae3e59c68ba8a9901e3efbf3f9dbba787936de75f93a94

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
vary: Accept-Encoding
content-length: 410105
cf-request-id: 05398c7d6d0000977ee09f4200000001
referrer-policy
last-modified: Mon, 14 Sep 2020 11:39:31 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49dbe89b977e-FRA

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
71 B 13ms
13ms XHR
text/plain 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j86&a=1828674549&t=pageview&_s=1&dl=https%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F&ul=en-us&de=UTF-8&dt=Threat%20analysis%3A%20The%20emergent%20URSA%20trojan%20impacts%20many%20countries%20using%20a%20sophisticated%20loader&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABCAAAAC~&jid=393973335&gjid=1639366708&cid=1235182167.1600277145&tid=UA-100437516-1&_gid=1581752463.1600277145&_r=1&_slc=1&z=1602895512

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 16 Sep 2020 17:25:44 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: text/plain
access-control-allow-origin: https://seguranca-informatica.pt
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 134215180689421 Show response
connect.facebook.net/signals/config/ 524 KB
133 KB 85ms
85ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/134215180689421?v=2.9.24&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7f2771d337cd178894978018060c937d78d87ac2db3ba0401fe552d1fd50fd2f

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: isSUOYvn72FBjM+RST6AsvyocEfl1X1LKU0pirHzCT5EjftPK0cDGNocP2rjdYekRIEC0S8Lrny2ia6Pmt3hxg==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Wed, 16 Sep 2020 17:25:45 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 201 KB
61 KB 17ms
5ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=c5d4c482ac02ff817dca23a8889f1afd&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4fd8d147ffff3c6ede524e665ae9149c6f1027b6f17535756c8bad36e0f8522b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://seguranca-informatica.pt
Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: GrnkBSXm2P/ua7PTmFE6gA==
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 62344
etag: "8183b242362572adcf79c386b2e72892"
x-fb-debug: v8LKuBwTxDVGLHflkDRscHpvgkZZSFE5PuTho+ZstbQXwYX2bR2HiRPV9/L+zuIqgsxUveDG/B4ftlBdvOTP6Q==
x-fb-trip-id: 664085054
x-fb-content-md5: 1cf396cd6a222ffae1600664f7365194
x-frame-options: DENY
date: Wed, 16 Sep 2020 17:25:44 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
expires: Thu, 16 Sep 2021 15:39:02 GMT

GET
H3-Q050 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20200914/r20190131/ 228 KB
86 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20200914/r20190131/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57b34a23487339f53b201f781b1ef81f58cdf77033f9551c44efe8a21b49867c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 87685
x-xss-protection: 0
server: cafe
etag: 9656598585391825739
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 16 Sep 2020 17:25:45 GMT

GET
H2 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20200914/r20190131/ Frame 999A 0
0 6ms
6ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20200914/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20200914/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
vary: Accept-Encoding
date: Tue, 15 Sep 2020 22:09:22 GMT
expires: Tue, 29 Sep 2020 22:09:22 GMT
content-type: text/html; charset=UTF-8
etag: 17942277541989656716
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4728
x-xss-protection: 0
age: 69383
cache-control: public, max-age=1209600
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 gist-embed-fd43f22140a6ad2cc9d0aa1f169a01f3.css
github.githubassets.com/assets/ 23 KB
5 KB 75ms
16ms Stylesheet
text/css 185.199.110.154
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://github.githubassets.com/assets/gist-embed-fd43f22140a6ad2cc9d0aa1f169a01f3.css
Requested by: Host: gist.github.com
URL: https://gist.github.com/sirpedrotavares/c71c1edfbced50479252714360359b3c.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.199.110.154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b3bd69bc73bb780c9b54f936936d5cdc97256b4afc237467d57cf261adb19cab

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fastly-request-id: 58c0a48e9b06b656e0d401de7b1c5f14f3f75d67
date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: gzip
age: 3595891
x-cache: HIT, HIT
status: 200
access-control-max-age: 3600
content-length: 4974
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-dca17774-DCA, cache-ams21049-AMS
last-modified: Thu, 06 Aug 2020 02:32:04 GMT
server: AmazonS3
x-timer: S1600277145.080225,VS0,VE0
etag: "e7855578ffe91726212d9ca6866f06a3"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 11343

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
168 B 19ms
15ms Script
application/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=seguranca-informatica.pt

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200914/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
168 B 19ms
15ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=seguranca-informatica.pt

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200914/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame D634 0
0 364ms
364ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5067310443593238&output=html&h=185&slotname=8346471494&adk=3614362921&adf=3618954219&w=740&fwrn=4&lmt=1600277145&rafmt=11&psa=0&guci=1.2.0.0.2.2.0.0&format=740x185&url=https%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F%23.X2IvzT_ivIW&flash=0&wgl=1&dt=1600277144991&bpp=16&bdt=449&idt=76&shv=r20200914&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=463018679890&frm=20&pv=2&ga_vid=1235182167.1600277145&ga_sid=1600277145&ga_hid=1828674549&ga_fc=0&iag=0&icsg=137506062248&dssz=29&mdo=0&mso=0&rplot=4&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=1211&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066612&oid=3&pvsid=855104443021725&pem=750&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=Ac5YHXOloz&p=https%3A//seguranca-informatica.pt&dtd=99

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200914/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5067310443593238&output=html&h=185&slotname=8346471494&adk=3614362921&adf=3618954219&w=740&fwrn=4&lmt=1600277145&rafmt=11&psa=0&guci=1.2.0.0.2.2.0.0&format=740x185&url=https%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F%23.X2IvzT_ivIW&flash=0&wgl=1&dt=1600277144991&bpp=16&bdt=449&idt=76&shv=r20200914&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=463018679890&frm=20&pv=2&ga_vid=1235182167.1600277145&ga_sid=1600277145&ga_hid=1828674549&ga_fc=0&iag=0&icsg=137506062248&dssz=29&mdo=0&mso=0&rplot=4&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=1211&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066612&oid=3&pvsid=855104443021725&pem=750&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=Ac5YHXOloz&p=https%3A//seguranca-informatica.pt&dtd=99
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 16 Sep 2020 17:25:45 GMT
server: cafe
content-length: 24323
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 16-Sep-2020 17:40:45 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Wed, 16 Sep 2020 17:25:45 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
27 KB 40ms
38ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200914/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fef134a7880b8d72bac16738b34fe1ed9a72da52f702537b22486826cd3b5888

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1600083386116863"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 27476
x-xss-protection: 0
expires: Wed, 16 Sep 2020 17:25:45 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
260 B 7ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=134215180689421&ev=PageView&dl=https%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F%23.X2IvzT_ivIW&rl=&if=false&ts=1600277145162&sw=1600&sh=1200&v=2.9.24&r=stable&ec=0&o=30&fbp=fb.1.1600277145160.1568288046&it=1600277144972&coo=false&rqm=GET

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Wed, 16 Sep 2020 17:25:45 GMT

GET
H2 200 eqyuAj9hvy4
www.youtube.com/embed/ Frame 78E6 0
0 75ms
75ms Document
text/html 2a00:1450:4001:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/eqyuAj9hvy4

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/eqyuAj9hvy4
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Response headers

status: 200
strict-transport-security: max-age=31536000
content-length: 10921
expires: Tue, 27 Apr 1971 19:44:06 GMT
x-content-type-options: nosniff
content-encoding: br
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-type: text/html; charset=utf-8
cache-control: no-cache
date: Wed, 16 Sep 2020 17:25:45 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
set-cookie: VISITOR_INFO1_LIVE=janiAHAE3z4; path=/; domain=.youtube.com; secure; expires=Mon, 15-Mar-2021 17:25:45 GMT; httponly; samesite=None VISITOR_INFO1_LIVE=janiAHAE3z4; path=/; domain=.youtube.com; secure; expires=Mon, 15-Mar-2021 17:25:45 GMT; httponly; samesite=None YSC=92zfkDI5wDA; path=/; domain=.youtube.com; secure; httponly; samesite=None GPS=1; path=/; domain=.youtube.com; expires=Wed, 16-Sep-2020 17:55:45 GMT
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 E-mail-Icon-co%CC%81pia-e1515360297525.png
seguranca-informatica.pt/wp-content/uploads/2018/01/ 1009 B
1 KB 206ms
205ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2018/01/E-mail-Icon-co%CC%81pia-e1515360297525.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba23d13ab9eb27eb4933ae12135dc7f2775699d06d8628f73b9ff9b9f01aeef4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
status: 200
vary: Accept-Encoding
content-length: 1009
cf-request-id: 05398c7ed00000977ee0a09200000001
referrer-policy
last-modified: Wed, 24 Jan 2018 22:17:30 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49de19fe977e-FRA

GET
DATA 200
OK truncated
/ 1 KB
0 Stylesheet
text/css

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d09e163a3868a47d1c51be0b013497ce6975c036fcc5d7b65bba70419c74b7ad

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: text/css;charset=utf-8

GET
H/1.1 200
OK count.js Show response
seguranca-informatica.disqus.com/ 1 KB
1 KB 142ms
55ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.disqus.com/count.js

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.17

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 16 Sep 2020 17:25:45 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 243706
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 871
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 24 Aug 2020 22:36:24 GMT
Server: nginx
ETag: "5f4440e8-367"
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=300
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect

GET
H/1.1 200
OK embed.js Show response
seguranca-informatica.disqus.com/ 71 KB
23 KB 421ms
333ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.disqus.com/embed.js

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.17

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

6476ec5b362dc55b3011f93b32ec4e1be14fa72ff2db47c418809ab3c54d0b47

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 16 Sep 2020 17:25:45 GMT
Content-Encoding: gzip
Server: openresty
Age: 0
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Strict-Transport-Security: max-age=300; includeSubdomains
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 23107

GET
H2 200 fontawesome-webfont.woff2
seguranca-informatica.pt/wp-content/plugins/cherry-search/assets/fonts/ 70 KB
70 KB 294ms
293ms Font
font/woff2 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.pt/wp-content/plugins/cherry-search/assets/fonts/fontawesome-webfont.woff2?v=4.6.3

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/wp-content/cache/minify/c841a.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://seguranca-informatica.pt
Referer: https://seguranca-informatica.pt/wp-content/cache/minify/c841a.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
referrer-policy
cf-cache-status: MISS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-request-id: 05398c7f7c0000977ee0a14200000001
content-type: font/woff2
status: 200
cache-control: max-age=14400
strict-transport-security: max-age=15552000; includeSubDomains; preload
accept-ranges: bytes
cf-ray: 5d3c49df2a99977e-FRA
content-length: 71896
x-content-type-options: nosniff

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 120ms
24ms Script
application/x-javascript 23.210.250.213
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?ver=5.5.1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-250-213.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: D5503D14AA2F06AA
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=54848
accept-ranges: bytes
content-length: 948
x-amz-id-2: JgalEtxvSAtZmM7+naGfrhsdf0JFS0gJW8lypWF8Tp90EkcPp4c3eAnpK+RDOIL1ltWgpx8wc3s=

GET
H2 200 2764.svg
s.w.org/images/core/emoji/13.0.0/svg/ 368 B
567 B 99ms
19ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/13.0.0/svg/2764.svg

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

09a743ee0c32ca57c9be64b13b29c396310d1dd309cb4d7d3be722e47db95f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
last-modified: Mon, 15 Jun 2020 17:45:48 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
status: 200
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 368
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 27a1.svg
s.w.org/images/core/emoji/13.0.0/svg/ 242 B
298 B 100ms
20ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/13.0.0/svg/27a1.svg

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

8ab75b37e150efe65cdfd300029b88de8355d72c7bbb5d2055f902aeaec3c14d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
last-modified: Mon, 15 Jun 2020 17:45:49 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
status: 200
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 242
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1f1f5-1f1f9.svg
s.w.org/images/core/emoji/13.0.0/svg/ 1 KB
776 B 100ms
20ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/13.0.0/svg/1f1f5-1f1f9.svg

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

e0013618876b34d5f4dd21bac1fbcf419bb41e4929ec93a7acac9061ba2050a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 15 Jun 2020 17:45:54 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1f1e7-1f1f4.svg
s.w.org/images/core/emoji/13.0.0/svg/ 6 KB
2 KB 99ms
20ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/13.0.0/svg/1f1e7-1f1f4.svg

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

085ccfcd546dac5eb3fd375ba9ac3aed6d2daef0204e485f05cace561829d6d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 15 Jun 2020 17:45:54 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1f1e8-1f1f1.svg
s.w.org/images/core/emoji/13.0.0/svg/ 521 B
330 B 98ms
19ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/13.0.0/svg/1f1e8-1f1f1.svg

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

ec23ee46eeb42a80108bc249a6bb2214ec44f150647466e57468ebf35e145dc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 15 Jun 2020 17:45:54 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1f1ea-1f1f8.svg
s.w.org/images/core/emoji/13.0.0/svg/ 629 B
406 B 98ms
19ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/13.0.0/svg/1f1ea-1f1f8.svg

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

f8cf69e4d0d285ff8e9be18f239b65e38fe1a235086a8daae53b1baa1e7a3557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 15 Jun 2020 17:45:54 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1f1f2-1f1fd.svg
s.w.org/images/core/emoji/13.0.0/svg/ 9 KB
4 KB 19ms
18ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/13.0.0/svg/1f1f2-1f1fd.svg

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

1f969e7c85f68cca244b373f6c4e20f1b88e24b0a458d331505aa97599002225

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 15 Jun 2020 17:45:48 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1f1e7-1f1f7.svg
s.w.org/images/core/emoji/13.0.0/svg/ 682 B
410 B 19ms
18ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/13.0.0/svg/1f1e7-1f1f7.svg

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

a74ec5e2fe1a2f859edf8c7de03b43379030f58f17b8e57371a347620f5c9b31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 15 Jun 2020 17:45:48 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1f1ee-1f1f9.svg
s.w.org/images/core/emoji/13.0.0/svg/ 270 B
303 B 72ms
71ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/13.0.0/svg/1f1ee-1f1f9.svg

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

41b974254f3dd5b0853af7585c0417998a1ffa52e97e000fe2af3eee2c916d57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
last-modified: Mon, 15 Jun 2020 17:45:48 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
status: 200
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 270
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1f41e.svg
s.w.org/images/core/emoji/13.0.0/svg/ 2 KB
999 B 72ms
71ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/13.0.0/svg/1f41e.svg

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

e846ca01f190e98e1e3c57d8d24b984c64f5dbb0aabad93997f10b5dd8ef3587

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 15 Jun 2020 17:45:54 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1f3e6.svg
s.w.org/images/core/emoji/13.0.0/svg/ 878 B
417 B 72ms
72ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/13.0.0/svg/1f3e6.svg

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

9ec90d90c8875865ec465bea304f4c5caed1b1eac2d4ba1b3f1b710288738935

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Wed, 16 Sep 2020 17:25:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 15 Jun 2020 17:45:48 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 2705.svg
s.w.org/images/core/emoji/13.0.0/svg/ 482 B
516 B 73ms
72ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/13.0.0/svg/2705.svg

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

1f026beb67630abcdbc341651b1c17591aa76261296a9fb118793765964eb4e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Wed, 16 Sep 2020 17:25:45 GMT
x-content-type-options: nosniff
last-modified: Mon, 15 Jun 2020 17:45:54 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
status: 200
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 482
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame 193B 0
0 77ms
77ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5067310443593238&output=html&adk=1812271804&adf=3025194257&lmt=1600277145&plat=1%3A32776%2C2%3A32776%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F%23.X2IvzT_ivIW&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1600277145790&bpp=1&bdt=1248&idt=1&shv=r20200914&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=740x185&nras=1&correlator=463018679890&frm=20&pv=1&ga_vid=1235182167.1600277145&ga_sid=1600277145&ga_hid=1828674549&ga_fc=0&iag=0&icsg=143675245936447&dssz=73&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066612&oid=3&pvsid=855104443021725&pem=750&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=5&uci=a!5&fsb=1&dtd=22

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200914/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5067310443593238&output=html&adk=1812271804&adf=3025194257&lmt=1600277145&plat=1%3A32776%2C2%3A32776%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F%23.X2IvzT_ivIW&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1600277145790&bpp=1&bdt=1248&idt=1&shv=r20200914&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=740x185&nras=1&correlator=463018679890&frm=20&pv=1&ga_vid=1235182167.1600277145&ga_sid=1600277145&ga_hid=1828674549&ga_fc=0&iag=0&icsg=143675245936447&dssz=73&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066612&oid=3&pvsid=855104443021725&pem=750&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=5&uci=a!5&fsb=1&dtd=22
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmoEdWD2faLUtv3zyPudCv0rQQUtj9oecy6oe_iyC5DSSPz-DIx1lFcB5wd
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 16 Sep 2020 17:25:45 GMT
server: cafe
content-length: 1183
x-xss-protection: 0
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 page.php
www.facebook.com/v2.12/plugins/ Frame CE3B 0
0 72ms
72ms Document
text/html 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.12/plugins/page.php?adapt_container_width=true&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2def0e3b9152f4%26domain%3Dseguranca-informatica.pt%26origin%3Dhttps%253A%252F%252Fseguranca-informatica.pt%252Ff2be13e8c83edd8%26relation%3Dparent.parent&container_width=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fsegurancainformatica&locale=en_US&sdk=joey&show_facepile=true&small_header=false

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=c5d4c482ac02ff817dca23a8889f1afd&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /v2.12/plugins/page.php?adapt_container_width=true&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2def0e3b9152f4%26domain%3Dseguranca-informatica.pt%26origin%3Dhttps%253A%252F%252Fseguranca-informatica.pt%252Ff2be13e8c83edd8%26relation%3Dparent.parent&container_width=300&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fsegurancainformatica&locale=en_US&sdk=joey&show_facepile=true&small_header=false
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: fr=0D3XAXxHh7OKOZe3m..BfYkqZ...1.0.BfYkqZ.
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Response headers

status: 200
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
pragma: no-cache
strict-transport-security: max-age=15552000; preload
content-encoding: br
timing-allow-origin: *
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
vary: Accept-Encoding
x-content-type-options: nosniff
facebook-api-version: v3.1
x-xss-protection: 0
content-type: text/html; charset="utf-8"
x-fb-debug: HSK8yaeb1+lWKTM9dzVG0sBaMj49P3NbXWqQedzR96I051xoDAEzJa+313O08+IyJ+fKImePRxlFTkzRCgVj9A==
date: Wed, 16 Sep 2020 17:25:45 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

GET
H2 200 widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html
platform.twitter.com/widgets/ Frame 87A8 0
0 67ms
66ms Document
text/html 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html?origin=https%3A%2F%2Fseguranca-informatica.pt
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: platform.twitter.com
:scheme: https
:path: /widgets/widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html?origin=https%3A%2F%2Fseguranca-informatica.pt
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Response headers

status: 200
last-modified: Tue, 01 Sep 2020 17:58:17 GMT
cache-control: public, max-age=315360000
content-type: text/html; charset=utf-8
etag: "9fa476ae827f556d5b037fe43632370d+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Wed, 16 Sep 2020 17:25:45 GMT
x-served-by: cache-bwi5147-BWI, cache-hhn4030-HHN
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 5825

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/ra-5a74cca42a90a07e/ 7 KB
1 KB 213ms
212ms Script
application/javascript 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/ra-5a74cca42a90a07e/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?ver=5.5.1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-44.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 85d11a34cf5ae0738a3f2a2e0f463484c9b7371b46c9e5bc991f57d44f58400f

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
content-encoding: gzip
etag: -713750497--gzip
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
status: 200
cache-control: public, max-age=60, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-length: 1214

GET
H2 200 300lo.json Show response
m.addthis.com/live/red_lojson/ 90 B
250 B 189ms
187ms Script
application/javascript 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://m.addthis.com/live/red_lojson/300lo.json?si=5f624a994ef66550&bkl=0&bl=5&pdt=830&sid=5f624a994ef66550&pub=ra-5a74cca42a90a07e&rev=v8.28.7-wp&ln=pt&pc=wpp&cb=0&ab=-&dp=seguranca-informatica.pt&fp=threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F&fr=&fcu=X2JKmZ6xX0P&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=1&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1600277145907&wpv=wpp-6.2.6&addthis_plugin_info=%7B%22info_status%22%3A%22enabled%22%2C%22cms_name%22%3A%22WordPress%22%2C%22plugin_name%22%3A%22Share%20Buttons%20by%20AddThis%22%2C%22plugin_version%22%3A%226.2.6%22%2C%22plugin_mode%22%3A%22AddThis%22%2C%22anonymous_profile_id%22%3A%22wp-1c09be8100890cf963a4479ddde30a88%22%2C%22page_info%22%3A%7B%22template%22%3A%22posts%22%2C%22post_type%22%3A%22%22%7D%2C%22sharing_enabled_on_post_via_metabox%22%3Afalse%7D&jsl=8321&uvs=5f624a991a022f06000&skipb=1&callback=addthis.cbs.jsonp__390817166655069270
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?ver=5.5.1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-44.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: f6040a2e2bd84a648be545195f89be5d78e92bbaaf577b1191dcdfb6b2b74fd8

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
pragma: no-cache
date: Wed, 16 Sep 2020 17:25:46 GMT
cache-control: max-age=0, no-cache, no-store, no-transform
content-disposition: attachment; filename=1.txt
content-length: 90
content-type: application/javascript;charset=utf-8

GET sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 1A72 0
0

GET
H2 200 sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 5DB3 0
0 33ms
30ms Document
text/html 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?ver=5.5.1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

:method: GET
:authority: s7.addthis.com
:scheme: https
:path: /static/sh.f48a1a04fe8dbf021b4cda1d.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Response headers

status: 200
server: nginx/1.15.8
content-type: text/html
last-modified: Mon, 09 Sep 2019 15:34:57 GMT
etag: W/"5d767121-1115f"
timing-allow-origin: *
cache-control: public, max-age=86313600
p3p: CP="NON ADM OUR DEV IND COM STA"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 25412
date: Wed, 16 Sep 2020 17:25:45 GMT
vary: Accept-Encoding
x-host: s7.addthis.com

GET
H2 200 client.pt.min.json Show response
s7.addthis.com/l10n/ 4 KB
2 KB 147ms
74ms XHR
application/json 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/l10n/client.pt.min.json

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?ver=5.5.1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

2a0114ee843f8e5fcb15026a43365c3455464f43e1ea135b075e49662a9905b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Tue, 10 Sep 2019 15:15:17 GMT
server: nginx/1.15.8
status: 200
etag: W/"5d77be05-e24"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, s-maxage=604800
date: Wed, 16 Sep 2020 17:25:45 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 1747

GET
H2 200 /
www.facebook.com/tr/ 44 B
100 B 9ms
5ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=134215180689421&ev=PageView&dl=https%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F%23.X2JKmZ6xX0P&rl=&if=false&ts=1600277145902&sw=1600&sh=1200&v=2.9.24&r=stable&ec=1&o=30&fbp=fb.1.1600277145160.1568288046&it=1600277144972&coo=false&rqm=GET

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:45 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Wed, 16 Sep 2020 17:25:45 GMT

POST
H2 200 /
www.facebook.com/tr/ 0
89 B 6ms
3ms Other
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryW43EtMPLxBxyhm9m

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Wed, 16 Sep 2020 17:25:45 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://seguranca-informatica.pt
access-control-allow-credentials: true
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
72 B 14ms
14ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_success&c=3&wpc=ca-pub-5067310443593238&warn=12%2C13&w=1600&h=1200&eatf=false&reatf=false&a=6%2C1%2C5%2C7&apv=20200913_200503&afm=0&as_count=5&d_count=0&ng_count=0&am_count=3&atf_count=0&mdns=0.051&alldns=0.074&allp=93&fd=(2%2C16%2C15)&pgh=36354&su=seguranca-informatica.pt&r=0.1

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20200914/r20190131/ 145 KB
52 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20200914/r20190131/reactive_library_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200914/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2d705eabcea3ef590541e4290bb76a955861f958c488b37f886435a4f492c3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 53273
x-xss-protection: 0
server: cafe
etag: 4594312057074669547
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 16 Sep 2020 17:25:46 GMT

GET
H2 200 moment~timeline~tweet.2e5232162202896d50461b242819754e.js Show response
platform.twitter.com/js/ 23 KB
8 KB 23ms
22ms Script
application/javascript 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/moment~timeline~tweet.2e5232162202896d50461b242819754e.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 357eac5a1ab8249b3fc4569040b13d64795f5aa945ae3570f782d979015bef56

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
content-encoding: gzip
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 7651
x-served-by: cache-bwi5133-BWI, cache-hhn4030-HHN
last-modified: Tue, 01 Sep 2020 17:58:08 GMT
etag: "cce4698c56d0a54ba3f908b953e403c1+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 timeline.610564c46865d0bb1eccdd42c0dc6ea7.js Show response
platform.twitter.com/js/ 21 KB
7 KB 22ms
22ms Script
application/javascript 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/timeline.610564c46865d0bb1eccdd42c0dc6ea7.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ca782cbdd8cee7ccccef6983f6566c9c29e1aa5da753a81e65250fad30bb6359

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
content-encoding: gzip
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 6647
x-served-by: cache-bwi5137-BWI, cache-hhn4030-HHN
last-modified: Tue, 01 Sep 2020 17:58:08 GMT
etag: "c556b2c56f55b3b2458cc2f84945663d+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 horizon_tweet.890a062bcacdb49527deac08bf9879da.js Show response
platform.twitter.com/js/ 6 KB
2 KB 22ms
21ms Script
application/javascript 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/horizon_tweet.890a062bcacdb49527deac08bf9879da.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 23b775e4e3b5b93742dad8a1bbfacb2ffc3271a15dbfc6d3ded21d713f2c3489

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
content-encoding: gzip
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 2197
x-served-by: cache-bwi5145-BWI, cache-hhn4030-HHN
last-modified: Tue, 01 Sep 2020 17:58:08 GMT
etag: "8069bf9882ddc98f8144708faf345f30+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H/1.1 200
OK count-data.js Show response
seguranca-informatica.disqus.com/ 281 B
820 B 145ms
145ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://seguranca-informatica.disqus.com/count-data.js?1=8075%20https%3A%2F%2Fseguranca-informatica.pt%2F%3Fp%3D8075

Requested by

Host: seguranca-informatica.disqus.com
URL: https://seguranca-informatica.disqus.com/count.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

ef81eaaf31f0d368156ee18722033de5d350d267f6be2bcf4b92fcf59129df40

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 16 Sep 2020 17:25:46 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 276
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Vary: Accept-Encoding
Cache-Control: public, max-age=600
Connection: keep-alive
Content-Type: application/javascript; charset=UTF-8
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 281
X-XSS-Protection: 1; mode=block

GET
H2 200 lounge.6525595c7a9874fa10bd041275e40f17.css
c.disquscdn.com/next/embed/styles/ 0
22 KB 37ms
21ms Other
text/css 2606:4700::6812:a913
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.6525595c7a9874fa10bd041275e40f17.css

Requested by

Host: seguranca-informatica.disqus.com
URL: https://seguranca-informatica.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a913 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4922661
status: 200
strict-transport-security: max-age=300; includeSubdomains
content-length: 22092
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Mon, 20 Jul 2020 23:36:39 GMT
server: cloudflare
etag: "5f162a87-564c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
cf-request-id: 05398c82ab00002c42fb2ce200000001
accept-ranges: bytes
cf-ray: 5d3c49e44c972c42-FRA
expires: Wed, 21 Jul 2021 18:01:24 GMT

GET
H2 200 common.bundle.e07f4f02bedd02259fb3f3e092970560.js
c.disquscdn.com/next/embed/ 0
88 KB 30ms
13ms Other
application/javascript 2606:4700::6812:a913
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.e07f4f02bedd02259fb3f3e092970560.js

Requested by

Host: seguranca-informatica.disqus.com
URL: https://seguranca-informatica.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a913 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1515928
status: 200
strict-transport-security: max-age=300; includeSubdomains
content-length: 89940
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Sun, 30 Aug 2020 04:13:44 GMT
server: cloudflare
etag: "5f4b2778-15f54"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
cf-request-id: 05398c82ab00002c42fb2cf200000001
accept-ranges: bytes
cf-ray: 5d3c49e44c982c42-FRA
expires: Mon, 30 Aug 2021 04:20:17 GMT

GET
H2 200 lounge.bundle.d7be8863f0c93949514d77bbca229000.js
c.disquscdn.com/next/embed/ 0
113 KB 37ms
20ms Other
application/javascript 2606:4700::6812:a913
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.d7be8863f0c93949514d77bbca229000.js

Requested by

Host: seguranca-informatica.disqus.com
URL: https://seguranca-informatica.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a913 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 157232
status: 200
strict-transport-security: max-age=300; includeSubdomains
content-length: 115596
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Mon, 14 Sep 2020 20:23:16 GMT
server: cloudflare
etag: "5f5fd134-1c38c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
cf-request-id: 05398c82ab00002c42fb2d0200000001
accept-ranges: bytes
cf-ray: 5d3c49e44c992c42-FRA
expires: Tue, 14 Sep 2021 21:45:13 GMT

GET
H/1.1 200
OK config.js
disqus.com/next/ 0
7 KB 59ms
18ms Other
application/javascript 151.101.0.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: seguranca-informatica.disqus.com
URL: https://seguranca-informatica.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.0.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 16 Sep 2020 17:25:46 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 55
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 7005
X-XSS-Protection: 1; mode=block

GET
H2 200 layers.33f5b85045a5f2308467.js Show response
s7.addthis.com/static/ 263 KB
76 KB 28ms
27ms Script
application/javascript 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/layers.33f5b85045a5f2308467.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?ver=5.5.1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

137e41c449677deb7c8da3afde63fc781b095bb028f78b789be44192e8e3f4be

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Thu, 04 Jun 2020 15:49:19 GMT
server: nginx/1.15.8
etag: W/"5ed917ff-41b9f"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=86313600
date: Wed, 16 Sep 2020 17:25:46 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 77540

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame 3B15 0
0 472ms
471ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5067310443593238&output=html&h=280&adk=2283147449&adf=2521252299&w=740&fwrn=4&fwrnh=100&lmt=1600277146&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7674192041&psa=1&guci=1.2.0.0.2.2.0.0&ad_type=text_image&format=740x280&url=https%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F%23.X2JKmZ6xX0P&flash=0&fwr=0&pra=3&rh=185&rw=740&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&dt=1600277146099&bpp=2&bdt=1557&idt=-M&shv=r20200914&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=740x185%2C0x0&nras=2&correlator=463018679890&frm=20&pv=1&ga_vid=1235182167.1600277145&ga_sid=1600277145&ga_hid=1828674549&ga_fc=0&iag=0&icsg=143675245936447&dssz=75&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2511&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066612&oid=3&psts=AGkb-H8Shik1Ph8hDL1ny_fSib4-96o3XqE6EKQvkzNoJ2-AtsyT0ZgxyLmhdLYMF1RthQ&pvsid=855104443021725&pem=750&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=QdLSlFRJ3n&p=https%3A//seguranca-informatica.pt&dtd=22

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200914/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5067310443593238&output=html&h=280&adk=2283147449&adf=2521252299&w=740&fwrn=4&fwrnh=100&lmt=1600277146&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7674192041&psa=1&guci=1.2.0.0.2.2.0.0&ad_type=text_image&format=740x280&url=https%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F%23.X2JKmZ6xX0P&flash=0&fwr=0&pra=3&rh=185&rw=740&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&dt=1600277146099&bpp=2&bdt=1557&idt=-M&shv=r20200914&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=740x185%2C0x0&nras=2&correlator=463018679890&frm=20&pv=1&ga_vid=1235182167.1600277145&ga_sid=1600277145&ga_hid=1828674549&ga_fc=0&iag=0&icsg=143675245936447&dssz=75&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2511&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066612&oid=3&psts=AGkb-H8Shik1Ph8hDL1ny_fSib4-96o3XqE6EKQvkzNoJ2-AtsyT0ZgxyLmhdLYMF1RthQ&pvsid=855104443021725&pem=750&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=QdLSlFRJ3n&p=https%3A//seguranca-informatica.pt&dtd=22
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmoEdWD2faLUtv3zyPudCv0rQQUtj9oecy6oe_iyC5DSSPz-DIx1lFcB5wd
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 16 Sep 2020 17:25:46 GMT
server: cafe
content-length: 24327
x-xss-protection: 0
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame BEC7 0
0 469ms
466ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5067310443593238&output=html&h=280&adk=2283147449&adf=3924700173&w=740&fwrn=4&fwrnh=100&lmt=1600277146&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7674192041&psa=1&guci=1.2.0.0.2.2.0.0&ad_type=text_image&format=740x280&url=https%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F%23.X2JKmZ6xX0P&flash=0&fwr=0&pra=3&rh=185&rw=740&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&dt=1600277146099&bpp=1&bdt=1558&idt=-M&shv=r20200914&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=740x185%2C0x0%2C740x280&nras=3&correlator=463018679890&frm=20&pv=1&ga_vid=1235182167.1600277145&ga_sid=1600277145&ga_hid=1828674549&ga_fc=0&iag=0&icsg=143675245936447&dssz=76&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=4197&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066612&oid=3&psts=AGkb-H8Shik1Ph8hDL1ny_fSib4-96o3XqE6EKQvkzNoJ2-AtsyT0ZgxyLmhdLYMF1RthQ&pvsid=855104443021725&pem=750&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=PuSDlBD4gd&p=https%3A//seguranca-informatica.pt&dtd=28

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200914/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5067310443593238&output=html&h=280&adk=2283147449&adf=3924700173&w=740&fwrn=4&fwrnh=100&lmt=1600277146&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7674192041&psa=1&guci=1.2.0.0.2.2.0.0&ad_type=text_image&format=740x280&url=https%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F%23.X2JKmZ6xX0P&flash=0&fwr=0&pra=3&rh=185&rw=740&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&dt=1600277146099&bpp=1&bdt=1558&idt=-M&shv=r20200914&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=740x185%2C0x0%2C740x280&nras=3&correlator=463018679890&frm=20&pv=1&ga_vid=1235182167.1600277145&ga_sid=1600277145&ga_hid=1828674549&ga_fc=0&iag=0&icsg=143675245936447&dssz=76&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=4197&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066612&oid=3&psts=AGkb-H8Shik1Ph8hDL1ny_fSib4-96o3XqE6EKQvkzNoJ2-AtsyT0ZgxyLmhdLYMF1RthQ&pvsid=855104443021725&pem=750&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=PuSDlBD4gd&p=https%3A//seguranca-informatica.pt&dtd=28
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmoEdWD2faLUtv3zyPudCv0rQQUtj9oecy6oe_iyC5DSSPz-DIx1lFcB5wd
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 16 Sep 2020 17:25:46 GMT
server: cafe
content-length: 24037
x-xss-protection: 0
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 ads
googleads.g.doubleclick.net/pagead/ Frame 1FC0 0
0 336ms
335ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5067310443593238&output=html&h=280&adk=2283147449&adf=2719090785&w=740&fwrn=4&fwrnh=100&lmt=1600277146&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7674192041&psa=1&guci=1.2.0.0.2.2.0.0&ad_type=text_image&format=740x280&url=https%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F%23.X2JKmZ6xX0P&flash=0&fwr=0&pra=3&rh=185&rw=740&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&dt=1600277146099&bpp=1&bdt=1558&idt=1&shv=r20200914&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=740x185%2C0x0%2C740x280%2C740x280&nras=4&correlator=463018679890&frm=20&pv=1&ga_vid=1235182167.1600277145&ga_sid=1600277145&ga_hid=1828674549&ga_fc=0&iag=0&icsg=143675245936447&dssz=76&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=5480&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066612&oid=3&psts=AGkb-H8Shik1Ph8hDL1ny_fSib4-96o3XqE6EKQvkzNoJ2-AtsyT0ZgxyLmhdLYMF1RthQ&pvsid=855104443021725&pem=750&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=87PKbDIvn2&p=https%3A//seguranca-informatica.pt&dtd=61

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200914/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5067310443593238&output=html&h=280&adk=2283147449&adf=2719090785&w=740&fwrn=4&fwrnh=100&lmt=1600277146&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7674192041&psa=1&guci=1.2.0.0.2.2.0.0&ad_type=text_image&format=740x280&url=https%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F%23.X2JKmZ6xX0P&flash=0&fwr=0&pra=3&rh=185&rw=740&rpe=1&resp_fmts=3&wgl=1&fa=27&adsid=NT&dt=1600277146099&bpp=1&bdt=1558&idt=1&shv=r20200914&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=740x185%2C0x0%2C740x280%2C740x280&nras=4&correlator=463018679890&frm=20&pv=1&ga_vid=1235182167.1600277145&ga_sid=1600277145&ga_hid=1828674549&ga_fc=0&iag=0&icsg=143675245936447&dssz=76&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=5480&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066612&oid=3&psts=AGkb-H8Shik1Ph8hDL1ny_fSib4-96o3XqE6EKQvkzNoJ2-AtsyT0ZgxyLmhdLYMF1RthQ&pvsid=855104443021725&pem=750&rx=0&eae=0&fc=384&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8320&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=87PKbDIvn2&p=https%3A//seguranca-informatica.pt&dtd=61
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmoEdWD2faLUtv3zyPudCv0rQQUtj9oecy6oe_iyC5DSSPz-DIx1lFcB5wd
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 16 Sep 2020 17:25:46 GMT
server: cafe
content-length: 23672
x-xss-protection: 0
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 profile Show response
cdn.syndication.twimg.com/timeline/ 190 KB
14 KB 246ms
225ms Script
application/javascript 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.syndication.twimg.com/timeline/profile?callback=__twttr.callbacks.tl_i0_profile_sirpedrotavares_old&dnt=false&domain=seguranca-informatica.pt&lang=pt&screen_name=sirpedrotavares&suppress_response_codes=true&t=1778085&tz=GMT%2B0200&with_replies=false

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_f /

Resource Hash

fc48ca4842ff2686f1d25fd0f132b86731fbb04ae7872a3401402d1c865c6464

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
content-disposition: attachment; filename=jsonp.jsonp
access-control-allow-methods: GET
content-length: 14311
x-xss-protection: 0
x-response-time: 201
last-modified: Wed, 16 Sep 2020 17:25:46 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: application/javascript;charset=utf-8
expires: Wed, 16 Sep 2020 17:30:46 GMT
cache-control: must-revalidate, max-age=300
x-connection-hash: e874ef0950b754bf2fd0f19b29c6a1b5
timing-allow-origin: *
x-transaction: 00a3cc690042c2c9
access-contol-allow-origin: platform.twitter.com

GET
H2 200 index.html
platform.twitter.com/embed/ Frame 4A48 0
0 22ms
21ms Document
text/html 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/index.html?creatorScreenName=p3drotavares&dnt=false&embedId=twitter-widget-0&frame=false&hideCard=false&hideThread=false&id=1305076741107519488&lang=pt&origin=https%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F&siteScreenName=sirpedrotavares&theme=light&widgetsVersion=219d021%3A1598982042171&width=550px
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: platform.twitter.com
:scheme: https
:path: /embed/index.html?creatorScreenName=p3drotavares&dnt=false&embedId=twitter-widget-0&frame=false&hideCard=false&hideThread=false&id=1305076741107519488&lang=pt&origin=https%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F&siteScreenName=sirpedrotavares&theme=light&widgetsVersion=219d021%3A1598982042171&width=550px
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Response headers

status: 200
last-modified: Wed, 09 Sep 2020 20:24:51 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=utf-8
etag: "462a23b15781d788fb9d65f4cb1fe44d+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Wed, 16 Sep 2020 17:25:46 GMT
x-served-by: cache-bwi5120-BWI, cache-hhn4030-HHN
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 301

GET
H/1.1 200
OK /
disqus.com/embed/comments/ Frame 6E6D 0
0 170ms
170ms Document
text/html 151.101.0.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/embed/comments/?base=default&f=seguranca-informatica&t_i=8075%20https%3A%2F%2Fseguranca-informatica.pt%2F%3Fp%3D8075&t_u=https%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F&t_e=Threat%20analysis%3A%20The%20emergent%20URSA%20trojan%20impacts%20many%20countries%20using%20a%20sophisticated%20loader&t_d=Threat%20analysis%3A%20The%20emergent%20URSA%20trojan%20impacts%20many%20countries%20using%20a%20sophisticated%20loader&t_t=Threat%20analysis%3A%20The%20emergent%20URSA%20trojan%20impacts%20many%20countries%20using%20a%20sophisticated%20loader&s_o=default

Requested by

Host: seguranca-informatica.disqus.com
URL: https://seguranca-informatica.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.0.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: disqus.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Response headers

Connection: keep-alive
Content-Length: 2746
Server: nginx
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Type: text/html; charset=utf-8
Last-Modified: Tue, 15 Sep 2020 13:58:49 GMT
ETag: W/"lounge:view:8203729926.52ef5f4f409ca53c797d26bc8824fead.2"
Content-Encoding: gzip
Date: Wed, 16 Sep 2020 17:25:46 GMT
Age: 0
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains

GET
H2 200 / Show response
graph.facebook.com/ 228 B
615 B 60ms
45ms Script
text/javascript 2a03:2880:f01c:800e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=https%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F&fields=og_object%7Bengagement%7D&callback=_ate.cbs.rcb_j5xx0

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?ver=5.5.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1664abe782bd0319f66bbffc7104f172262fe8d73623f92f46a08cc8fdfc3c0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
www-authenticate: OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
status: 200
x-fb-rev: 1002673889
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 171
pragma: no-cache
x-fb-debug: SxKl3I7n7yuMtxRlGq8uKzVyCjkiqdqxwG/0RgoDO9AD4N5bEl2TW3ldSaR8OtGHwj/taXNNf00dKkLDATAE3g==
x-fb-trace-id: CJZK88xRI2C
date: Wed, 16 Sep 2020 17:25:46 GMT
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: AUNt2kcDK9FPGCS0c6--zy1
cache-control: no-store
facebook-api-version: v3.1
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 shares.json Show response
api-public.addthis.com/url/ 34 B
353 B 193ms
190ms Script
application/json 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F&callback=_ate.cbs.rcb_701q0

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?ver=5.5.1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

7963a62013fabffe1829e619d567cc39d6f781bc8f311d379518f36ec42812e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
surrogate-key: seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
last-modified: Wed, 16 Sep 2020 17:25:46 GMT
server: nginx/1.15.8
date: Wed, 16 Sep 2020 17:25:46 GMT
vary: Accept-Encoding
content-type: application/json
status: 200
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length: 54

GET
H2 200 / Show response
graph.facebook.com/ 228 B
325 B 59ms
46ms Script
text/javascript 2a03:2880:f01c:800e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=http%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F&fields=og_object%7Bengagement%7D&callback=_ate.cbs.rcb_27a70

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?ver=5.5.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6991d47a2404180dc13579f85feeeb833211c3aa3e229ef66adf2a0eedf5b889

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
www-authenticate: OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
status: 200
x-fb-rev: 1002673889
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 170
pragma: no-cache
x-fb-debug: iOYb7+4VkHGaDTHg1YwO1T9HLe9JYo42Zp7+R2qQ9G90rTd7CV1E2YLrxzn+acjkN643Pa+1bun+h4U4mnTIIQ==
x-fb-trace-id: F9mKMWF3GN9
date: Wed, 16 Sep 2020 17:25:46 GMT
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: Ao-GSC7PjT70pCOe178GPoh
cache-control: no-store
facebook-api-version: v3.1
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 shares.json Show response
api-public.addthis.com/url/ 34 B
353 B 192ms
190ms Script
application/json 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://api-public.addthis.com/url/shares.json?url=http%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F&callback=_ate.cbs.rcb_22k10

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?ver=5.5.1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

b71119e3e7f2eb50916988137b72078dc0bc5e80188038bba928b4647e6613bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
surrogate-key: seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
last-modified: Wed, 16 Sep 2020 17:25:46 GMT
server: nginx/1.15.8
date: Wed, 16 Sep 2020 17:25:46 GMT
vary: Accept-Encoding
content-type: application/json
status: 200
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length: 54

GET
DATA 200
OK truncated
/ 443 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 info.json Show response
www.reddit.com/api/ 3 KB
1 KB 235ms
178ms Script
application/javascript 199.232.53.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reddit.com/api/info.json?url=https%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F&jsonp=_ate.cbs.rcb_860y0

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?ver=5.5.1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.53.140 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

snooserv /

Resource Hash

9b92a7874bb65cb145a44813ca34e1cd4b120c6a59ddae5b146b5e3ab01c4fe8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
access-control-allow-origin: *
status: 200
vary: accept-encoding
content-length: 1260
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
x-moose: majestic
server: snooserv
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript; charset=UTF-8
via: 1.1 varnish
access-control-expose-headers: X-Moose
cache-control: private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate
accept-ranges: bytes
expires: -1

GET
H2 200 count.json Show response
widgets.pinterest.com/v1/urls/ 173 B
214 B 148ms
109ms Script
application/javascript 151.101.36.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://widgets.pinterest.com/v1/urls/count.json?url=https%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F&callback=window._ate.cbs.rcb_hfjp0

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?ver=5.5.1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.36.84 Amsterdam, Netherlands, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

35d68984026f9a8a77512b225cd326a5b75616c180345c0022164bf59259502b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 0
status: 200
vary: accept-encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: must-revalidate, max-age=887
x-envoy-upstream-service-time: 1
accept-ranges: none
x-pinterest-rid: 9497249796871522
expires: Wed, 16 Sep 2020 17:40:46 GMT

GET
H2 200 info.json Show response
www.reddit.com/api/ 126 B
590 B 233ms
178ms Script
application/javascript 199.232.53.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reddit.com/api/info.json?url=http%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F&jsonp=_ate.cbs.rcb_d45i0

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?ver=5.5.1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.53.140 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

snooserv /

Resource Hash

91187645301e876abd07026702cf342c24f0a185e42c2990c5662d885bb0328d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
via: 1.1 varnish
x-content-type-options: nosniff
status: 200
content-length: 126
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
x-moose: majestic
server: snooserv
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: X-Moose
cache-control: private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate
accept-ranges: bytes
expires: -1

GET
H2 200 count.json Show response
widgets.pinterest.com/v1/urls/ 172 B
376 B 147ms
107ms Script
application/javascript 151.101.36.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://widgets.pinterest.com/v1/urls/count.json?url=http%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F&callback=window._ate.cbs.rcb_728d0

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?ver=5.5.1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.36.84 Amsterdam, Netherlands, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1e02ad33efc523a92b302eb30e55de7329ca2687ca5e8b1c9f3ff4f61fe47099

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 0
status: 200
vary: accept-encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: must-revalidate, max-age=887
x-envoy-upstream-service-time: 2
accept-ranges: none
x-pinterest-rid: 5817834320588511
expires: Wed, 16 Sep 2020 17:40:46 GMT

GET
H2 200 views2.json Show response
q.addthis.com/feeds/1.0/ 32 KB
5 KB 327ms
326ms Script
application/javascript 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://q.addthis.com/feeds/1.0/views2.json?pubid=ra-5a74cca42a90a07e&domain=seguranca-informatica.pt&limit=50&callback=_ate.cbs.fds_ra5a74cca42a90a07eviews2json0

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?ver=5.5.1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

ea4e6da2366293ff3b031338c34bf50b838ee77bab98caeaf7f0d2239ef2afb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
surrogate-key: ra-5a74cca42a90a07e
last-modified: Wed, 16 Sep 2020 17:25:46 GMT
server: nginx/1.15.8
date: Wed, 16 Sep 2020 17:25:46 GMT
vary: Accept-Encoding
cache-tag: ra-5a74cca42a90a07e
status: 200
cache-control: max-age=0, s-maxage=3600
content-type: application/javascript;charset=UTF-8
content-length: 4534

GET
H2 200 SX1kerR9
pbs.twimg.com/card_img/1306240149634809857/ Frame 27D2 28 KB
28 KB 32ms
7ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1306240149634809857/SX1kerR9?format=jpg&name=600x314

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40E4) /

Resource Hash

35615d33d85399601fd518df62c212642b6395b7fe44950bcfdcd97e9ecb33e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 10235
x-cache: HIT
status: 200
content-length: 28621
x-response-time: 161
surrogate-key: card_img card_img/bucket/4 card_img/1306240149634809857
last-modified: Wed, 16 Sep 2020 14:32:55 GMT
server: ECS (fcn/40E4)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 655bf8f2eb76903a28a3274453bd1120
accept-ranges: bytes

GET
H2 200 1f1f5-1f1f9.png
abs.twimg.com/emoji/v2/72x72/ Frame 27D2 715 B
1 KB 52ms
8ms Image
image/png 2606:2800:233:8173:898f:63b3:95c3:79d2
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/1f1f5-1f1f9.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8FC2) /

Resource Hash

659e7da9c5f2ea8933af2e78a4d9646b419851e9979dbb38d12e9d43c7711cb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 3020409
x-ton-expected-size: 715
x-cache: HIT
status: 200
content-length: 715
x-response-time: 11
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:28:27 GMT
server: ECAcc (frc/8FC2)
etag: "FTmpXqH4P3R1TK0OI32VdQ=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 242d1661daf693825e1b6131ed731e27
accept-ranges: bytes
expires: Thu, 16 Sep 2021 17:25:46 GMT

GET
H2 200 2705.png
abs.twimg.com/emoji/v2/72x72/ Frame 27D2 525 B
672 B 53ms
9ms Image
image/png 2606:2800:233:8173:898f:63b3:95c3:79d2
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/2705.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8FBD) /

Resource Hash

e3cc2f7251c41ff1f4b2e07a3ccd074d21288160fbd9893f0f0e4fc62d2c63c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 5434189
x-ton-expected-size: 525
x-cache: HIT
status: 200
content-length: 525
x-response-time: 12
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:30:43 GMT
server: ECAcc (frc/8FBD)
etag: "7zUYLT41o1+zuu1kEClhZw=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 73d97b29c5373349581274df41d69c6a
accept-ranges: bytes
expires: Thu, 16 Sep 2021 17:25:46 GMT

GET
H2 200 2139.png
abs.twimg.com/emoji/v2/72x72/ Frame 27D2 338 B
483 B 32ms
9ms Image
image/png 2606:2800:233:8173:898f:63b3:95c3:79d2
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/2139.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8FCC) /

Resource Hash

2cc9576dbb10ebbcbab064ba3970dafde17ef5ffed2749592eb5e620ebe3a72a

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 3020419
x-ton-expected-size: 338
x-cache: HIT
status: 200
content-length: 338
x-response-time: 14
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:30:41 GMT
server: ECAcc (frc/8FCC)
etag: "oLGD+Xpo5piWL5fLHP1DZw=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: cbf924632accebbcce60687777f2b248
accept-ranges: bytes
expires: Thu, 16 Sep 2021 17:25:46 GMT

GET
H2 200 27a1.png
abs.twimg.com/emoji/v2/72x72/ Frame 27D2 363 B
506 B 33ms
10ms Image
image/png 2606:2800:233:8173:898f:63b3:95c3:79d2
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/27a1.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8F84) /

Resource Hash

d5b7288f327425755badd771bd9807addb77d9a752890906f95eddfed131b627

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 10983513
x-ton-expected-size: 363
x-cache: HIT
status: 200
content-length: 363
x-response-time: 8
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:30:44 GMT
server: ECAcc (frc/8F84)
etag: "80IPnYtwZPbD8vd5/RBI8A=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 950dbf987d03071b75cda1289f1c6e87
accept-ranges: bytes
expires: Thu, 16 Sep 2021 17:25:46 GMT

GET
H2 200 1f9d0.png
abs.twimg.com/emoji/v2/72x72/ Frame 27D2 1 KB
1 KB 16ms
10ms Image
image/png 2606:2800:233:8173:898f:63b3:95c3:79d2
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/1f9d0.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8E94) /

Resource Hash

36db3512ea89976cd734e544a1edd6a0609a824da59b596146f955cb6274040c

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 10114536
x-ton-expected-size: 1105
x-cache: HIT
status: 200
content-length: 1105
x-response-time: 11
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:30:38 GMT
server: ECAcc (frc/8E94)
etag: "oA1ovLweWKnd1llNXl6J9g=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 1e1cd62fa3bb35cf69e350b70078d994
accept-ranges: bytes
expires: Thu, 16 Sep 2021 17:25:46 GMT

GET
H2 200 96QNTyyb
pbs.twimg.com/card_img/1306130309818314754/ Frame 27D2 7 KB
7 KB 9ms
8ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1306130309818314754/96QNTyyb?format=jpg&name=144x144_2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41A9) /

Resource Hash

f97c8a23733f498102cec9c49e2dddbd6cf7935437c714d8a0f79a9d9101893c

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 28680
x-cache: HIT
status: 200
content-length: 6837
x-response-time: 159
surrogate-key: card_img card_img/bucket/1 card_img/1306130309818314754
last-modified: Wed, 16 Sep 2020 07:16:27 GMT
server: ECS (fcn/41A9)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 2499868beb2c6a1f1b7756a2e1a26644
accept-ranges: bytes

GET
H2 200 IFyeRqOQ
pbs.twimg.com/card_img/1305870446097825795/ Frame 27D2 7 KB
7 KB 12ms
11ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1305870446097825795/IFyeRqOQ?format=jpg&name=144x144_2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/418F) /

Resource Hash

9d0a480f9d066fcc93a12357cfa833ffd2f8246ef534ba2a02be778b9406147d

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 98296
x-cache: HIT
status: 200
content-length: 6807
x-response-time: 152
surrogate-key: card_img card_img/bucket/2 card_img/1305870446097825795
last-modified: Tue, 15 Sep 2020 14:03:50 GMT
server: ECS (fcn/418F)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: b77a6faadd68beb8e9e7f9dc537823db
accept-ranges: bytes

GET
H2 200 1f1e7-1f1f4.png
abs.twimg.com/emoji/v2/72x72/ Frame 27D2 666 B
810 B 13ms
11ms Image
image/png 2606:2800:233:8173:898f:63b3:95c3:79d2
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/1f1e7-1f1f4.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8F27) /

Resource Hash

ee1a5e412426295d4981a9504675f49f452e1192a5a573c58200a28e37bd48e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 3020411
x-ton-expected-size: 666
x-cache: HIT
status: 200
content-length: 666
x-response-time: 21
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:28:28 GMT
server: ECAcc (frc/8F27)
etag: "R+VAldJ/IDaWutorPI3yQw=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: c7fedd2bfeae3185d7508e3a82119594
accept-ranges: bytes
expires: Thu, 16 Sep 2021 17:25:46 GMT

GET
H2 200 1f1e8-1f1f1.png
abs.twimg.com/emoji/v2/72x72/ Frame 27D2 394 B
538 B 70ms
68ms Image
image/png 2606:2800:233:8173:898f:63b3:95c3:79d2
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/1f1e8-1f1f1.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8E9D) /

Resource Hash

f8d4eb9c3a5acb1413a0a7b1907b01130adfe2996a44fd18bbbf0f09b6ea1296

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 3020416
x-ton-expected-size: 394
x-cache: HIT
status: 200
content-length: 394
x-response-time: 17
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:28:25 GMT
server: ECAcc (frc/8E9D)
etag: "IIeQi07g1x52LxVwvFEjpg=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 491b4c6f77a92ae4b56ae07a84ec8ef6
accept-ranges: bytes
expires: Thu, 16 Sep 2021 17:25:46 GMT

GET
H2 200 1f1ea-1f1f8.png
abs.twimg.com/emoji/v2/72x72/ Frame 27D2 362 B
478 B 71ms
69ms Image
image/png 2606:2800:233:8173:898f:63b3:95c3:79d2
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/1f1ea-1f1f8.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8E90) /

Resource Hash

258c5206d5a1614cef0ecb87094585c160f4b66e39dcf89cd995b5269c366f17

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 3020416
x-ton-expected-size: 362
x-cache: HIT
status: 200
content-length: 362
x-response-time: 11
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:28:25 GMT
server: ECAcc (frc/8E90)
etag: "gk/EUYKALRSbm25+qoh/5g=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 2537a16fac581ebb87c2c663d22b5728
accept-ranges: bytes
expires: Thu, 16 Sep 2021 17:25:46 GMT

GET
H2 200 1f1f2-1f1fd.png
abs.twimg.com/emoji/v2/72x72/ Frame 27D2 737 B
860 B 72ms
70ms Image
image/png 2606:2800:233:8173:898f:63b3:95c3:79d2
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/1f1f2-1f1fd.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8F5D) /

Resource Hash

63144b9a81d914f9330c1fb4df1ca06726282acc261d6cb6ce4ce4739ee0a7f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 9732375
x-ton-expected-size: 737
x-cache: HIT
status: 200
content-length: 737
x-response-time: 10
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:28:27 GMT
server: ECAcc (frc/8F5D)
etag: "bepceGwp9ZhRHflZwe6WZQ=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 54775d58858a81724abfab9a2446f7f5
accept-ranges: bytes
expires: Thu, 16 Sep 2021 17:25:46 GMT

GET
H2 200 1f1e7-1f1f7.png
abs.twimg.com/emoji/v2/72x72/ Frame 27D2 805 B
925 B 72ms
70ms Image
image/png 2606:2800:233:8173:898f:63b3:95c3:79d2
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/1f1e7-1f1f7.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8F50) /

Resource Hash

14a119a9d543f25d83b3b009dfec7076590d62d996b1bd67c11930b2a0b40789

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 3020420
x-ton-expected-size: 805
x-cache: HIT
status: 200
content-length: 805
x-response-time: 13
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:28:25 GMT
server: ECAcc (frc/8F50)
etag: "zfGOdlL5JLFvU9R7OeAhzQ=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 7dd23d765c285a72d296d0c75e783864
accept-ranges: bytes
expires: Thu, 16 Sep 2021 17:25:46 GMT

GET
H2 200 1f1ee-1f1f9.png
abs.twimg.com/emoji/v2/72x72/ Frame 27D2 233 B
375 B 73ms
71ms Image
image/png 2606:2800:233:8173:898f:63b3:95c3:79d2
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/1f1ee-1f1f9.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8F69) /

Resource Hash

02057aaa2ccf4d1d0b19abf870c27923e687a751e6718da9add7a99e50e85510

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 3020422
x-ton-expected-size: 233
x-cache: HIT
status: 200
content-length: 233
x-response-time: 9
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:28:26 GMT
server: ECAcc (frc/8F69)
etag: "oIZusNBdODFoNlsRfXVHQw=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 46acd2c6039ed44416d606e6f8f876ff
accept-ranges: bytes
expires: Thu, 16 Sep 2021 17:25:46 GMT

GET
H2 200 1f41e.png
abs.twimg.com/emoji/v2/72x72/ Frame 27D2 998 B
1 KB 73ms
71ms Image
image/png 2606:2800:233:8173:898f:63b3:95c3:79d2
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/1f41e.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8F66) /

Resource Hash

e69c8d33258983d26a64c123163df7cccdccffc8178e8c4365ae5c58e48040d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 6022389
x-ton-expected-size: 998
x-cache: HIT
status: 200
content-length: 998
x-response-time: 14
surrogate-key: twitter-assets
last-modified: Mon, 17 Sep 2018 19:12:54 GMT
server: ECAcc (frc/8F66)
etag: "wQtQ1Npn7ccQl1w0b/vQIA=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 8d1e4832f9cc97a28da8563f85e23aff
accept-ranges: bytes
expires: Thu, 16 Sep 2021 17:25:46 GMT

GET
H2 200 1f3e6.png
abs.twimg.com/emoji/v2/72x72/ Frame 27D2 526 B
664 B 74ms
72ms Image
image/png 2606:2800:233:8173:898f:63b3:95c3:79d2
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/1f3e6.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8FC1) /

Resource Hash

18f1e1f4fe5585108349cf029e48ad91a12dae4627be962667fb0b4933c69bba

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 3020381
x-ton-expected-size: 526
x-cache: HIT
status: 200
content-length: 526
x-response-time: 10
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:28:33 GMT
server: ECAcc (frc/8FC1)
etag: "7oybjS8/zWyVdOorER5KGA=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 922d1bc146a9602cc76a0e766d115178
accept-ranges: bytes
expires: Thu, 16 Sep 2021 17:25:46 GMT

GET
H2 200 1f519.png
abs.twimg.com/emoji/v2/72x72/ Frame 27D2 702 B
969 B 80ms
79ms Image
image/png 2606:2800:233:8173:898f:63b3:95c3:79d2
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/1f519.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8F15) /

Resource Hash

7f8d55f4cfdfcd229de8ba159502e01463d8f78500accbb63232713dd896347e

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 3020390
x-ton-expected-size: 702
x-cache: HIT
status: 200
content-length: 702
x-response-time: 12
surrogate-key: twitter-assets
last-modified: Mon, 17 Sep 2018 19:13:31 GMT
server: ECAcc (frc/8F15)
etag: "dNKSz0PtT7oVWDMH7bSOHA=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: fa4a6a0564211842752985828de03629
accept-ranges: bytes
expires: Thu, 16 Sep 2021 17:25:46 GMT

GET
H2 200 1f4c5.png
abs.twimg.com/emoji/v2/72x72/ Frame 27D2 874 B
1014 B 81ms
79ms Image
image/png 2606:2800:233:8173:898f:63b3:95c3:79d2
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/1f4c5.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8EA3) /

Resource Hash

c33e76afd7869d1447d15d536c88754e4ca946f3f2698c23048e55a4f71a0392

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 10077735
x-ton-expected-size: 874
x-cache: HIT
status: 200
content-length: 874
x-response-time: 14
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:30:24 GMT
server: ECAcc (frc/8EA3)
etag: "VEo4En2EYB+nd1YMbliNtQ=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 0e1640c34ea6723f17120dd43d97f454
accept-ranges: bytes
expires: Thu, 16 Sep 2021 17:25:46 GMT

GET
H2 200 3lP57Wzx
pbs.twimg.com/card_img/1306198592789635072/ Frame 27D2 4 KB
4 KB 88ms
86ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1306198592789635072/3lP57Wzx?format=jpg&name=144x144_2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41AC) /

Resource Hash

00d29b08901229db2234ca108b5697ccbf7069743212c9143a21de6e5fdc0377

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 19579
x-cache: HIT
status: 200
content-length: 3646
x-response-time: 146
surrogate-key: card_img card_img/bucket/1 card_img/1306198592789635072
last-modified: Wed, 16 Sep 2020 11:47:47 GMT
server: ECS (fcn/41AC)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: d1525517c938484ddf30e2a1e95e1fd6
accept-ranges: bytes

GET
H2 200 nYGUMvz4
pbs.twimg.com/card_img/1306163827684323328/ Frame 27D2 6 KB
7 KB 23ms
11ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1306163827684323328/nYGUMvz4?format=jpg&name=144x144_2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40AE) /

Resource Hash

9975832ec96ac91e1ee6b03a587673960e14d9a25cab0124783f61e8ee6b970a

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 27608
x-cache: HIT
status: 200
content-length: 6634
x-response-time: 135
surrogate-key: card_img card_img/bucket/6 card_img/1306163827684323328
last-modified: Wed, 16 Sep 2020 09:29:38 GMT
server: ECS (fcn/40AE)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 653e222a1cb252993e9b7e39c2634c40
accept-ranges: bytes

GET
H2 200 8wihaq6A
pbs.twimg.com/card_img/1304155623270084609/ Frame 27D2 5 KB
6 KB 22ms
10ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1304155623270084609/8wihaq6A?format=jpg&name=144x144_2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41AE) /

Resource Hash

0da2bb9d1b02accc6fcfb93e39ad0658ca144221c1aae2007d205e31020791c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 93779
x-cache: HIT
status: 200
content-length: 5494
x-response-time: 155
surrogate-key: card_img card_img/bucket/6 card_img/1304155623270084609
last-modified: Thu, 10 Sep 2020 20:29:45 GMT
server: ECS (fcn/41AE)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 7531992e855a1231c9edf394665b07a8
accept-ranges: bytes

GET
H2 200 H_nFRJQJ
pbs.twimg.com/card_img/1305897592484777984/ Frame 27D2 4 KB
4 KB 23ms
11ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1305897592484777984/H_nFRJQJ?format=jpg&name=144x144_2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40B1) /

Resource Hash

beeb1d89a4cb53349e346dd38586831ffbcb369de78d8e4d53166c7d3f079837

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 91294
x-cache: HIT
status: 200
content-length: 3844
x-response-time: 148
surrogate-key: card_img card_img/bucket/7 card_img/1305897592484777984
last-modified: Tue, 15 Sep 2020 15:51:43 GMT
server: ECS (fcn/40B1)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: ff9f05f9bd74f7386014062d86276688
accept-ranges: bytes

GET
H2 200 uPnx7gg0
pbs.twimg.com/card_img/1305891067364028416/ Frame 27D2 5 KB
5 KB 23ms
11ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1305891067364028416/uPnx7gg0?format=jpg&name=144x144_2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41A2) /

Resource Hash

a7a4410806b5bacbe492e33107ea69a13818ac30977ca44c47e8e75545e2b172

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 93250
x-cache: HIT
status: 200
content-length: 5131
x-response-time: 146
surrogate-key: card_img card_img/bucket/2 card_img/1305891067364028416
last-modified: Tue, 15 Sep 2020 15:25:47 GMT
server: ECS (fcn/41A2)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 3b9cecabde4db46e0ee99b33126899ad
accept-ranges: bytes

GET
H2 200 TZ3VXVNm
pbs.twimg.com/card_img/1304495349596332035/ Frame 27D2 33 KB
34 KB 23ms
11ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1304495349596332035/TZ3VXVNm?format=jpg&name=600x314

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4197) /

Resource Hash

b8638c6560401ceaa44e16b32245f9516c3cd767f7546003277265ccd7aa5e66

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 413095
x-cache: HIT
status: 200
content-length: 34235
x-response-time: 151
surrogate-key: card_img card_img/bucket/8 card_img/1304495349596332035
last-modified: Fri, 11 Sep 2020 18:59:42 GMT
server: ECS (fcn/4197)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 7c8406218f68baf80759dd21e34e5c10
accept-ranges: bytes

GET
H2 200 UV9demJf
pbs.twimg.com/card_img/1305577841803714560/ Frame 27D2 6 KB
7 KB 16ms
15ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1305577841803714560/UV9demJf?format=jpg&name=144x144_2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4194) /

Resource Hash

8602dbbc6945c0457b209ae943c6e15bf222160ea37c5ababcbc5b5ef920efb2

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 162603
x-cache: HIT
status: 200
content-length: 6561
x-response-time: 149
surrogate-key: card_img card_img/bucket/5 card_img/1305577841803714560
last-modified: Mon, 14 Sep 2020 18:41:08 GMT
server: ECS (fcn/4194)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: b8ce987168417c89d24ee56839828b07
accept-ranges: bytes

GET
H2 200 4MBYgh07
pbs.twimg.com/card_img/1305501025407827971/ Frame 27D2 4 KB
4 KB 68ms
64ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1305501025407827971/4MBYgh07?format=jpg&name=144x144_2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/419F) /

Resource Hash

6c862bc35e8f0a33826d4313416658dc73c593b92afd86f4a4c931b54b63975f

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 185437
x-cache: HIT
status: 200
content-length: 3986
x-response-time: 145
surrogate-key: card_img card_img/bucket/1 card_img/1305501025407827971
last-modified: Mon, 14 Sep 2020 13:35:54 GMT
server: ECS (fcn/419F)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 717e2a034bf10061fb1d258eb4075c95
accept-ranges: bytes

GET
H2 200 timeline.32f7f89e2e680ebfe3f4cfefb27966ae.light.ltr.css
platform.twitter.com/css/ Frame 27D2 53 KB
12 KB 26ms
23ms Stylesheet
text/css 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/css/timeline.32f7f89e2e680ebfe3f4cfefb27966ae.light.ltr.css
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 8a322ede0b619b9051fccbe2a1a31f402f416d45f92c245aafcbe75e42f6f2b2

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
content-encoding: gzip
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 12144
x-served-by: cache-bwi5122-BWI, cache-hhn4030-HHN
last-modified: Tue, 01 Sep 2020 17:58:05 GMT
etag: "fb5a989a2b36d6be5344baad6a1936fd+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 timeline.32f7f89e2e680ebfe3f4cfefb27966ae.light.ltr.css
platform.twitter.com/css/ 53 KB
53 KB 25ms
22ms Image
text/css 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform.twitter.com/css/timeline.32f7f89e2e680ebfe3f4cfefb27966ae.light.ltr.css
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
content-encoding: gzip
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 12144
x-served-by: cache-bwi5122-BWI, cache-hhn4030-HHN
last-modified: Tue, 01 Sep 2020 17:58:05 GMT
etag: "fb5a989a2b36d6be5344baad6a1936fd+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 SX1kerR9
pbs.twimg.com/card_img/1306240149634809857/ Frame 27D2 28 KB
28 KB 68ms
63ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1306240149634809857/SX1kerR9?format=jpg&name=600x314

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline~tweet.2e5232162202896d50461b242819754e.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40E4) /

Resource Hash

35615d33d85399601fd518df62c212642b6395b7fe44950bcfdcd97e9ecb33e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 10235
x-cache: HIT
status: 200
content-length: 28621
x-response-time: 161
surrogate-key: card_img card_img/bucket/4 card_img/1306240149634809857
last-modified: Wed, 16 Sep 2020 14:32:55 GMT
server: ECS (fcn/40E4)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 655bf8f2eb76903a28a3274453bd1120
accept-ranges: bytes

GET
H2 200 96QNTyyb
pbs.twimg.com/card_img/1306130309818314754/ Frame 27D2 7 KB
7 KB 68ms
63ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1306130309818314754/96QNTyyb?format=jpg&name=144x144_2

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline~tweet.2e5232162202896d50461b242819754e.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41A9) /

Resource Hash

f97c8a23733f498102cec9c49e2dddbd6cf7935437c714d8a0f79a9d9101893c

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 28680
x-cache: HIT
status: 200
content-length: 6837
x-response-time: 159
surrogate-key: card_img card_img/bucket/1 card_img/1306130309818314754
last-modified: Wed, 16 Sep 2020 07:16:27 GMT
server: ECS (fcn/41A9)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 2499868beb2c6a1f1b7756a2e1a26644
accept-ranges: bytes

GET
H2 200 is5mSep2_normal.png
pbs.twimg.com/profile_images/542789702365892608/ Frame 27D2 3 KB
3 KB 69ms
64ms Image
image/png 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/542789702365892608/is5mSep2_normal.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4199) /

Resource Hash

9ce05f444e82bdeaa45fcb475a4a01761d687fc8369b1f12af28ae8a869275d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 381972
x-cache: HIT
status: 200
content-length: 3251
x-response-time: 127
surrogate-key: profile_images profile_images/bucket/7 profile_images/542789702365892608
last-modified: Wed, 10 Dec 2014 21:13:24 GMT
server: ECS (fcn/4199)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: d20e59628d629999a8aed50315b127ab
accept-ranges: bytes

GET
H2 200 TB7O3TW0_normal.jpg
pbs.twimg.com/profile_images/1058367083518529536/ Frame 27D2 2 KB
2 KB 68ms
67ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1058367083518529536/TB7O3TW0_normal.jpg

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40D7) /

Resource Hash

a71906f87b3603ad144c94d721618e87bd868fefbabf53743730c6aa0f1b1343

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 441188
x-cache: HIT
status: 200
content-length: 2111
x-response-time: 121
surrogate-key: profile_images profile_images/bucket/1 profile_images/1058367083518529536
last-modified: Fri, 02 Nov 2018 14:33:50 GMT
server: ECS (fcn/40D7)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 2912be4abff48b3e94ccf56cef12ba00
accept-ranges: bytes

GET
H2 200 554822d0890b8ee3a9a5b10a0463f473_normal.jpeg
pbs.twimg.com/profile_images/2948853946/ Frame 27D2 897 B
1 KB 76ms
75ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/2948853946/554822d0890b8ee3a9a5b10a0463f473_normal.jpeg

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40E8) /

Resource Hash

3c7e5ca3e12d90c4b56b8c300e92cb5d618d32155ca76daaeb28faffabde39c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 354540
x-cache: HIT
status: 200
content-length: 897
x-response-time: 127
surrogate-key: profile_images profile_images/bucket/4 profile_images/2948853946
last-modified: Thu, 04 Nov 2010 01:42:54 GMT
server: ECS (fcn/40E8)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 931d7cf98a348ee9a8f6c008cfbaa326
accept-ranges: bytes

GET
H2 200 cmJodK8D_normal.jpg
pbs.twimg.com/profile_images/1010226496915496960/ Frame 27D2 2 KB
2 KB 19ms
7ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1010226496915496960/cmJodK8D_normal.jpg

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41D7) /

Resource Hash

49f8cdf3a056d72bfe4d38df8785ed6086e5cdbe2d4c99cd40f67db286d4c5d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 271874
x-cache: HIT
status: 200
content-length: 1807
x-response-time: 128
surrogate-key: profile_images profile_images/bucket/6 profile_images/1010226496915496960
last-modified: Fri, 22 Jun 2018 18:20:20 GMT
server: ECS (fcn/41D7)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: a5096d2fce8a21abd0f48ccff0bf2e96
accept-ranges: bytes

GET
H2 200 yHBzevca_normal.jpg
pbs.twimg.com/profile_images/960697304947847168/ Frame 27D2 2 KB
2 KB 20ms
8ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/960697304947847168/yHBzevca_normal.jpg

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/418A) /

Resource Hash

242588a5590eef2abf087d43680d265ab42c17689739c57d8f1fe85e39cbec62

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 452503
x-cache: HIT
status: 200
content-length: 1807
x-response-time: 114
surrogate-key: profile_images profile_images/bucket/6 profile_images/960697304947847168
last-modified: Tue, 06 Feb 2018 02:09:01 GMT
server: ECS (fcn/418A)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 15600f7cd6cee66b86501c634626153e
accept-ranges: bytes

GET
H2 200 EgmT-fSWsAEALF1
pbs.twimg.com/media/ Frame 27D2 13 KB
13 KB 21ms
9ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EgmT-fSWsAEALF1?format=jpg&name=360x360

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4191) /

Resource Hash

be1df94810e0fb0a01ef4d448c3b54c8f55f7ff7a1fb1eb83c1e1de58ee7483f

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 340627
x-cache: HIT
status: 200
content-length: 13195
x-response-time: 127
surrogate-key: media media/bucket/4 media/1299732669232754689
last-modified: Sat, 29 Aug 2020 15:34:30 GMT
server: ECS (fcn/4191)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 0cb101ca7f3958f4b2a79fd3b932ac50
accept-ranges: bytes

GET
H2 200 EfoIy1jXYAMcZ_2
pbs.twimg.com/media/ Frame 27D2 14 KB
14 KB 16ms
8ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EfoIy1jXYAMcZ_2?format=jpg&name=small

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40D7) /

Resource Hash

f939394bec5848077632a6aebd70cb05edafae19ea8d32bc6b9d2be1090e349f

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 176205
x-cache: HIT
status: 200
content-length: 14088
x-response-time: 125
surrogate-key: media media/bucket/0 media/1295357512284332035
last-modified: Mon, 17 Aug 2020 13:49:12 GMT
server: ECS (fcn/40D7)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 22d78bf89f6425ea0be73867f5b3d52f
accept-ranges: bytes

GET
H2 200 EiCvcutXsAEE4o7
pbs.twimg.com/media/ Frame 27D2 9 KB
9 KB 17ms
9ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EiCvcutXsAEE4o7?format=jpg&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40B0) /

Resource Hash

22c2843c4710a2ce2528d9ca8df4235601704f70777e7c404c2e5640826de21f

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 10769
x-cache: HIT
status: 200
content-length: 8801
x-response-time: 164
surrogate-key: media media/bucket/2 media/1306236800046968833
last-modified: Wed, 16 Sep 2020 14:19:36 GMT
server: ECS (fcn/40B0)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 0b75a1b448166ac09262641fe75a5154
accept-ranges: bytes

GET
H2 200 EiCvf_wXkAA5CEN
pbs.twimg.com/media/ Frame 27D2 5 KB
5 KB 12ms
10ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EiCvf_wXkAA5CEN?format=jpg&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41D7) /

Resource Hash

f41efbc61189d25ffe57ac93dd79480455f016179ba2594d7990f6f4258ab953

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 10769
x-cache: HIT
status: 200
content-length: 4968
x-response-time: 160
surrogate-key: media media/bucket/9 media/1306236856162553856
last-modified: Wed, 16 Sep 2020 14:19:49 GMT
server: ECS (fcn/41D7)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: e4dc302e4efde1b0060c2df18f4931b7
accept-ranges: bytes

GET
H2 200 EiCvjwsX0AEZdDG
pbs.twimg.com/media/ Frame 27D2 2 KB
2 KB 73ms
60ms Image
image/png 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EiCvjwsX0AEZdDG?format=png&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40B6) /

Resource Hash

71309d21fd82c57354b34487ff868904dad240c520d211e2f3fee28d6414611e

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 10769
x-cache: HIT
status: 200
content-length: 1583
x-response-time: 146
surrogate-key: media media/bucket/2 media/1306236920838737921
last-modified: Wed, 16 Sep 2020 14:20:05 GMT
server: ECS (fcn/40B6)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: ebffc33e050aae4ee11497b8ee99b2f5
accept-ranges: bytes

GET
H2 200 EiCvzJlXkAITuRc
pbs.twimg.com/media/ Frame 27D2 28 KB
28 KB 74ms
61ms Image
image/png 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EiCvzJlXkAITuRc?format=png&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40DA) /

Resource Hash

68ef2db0044b0bc91c0c74013fe8a8839d953a1fa0fc8766a2d1921cc0767da2

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 10769
x-cache: HIT
status: 200
content-length: 28513
x-response-time: 149
surrogate-key: media media/bucket/8 media/1306237185218285570
last-modified: Wed, 16 Sep 2020 14:21:08 GMT
server: ECS (fcn/40DA)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 05765b8657fb767669a7dc40af0516ef
accept-ranges: bytes

GET
H2 200 EhyM38YXsAAyNVW
pbs.twimg.com/media/ Frame 27D2 5 KB
5 KB 175ms
162ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EhyM38YXsAAyNVW?format=jpg&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40E2) /

Resource Hash

9b8115b40bf3869ba5a712cee0bbf754ce7b97875e93f086dc9fbb5fa75a1f11

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:47 GMT
x-content-type-options: nosniff
age: 281555
x-cache: HIT
status: 200
content-length: 5019
x-response-time: 152
surrogate-key: media media/bucket/7 media/1305072884759638016
last-modified: Sun, 13 Sep 2020 09:14:37 GMT
server: ECS (fcn/40E2)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: ed2342ba90c0a81a94c987a8f15d7c8c
accept-ranges: bytes

GET
H2 200 EhyN7BnWAAAo3wG
pbs.twimg.com/media/ Frame 27D2 17 KB
17 KB 74ms
61ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EhyN7BnWAAAo3wG?format=jpg&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40DB) /

Resource Hash

a6032ff79b2fad1bb5a468918fc49dc1178db84a65d3e23096ccb41d13905f9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 281554
x-cache: HIT
status: 200
content-length: 16928
x-response-time: 185
surrogate-key: media media/bucket/9 media/1305074037215854592
last-modified: Sun, 13 Sep 2020 09:19:12 GMT
server: ECS (fcn/40DB)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: cb25b939339c35fe25369c0579562559
accept-ranges: bytes

GET
H2 200 EhyOMvLXsAEE14O
pbs.twimg.com/media/ Frame 27D2 6 KB
6 KB 76ms
66ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EhyOMvLXsAEE14O?format=jpg&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40D6) /

Resource Hash

7800b40f542132a2f06b7f476c83db62d5dca0f6592cb61e99ccbdee71e55c3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
x-content-type-options: nosniff
age: 281554
x-cache: HIT
status: 200
content-length: 6422
x-response-time: 160
surrogate-key: media media/bucket/9 media/1305074341504331777
last-modified: Sun, 13 Sep 2020 09:20:24 GMT
server: ECS (fcn/40D6)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: e59d32d5a92ea4952b3e512fce690ae8
accept-ranges: bytes

GET
H2 200 EhyO5wQWoAA81qT
pbs.twimg.com/media/ Frame 27D2 8 KB
8 KB 172ms
162ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EhyO5wQWoAA81qT?format=jpg&name=240x240

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40E2) /

Resource Hash

ac9f660c71252375260c511a7ab14b3c411c6735d1f922a098d6d676a3b60be4

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:47 GMT
x-content-type-options: nosniff
age: 281555
x-cache: HIT
status: 200
content-length: 7810
x-response-time: 165
surrogate-key: media media/bucket/9 media/1305075114887782400
last-modified: Sun, 13 Sep 2020 09:23:29 GMT
server: ECS (fcn/40E2)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 14e3fa3a120df0a61e23cb92bc755e81
accept-ranges: bytes

GET
H2 200 syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css
ton.twimg.com/tfw/css/ Frame 27D2 44 KB
7 KB 95ms
64ms Stylesheet
text/css 2606:2800:233:7ee2:97c:ab4c:6c70:be36
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://ton.twimg.com/tfw/css/syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:7ee2:97c:ab4c:6c70:be36 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8FC6) /

Resource Hash

a549034009f79ead18a2154a8b730d8acb61e2f36c0434c0f9cff0f73df5d8cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 601107
x-ton-expected-size: 45170
x-cache: HIT
status: 200
vary: Accept-Encoding
content-length: 6839
x-response-time: 8
surrogate-key: tfw
last-modified: Tue, 14 May 2019 18:53:54 GMT
server: ECAcc (frc/8FC6)
etag: "4mhImCFS9rptiUICNnLD1g=="
strict-transport-security: max-age=631138519
content-type: text/css
access-control-allow-origin: *
x-connection-hash: 270b84f19322789fec971540df83998a
accept-ranges: bytes
expires: Wed, 23 Sep 2020 17:25:46 GMT

GET
H2 200 syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css
ton.twimg.com/tfw/css/ 44 KB
44 KB 95ms
64ms Image
text/css 2606:2800:233:7ee2:97c:ab4c:6c70:be36
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ton.twimg.com/tfw/css/syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:7ee2:97c:ab4c:6c70:be36 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8FC6) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 601107
x-ton-expected-size: 45170
x-cache: HIT
status: 200
vary: Accept-Encoding
content-length: 6839
x-response-time: 8
surrogate-key: tfw
last-modified: Tue, 14 May 2019 18:53:54 GMT
server: ECAcc (frc/8FC6)
etag: "4mhImCFS9rptiUICNnLD1g=="
strict-transport-security: max-age=631138519
content-type: text/css
access-control-allow-origin: *
x-connection-hash: 270b84f19322789fec971540df83998a
accept-ranges: bytes
expires: Wed, 23 Sep 2020 17:25:46 GMT

GET
DATA 200
OK truncated
/ Frame 27D2 512 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eddfb285df91d818926b2f8ec64c71be82e0ea4f21ca9f63f5b0bc5dbcd75b0b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 27D2 825 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 45055babdbc02ea34c7baa53f33fc68389c4c5f73afe0bfafd6c9bc5733399bc

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 27D2 739 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4ed07f590bdfa9aa775dbfdef617d98e1e972d102d4289c7a68d3bd9118c280b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 27D2 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ded16b9cb72df85ea242aaef8878c716abb57c746f0bfda6eabd2b9ddb2a23b5

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 27D2 572 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 42ecd6904f43af4e6cef62ddbeffa7b2b0b6c8ec5080a3e1deec4576f4294859

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 27D2 644 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 195e8e91bc727766f427243d4cfb79cdc873639991600bf99e9d2cab5cad77c8

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 141 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a3f36146f67554b989421cd2be6d58d97fc92f7c6e130d6152a0659a770f8fc2

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 wifi-hacking.png
seguranca-informatica.pt/wp-content/uploads/2018/08/ 10 KB
10 KB 208ms
207ms Image
image/png 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2018/08/wifi-hacking.png

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

76d666bbc532de8a57f94ae08e5759b437ba2557e3b8c2169593bd1f1de01453

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:47 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
vary: Accept-Encoding
content-length: 10169
cf-request-id: 05398c86390000977ee0a84200000001
referrer-policy
last-modified: Wed, 08 Aug 2018 12:16:33 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49e9fb35977e-FRA

GET
H2 200 dns-resolver.jpg
seguranca-informatica.pt/wp-content/uploads/2018/04/ 145 KB
146 KB 287ms
287ms Image
image/jpeg 2606:4700:3037::681b:bc6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seguranca-informatica.pt/wp-content/uploads/2018/04/dns-resolver.jpg

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::681b:bc6c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fefc057c0b9151beb858748b560413577988155200b6c1d85a1ac1bec44af1e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:47 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
vary: Accept-Encoding
content-length: 148734
cf-request-id: 05398c86390000977ee0a85200000001
referrer-policy
last-modified: Sun, 29 Apr 2018 10:35:18 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5d3c49e9fb36977e-FRA

GET
H2 200 SX1kerR9
pbs.twimg.com/card_img/1306240149634809857/ Frame 27D2 28 KB
28 KB 7ms
7ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1306240149634809857/SX1kerR9?format=jpg&name=600x314

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40E4) /

Resource Hash

35615d33d85399601fd518df62c212642b6395b7fe44950bcfdcd97e9ecb33e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:47 GMT
x-content-type-options: nosniff
age: 10236
x-cache: HIT
status: 200
content-length: 28621
x-response-time: 161
surrogate-key: card_img card_img/bucket/4 card_img/1306240149634809857
last-modified: Wed, 16 Sep 2020 14:32:55 GMT
server: ECS (fcn/40E4)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 655bf8f2eb76903a28a3274453bd1120
accept-ranges: bytes

GET
H2 200 96QNTyyb
pbs.twimg.com/card_img/1306130309818314754/ Frame 27D2 7 KB
7 KB 33ms
33ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1306130309818314754/96QNTyyb?format=jpg&name=144x144_2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41A9) /

Resource Hash

f97c8a23733f498102cec9c49e2dddbd6cf7935437c714d8a0f79a9d9101893c

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:47 GMT
x-content-type-options: nosniff
age: 28681
x-cache: HIT
status: 200
content-length: 6837
x-response-time: 159
surrogate-key: card_img card_img/bucket/1 card_img/1306130309818314754
last-modified: Wed, 16 Sep 2020 07:16:27 GMT
server: ECS (fcn/41A9)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 2499868beb2c6a1f1b7756a2e1a26644
accept-ranges: bytes

GET
H2 200 IFyeRqOQ
pbs.twimg.com/card_img/1305870446097825795/ Frame 27D2 7 KB
7 KB 7ms
6ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1305870446097825795/IFyeRqOQ?format=jpg&name=144x144_2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/418F) /

Resource Hash

9d0a480f9d066fcc93a12357cfa833ffd2f8246ef534ba2a02be778b9406147d

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:47 GMT
x-content-type-options: nosniff
age: 98297
x-cache: HIT
status: 200
content-length: 6807
x-response-time: 152
surrogate-key: card_img card_img/bucket/2 card_img/1305870446097825795
last-modified: Tue, 15 Sep 2020 14:03:50 GMT
server: ECS (fcn/418F)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: b77a6faadd68beb8e9e7f9dc537823db
accept-ranges: bytes

GET
H2 200 IFyeRqOQ
pbs.twimg.com/card_img/1305870446097825795/ Frame 27D2 7 KB
7 KB 8ms
8ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1305870446097825795/IFyeRqOQ?format=jpg&name=144x144_2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/418F) /

Resource Hash

9d0a480f9d066fcc93a12357cfa833ffd2f8246ef534ba2a02be778b9406147d

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:47 GMT
x-content-type-options: nosniff
age: 98297
x-cache: HIT
status: 200
content-length: 6807
x-response-time: 152
surrogate-key: card_img card_img/bucket/2 card_img/1305870446097825795
last-modified: Tue, 15 Sep 2020 14:03:50 GMT
server: ECS (fcn/418F)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: b77a6faadd68beb8e9e7f9dc537823db
accept-ranges: bytes

GET
H2 200 3lP57Wzx
pbs.twimg.com/card_img/1306198592789635072/ Frame 27D2 4 KB
4 KB 7ms
7ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1306198592789635072/3lP57Wzx?format=jpg&name=144x144_2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41AC) /

Resource Hash

00d29b08901229db2234ca108b5697ccbf7069743212c9143a21de6e5fdc0377

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:47 GMT
x-content-type-options: nosniff
age: 19580
x-cache: HIT
status: 200
content-length: 3646
x-response-time: 146
surrogate-key: card_img card_img/bucket/1 card_img/1306198592789635072
last-modified: Wed, 16 Sep 2020 11:47:47 GMT
server: ECS (fcn/41AC)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: d1525517c938484ddf30e2a1e95e1fd6
accept-ranges: bytes

GET
H2 200 nYGUMvz4
pbs.twimg.com/card_img/1306163827684323328/ Frame 27D2 6 KB
7 KB 7ms
6ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1306163827684323328/nYGUMvz4?format=jpg&name=144x144_2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40AE) /

Resource Hash

9975832ec96ac91e1ee6b03a587673960e14d9a25cab0124783f61e8ee6b970a

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:47 GMT
x-content-type-options: nosniff
age: 27609
x-cache: HIT
status: 200
content-length: 6634
x-response-time: 135
surrogate-key: card_img card_img/bucket/6 card_img/1306163827684323328
last-modified: Wed, 16 Sep 2020 09:29:38 GMT
server: ECS (fcn/40AE)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 653e222a1cb252993e9b7e39c2634c40
accept-ranges: bytes

GET
H2 200 8wihaq6A
pbs.twimg.com/card_img/1304155623270084609/ Frame 27D2 5 KB
6 KB 7ms
6ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1304155623270084609/8wihaq6A?format=jpg&name=144x144_2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41AE) /

Resource Hash

0da2bb9d1b02accc6fcfb93e39ad0658ca144221c1aae2007d205e31020791c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:47 GMT
x-content-type-options: nosniff
age: 93780
x-cache: HIT
status: 200
content-length: 5494
x-response-time: 155
surrogate-key: card_img card_img/bucket/6 card_img/1304155623270084609
last-modified: Thu, 10 Sep 2020 20:29:45 GMT
server: ECS (fcn/41AE)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 7531992e855a1231c9edf394665b07a8
accept-ranges: bytes

GET
H2 200 H_nFRJQJ
pbs.twimg.com/card_img/1305897592484777984/ Frame 27D2 4 KB
4 KB 6ms
6ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1305897592484777984/H_nFRJQJ?format=jpg&name=144x144_2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/40B1) /

Resource Hash

beeb1d89a4cb53349e346dd38586831ffbcb369de78d8e4d53166c7d3f079837

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:47 GMT
x-content-type-options: nosniff
age: 91295
x-cache: HIT
status: 200
content-length: 3844
x-response-time: 148
surrogate-key: card_img card_img/bucket/7 card_img/1305897592484777984
last-modified: Tue, 15 Sep 2020 15:51:43 GMT
server: ECS (fcn/40B1)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: ff9f05f9bd74f7386014062d86276688
accept-ranges: bytes

GET
H2 200 alfie.f51946af45e0b561c60f768335c9eb79.js Show response
c.disquscdn.com/next/embed/ 19 KB
7 KB 20ms
20ms Script
application/javascript 2606:4700::6812:a913
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/alfie.f51946af45e0b561c60f768335c9eb79.js

Requested by

Host: seguranca-informatica.disqus.com
URL: https://seguranca-informatica.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a913 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eda8f00e9255746e7620848227aca122053845c9b4a90f1b3e26b4cd99af9e25

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4700283
status: 200
strict-transport-security: max-age=300; includeSubdomains
content-length: 6605
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Wed, 15 Jan 2020 01:04:45 GMT
server: cloudflare
etag: "5e1e652d-19cd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
cf-request-id: 05398c874900002c42fb337200000001
accept-ranges: bytes
cf-ray: 5d3c49eba8262c42-FRA
expires: Thu, 14 Jan 2021 09:43:16 GMT

GET
H2 200 uPnx7gg0
pbs.twimg.com/card_img/1305891067364028416/ Frame 27D2 5 KB
5 KB 6ms
6ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1305891067364028416/uPnx7gg0?format=jpg&name=144x144_2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/41A2) /

Resource Hash

a7a4410806b5bacbe492e33107ea69a13818ac30977ca44c47e8e75545e2b172

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:47 GMT
x-content-type-options: nosniff
age: 93251
x-cache: HIT
status: 200
content-length: 5131
x-response-time: 146
surrogate-key: card_img card_img/bucket/2 card_img/1305891067364028416
last-modified: Tue, 15 Sep 2020 15:25:47 GMT
server: ECS (fcn/41A2)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 3b9cecabde4db46e0ee99b33126899ad
accept-ranges: bytes

GET
H2 200 TZ3VXVNm
pbs.twimg.com/card_img/1304495349596332035/ Frame 27D2 33 KB
34 KB 6ms
6ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1304495349596332035/TZ3VXVNm?format=jpg&name=600x314

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4197) /

Resource Hash

b8638c6560401ceaa44e16b32245f9516c3cd767f7546003277265ccd7aa5e66

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:47 GMT
x-content-type-options: nosniff
age: 413096
x-cache: HIT
status: 200
content-length: 34235
x-response-time: 151
surrogate-key: card_img card_img/bucket/8 card_img/1304495349596332035
last-modified: Fri, 11 Sep 2020 18:59:42 GMT
server: ECS (fcn/4197)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 7c8406218f68baf80759dd21e34e5c10
accept-ranges: bytes

GET
H2 200 realtime.af77184dec69e96e69aff958ae2bb738.css
c.disquscdn.com/next/embed/styles/ Frame 0D17 337 B
463 B 15ms
15ms Stylesheet
text/css 2606:4700::6812:a913
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/realtime.af77184dec69e96e69aff958ae2bb738.css

Requested by

Host: seguranca-informatica.disqus.com
URL: https://seguranca-informatica.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a913 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 19213671
status: 200
strict-transport-security: max-age=300; includeSubdomains
content-length: 244
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Tue, 04 Feb 2020 01:14:10 GMT
server: cloudflare
etag: "5e38c562-f4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
cf-request-id: 05398c876300002c42fb341200000001
accept-ranges: bytes
cf-ray: 5d3c49ebd89b2c42-FRA
expires: Thu, 04 Feb 2021 13:19:18 GMT

GET
H2 200 realtime.af77184dec69e96e69aff958ae2bb738.css
c.disquscdn.com/next/embed/styles/ Frame 1FDF 337 B
334 B 19ms
19ms Stylesheet
text/css 2606:4700::6812:a913
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/realtime.af77184dec69e96e69aff958ae2bb738.css

Requested by

Host: seguranca-informatica.disqus.com
URL: https://seguranca-informatica.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a913 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 19213671
status: 200
strict-transport-security: max-age=300; includeSubdomains
content-length: 244
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Tue, 04 Feb 2020 01:14:10 GMT
server: cloudflare
etag: "5e38c562-f4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
cf-request-id: 05398c876800002c42fb342200000001
accept-ranges: bytes
cf-ray: 5d3c49ebd8b42c42-FRA
expires: Thu, 04 Feb 2021 13:19:18 GMT

GET
H2 200 UV9demJf
pbs.twimg.com/card_img/1305577841803714560/ Frame 27D2 6 KB
7 KB 8ms
7ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1305577841803714560/UV9demJf?format=jpg&name=144x144_2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/4194) /

Resource Hash

8602dbbc6945c0457b209ae943c6e15bf222160ea37c5ababcbc5b5ef920efb2

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:47 GMT
x-content-type-options: nosniff
age: 162604
x-cache: HIT
status: 200
content-length: 6561
x-response-time: 149
surrogate-key: card_img card_img/bucket/5 card_img/1305577841803714560
last-modified: Mon, 14 Sep 2020 18:41:08 GMT
server: ECS (fcn/4194)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: b8ce987168417c89d24ee56839828b07
accept-ranges: bytes

GET
H2 200 4MBYgh07
pbs.twimg.com/card_img/1305501025407827971/ Frame 27D2 4 KB
4 KB 8ms
8ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1305501025407827971/4MBYgh07?format=jpg&name=144x144_2

Requested by

Host: seguranca-informatica.pt
URL: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (fcn/419F) /

Resource Hash

6c862bc35e8f0a33826d4313416658dc73c593b92afd86f4a4c931b54b63975f

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:47 GMT
x-content-type-options: nosniff
age: 185438
x-cache: HIT
status: 200
content-length: 3986
x-response-time: 145
surrogate-key: card_img card_img/bucket/1 card_img/1305501025407827971
last-modified: Mon, 14 Sep 2020 13:35:54 GMT
server: ECS (fcn/419F)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 717e2a034bf10061fb1d258eb4075c95
accept-ranges: bytes

GET
H/1.1 200
OK ping Show response
links.services.disqus.com/api/ 305 B
937 B 118ms
69ms XHR
text/javascript 151.101.112.64
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://links.services.disqus.com/api/ping?format=jsonp&key=cfdfcf52dffd0a702a61bad27507376d&loc=https%3A%2F%2Fseguranca-informatica.pt%2Fthreat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader%2F%23.X2JKmZ6xX0P&subId=5368311&v=1&jsonp=vglnk_jsonp_16002771475200
Requested by: Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie.f51946af45e0b561c60f768335c9eb79.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.64 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: d8eff42df2fab7eedf9599e9c2c1b8dcbdc97c6f4b344b8cb7fdc05530a31acd

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 16 Sep 2020 17:25:47 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://seguranca-informatica.pt
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 305
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
6 KB 19ms
18ms XHR
application/json 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20200914&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200914/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2f387b7b13ce156d6850f66b569dd1045627bcdcd5786c7b69c5db8e10a436a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Sep 2020 17:25:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6438
x-xss-protection: 0

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 14 KB
6 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200914/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 17:25:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1591403518460474"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5540
x-xss-protection: 0
expires: Wed, 16 Sep 2020 17:25:47 GMT

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/210/ Frame E7CA 0
0 6ms
6ms Document
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/210/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 4590
date: Wed, 16 Sep 2020 15:55:44 GMT
expires: Thu, 16 Sep 2021 15:55:44 GMT
last-modified: Wed, 26 Feb 2020 19:47:50 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 5403
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
22 B 15ms
14ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=210&t=2&li=gda_r20200914&jk=855104443021725&bg=!9_Sl9OxY7ukPa5JYUuQCAAAAfFIAAAASCgG09kAyfjqLVwMU7j6Dw10Zz6B_id55e558QXIFhOjjZPHhYF2K4W8v52_WM-_8jyPqF6S4u_mky4yzvqJ157CRj_D2IKUr_dma1UM9FH9oAAbPOHWd5e_dqwyGP4QePH4E4Fe_PIJ73gAf62NymOiRqmOBT495BbGBb9xZdxS-G96e8XrhNOBR56LyJ1ggfd5yAmVYDjqeD4NpdevFH-gooU-ZPzHzVw1NMMS1i7JgxHrxmsyY3uAVf6Ou7Vw37yvq7L4qEMrNsKN79xqPOiUENLbwXbERG2Oaxf7YVtBfJNrL2hKIufjHT9_FaJXFpHPUE73p1P3hWa3BGU9eqHeZr-ElpUxDbrIM_mdY-PfU6J3FXI3RhaoL_MjzA87N-c-9S_3ctMHnrUZZLn78yCVTa4jGHg3cpAlR1n6osQmxuRz4UtQrjK_NWBocfA8Qe7iVBxKQbhQKZyBm0yKLj6pZgckEiAeSKRB3CxShvmyHL8zGFqbTFNZAcafw3mh9okTyyoO6wk8_y7GS36Iip2WsrlsWHyUorw4xMszpYrJ4VYP1W8zgJtznuAh2blxaxw75gV1j_JkBsWrnhHxD8_Hj-eOqYqqjdiw486uuGqjXELbmGcbq7HEdfStQsO50IctFJgR6pUk0LqUjS9Teh6l5uJNKBoPFVQpXiTzOq3J7GqPhS1p_4kHq5Qs0Mh21EuYNJ8oyzsFYWKmSKhOvq6X4pulBdC3p4CWjy7vcixy3uiYbkFkBQZyVQ95RexNb4c8DkcOy20G5kncbSUKNf31L3cbrPkSVUIwrLmturftnRmzqTzoDuiy1aFmcQ0uNKc_jiX8B7PJvJe-RdHZUVJ1vjtMjc2F03Hy4r9ZhR4FeCG2OnmtLHENozcMJK_Xrz6Wwt5C1XaPmmNUcA_Rtnetxn2WwhtwkIFqxSPRv3x5CotX4mXlg0i3KDeDOQk_7sGJnYoYmrjLVy1MuAU1fIA67thcuDSoQaXO1011rl_cLq-huDHFQjabSWVvdcYUFwQLKZlFGqJKqoODIXIU_kA3Lem00q6tYfQVKTpvBc3VGNDRfbdYtriGRw08W0_OLxBQgGSusjkPkOuxo2Ict6G0wD221axji3XIgmRo2Oh2BxN4-ybO0YsmkeASbREIQOO3RYT2KDVfWnUM

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Sep 2020 17:25:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

jot.html
platform.twitter.com/ Frame EACD
Redirect Chain

https://syndication.twitter.com/i/jot
https://platform.twitter.com/jot.html

0
0

23ms
22ms

Document
text/html

151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/jot.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: platform.twitter.com
:scheme: https
:path: /jot.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
Origin: https://seguranca-informatica.pt
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
last-modified: Tue, 01 Sep 2020 20:40:53 GMT
cache-control: public, max-age=315360000
content-type: text/html; charset=utf-8
etag: "d9592a6c704736fa4da218d4357976dd+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Wed, 16 Sep 2020 17:25:48 GMT
x-served-by: cache-bwi5129-BWI, cache-hhn4030-HHN
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 95

Redirect headers

status: 302 302 Found
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-length: 0
content-type: text/html;charset=utf-8
date: Wed, 16 Sep 2020 17:25:48 GMT
expires: Tue, 31 Mar 1981 05:00:00 GMT
last-modified: Wed, 16 Sep 2020 17:25:48 GMT
location: https://platform.twitter.com/jot.html
pragma: no-cache
server: tsa_o
strict-transport-security: max-age=631138519
x-connection-hash: 211ed43b098879bb7108d52445f2ab5d
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 145
x-transaction: 0082a79c00034812
x-tsa-request-body-time: 13
x-twitter-response-tags: BouncerCompliant
x-xss-protection: 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: s7.addthis.com
URL: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Verdicts & Comments Add Verdict or Comment

153 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.addthis.com/	1970-01-19 22:00:05	Name: uvc Value: 1%7C38
.facebook.com/	1970-01-19 14:40:53	Name: fr Value: 0D3XAXxHh7OKOZe3m..BfYkqZ...1.0.BfYkqZ.
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: 92zfkDI5wDA
.youtube.com/	1970-01-19 16:50:29	Name: VISITOR_INFO1_LIVE Value: janiAHAE3z4
.google.com/	1970-01-19 16:54:48	Name: NID Value: 204=UrHOcYtfKALbwz8PP5EHX8TzaTqBDUkGLQ3zFXFYku_HbFTnVuPuON0jwlpkM2Y-3DOw4lKRfjfAn-aoC9NkUU7QTnG5wEvoZ-g1bY6SoeD_MjS8i3qe7cYH6eSKWVcU2Pfmmo4afIw8643pQQi434jn4TTdIOTlICiXJVxiNIs
.doubleclick.net/	1970-01-19 12:31:20	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-19 21:52:53	Name: IDE Value: AHWqTUmoEdWD2faLUtv3zyPudCv0rQQUtj9oecy6oe_iyC5DSSPz-DIx1lFcB5wd
.docs.google.com/spreadsheets/d/e/2PACX-1vTywaGMDIQs-kCS-XY81EXjYtsUkH3G_ici8a0c3X80Q-MXpdxa70vn55MQKz4V_-4HIi1_CkSHz90q	1970-01-19 12:31:20	Name: S Value: apps-spreadsheets=8k5uiMUsjQzyLJxpY3eOugOH8JRXYSYK2oqbNqgFCJs
.seguranca-informatica.pt/	1970-01-19 12:32:43	Name: _gid Value: GA1.2.1581752463.1600277145
seguranca-informatica.pt/	1969-12-31 23:59:59	Name: __atrfs Value: ab/\|pos/\|tot/\|rsi/5f622fcd00000000\|cfc/\|hash/0\|rsiq/\|fuid/3fe2bc85\|rxi/\|rsc/addressbar\|gen/3\|csi/\|dr/
seguranca-informatica.pt/	1970-01-19 12:31:18	Name: __atuvs Value: 5f624a991a022f06000
seguranca-informatica.pt/	1970-01-19 22:00:05	Name: __atuvc Value: 1%7C38
.addthis.com/	1970-01-19 22:00:05	Name: loc Value: MDAwMDBFVUJFMDAyMzExMTgzODAwMDAwMDBDSA==
.seguranca-informatica.pt/	1970-01-19 14:40:53	Name: _fbp Value: fb.1.1600277145160.1568288046
.seguranca-informatica.pt/	1970-01-19 12:31:17	Name: _gat Value: 1
.seguranca-informatica.pt/	1970-01-19 13:14:29	Name: __cfduid Value: d6a301cdef58d3b55134a333eaac61c101600277144
.seguranca-informatica.pt/	1970-01-20 06:02:29	Name: _ga Value: GA1.2.1235182167.1600277145

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=5.5.1(Line 1) Message: OneSignal: Using fallback ES5 Stub for backwards compatibility.
console-api	info	URL: https://platform.twitter.com/widgets.js(Line 1) Message: You may have been affected by an update to settings in embedded timelines. See https://twittercommunity.com/t/deprecating-widget-settings/102295. [object HTMLAnchorElement]

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

abs.twimg.com
adservice.google.com
adservice.google.de
api-public.addthis.com
c.disquscdn.com
cdn.onesignal.com
cdn.syndication.twimg.com
connect.facebook.net
disqus.com
docs.google.com
feed.seguranca-informatica.pt
fonts.googleapis.com
fonts.gstatic.com
gist.github.com
github.githubassets.com
googleads.g.doubleclick.net
graph.facebook.com
licensebuttons.net
links.services.disqus.com
m.addthis.com
pagead2.googlesyndication.com
pbs.twimg.com
platform.twitter.com
q.addthis.com
s.w.org
s7.addthis.com
seguranca-informatica.disqus.com
seguranca-informatica.pt
syndication.twitter.com
ton.twimg.com
tpc.googlesyndication.com
v1.addthisedge.com
widgets.pinterest.com
www.facebook.com
www.google-analytics.com
www.googletagservices.com
www.paypal.com
www.paypalobjects.com
www.reddit.com
www.youtube.com
z.moatads.com
s7.addthis.com
104.244.42.72
140.82.121.3
151.101.0.134
151.101.112.157
151.101.112.64
151.101.114.133
151.101.193.21
151.101.36.84
185.199.110.154
192.0.77.48
199.232.196.134
199.232.53.140
23.210.248.44
23.210.250.213
2606:2800:134:1a0d:1429:742:782:b6
2606:2800:233:7ee2:97c:ab4c:6c70:be36
2606:2800:233:8173:898f:63b3:95c3:79d2
2606:4700:20::ac43:4a78
2606:4700:3037::681b:bc6c
2606:4700::6812:a913
2606:4700::6812:e134
2a00:1450:4001:800::2003
2a00:1450:4001:801::2001
2a00:1450:4001:803::2002
2a00:1450:4001:803::200e
2a00:1450:4001:817::200e
2a00:1450:4001:819::200a
2a00:1450:4001:81c::2002
2a00:1450:4001:81c::2003
2a03:2880:f01c:800e:face:b00c:0:2
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
00d29b08901229db2234ca108b5697ccbf7069743212c9143a21de6e5fdc0377
02057aaa2ccf4d1d0b19abf870c27923e687a751e6718da9add7a99e50e85510
02fb6ff42ec54d5cc760ddb6ac057ec7efb377888690ba496d04a7c76b732011
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
066d6b6d0ac47e197c9816ecc646022123de9bd034a81b4b3efb7b790ff89963
085ccfcd546dac5eb3fd375ba9ac3aed6d2daef0204e485f05cace561829d6d5
08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c
097afea517679d2e0b986d77cb3fe7808026882b52ca074a050e03e7a4a6996b
09a743ee0c32ca57c9be64b13b29c396310d1dd309cb4d7d3be722e47db95f27
0d6762417b3b91c64f1d9c9689deb17a1120dfaf507b547b6bf5a11fdf0968a8
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
0da2bb9d1b02accc6fcfb93e39ad0658ca144221c1aae2007d205e31020791c7
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
137e41c449677deb7c8da3afde63fc781b095bb028f78b789be44192e8e3f4be
14a119a9d543f25d83b3b009dfec7076590d62d996b1bd67c11930b2a0b40789
1664abe782bd0319f66bbffc7104f172262fe8d73623f92f46a08cc8fdfc3c0d
18f1e1f4fe5585108349cf029e48ad91a12dae4627be962667fb0b4933c69bba
195e8e91bc727766f427243d4cfb79cdc873639991600bf99e9d2cab5cad77c8
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
1e02ad33efc523a92b302eb30e55de7329ca2687ca5e8b1c9f3ff4f61fe47099
1f026beb67630abcdbc341651b1c17591aa76261296a9fb118793765964eb4e9
1f969e7c85f68cca244b373f6c4e20f1b88e24b0a458d331505aa97599002225
1fc9e562f67ac01fc3db71ce882b51a1096010a777f2d9f3a87db6a642ad19a2
22c2843c4710a2ce2528d9ca8df4235601704f70777e7c404c2e5640826de21f
23b775e4e3b5b93742dad8a1bbfacb2ffc3271a15dbfc6d3ded21d713f2c3489
242588a5590eef2abf087d43680d265ab42c17689739c57d8f1fe85e39cbec62
258c5206d5a1614cef0ecb87094585c160f4b66e39dcf89cd995b5269c366f17
2a0114ee843f8e5fcb15026a43365c3455464f43e1ea135b075e49662a9905b9
2a12b82bb4b7e9b29fd41e3f22c394ee3d3737f8f9af9f7ae041d0bb895d8bd1
2cc9576dbb10ebbcbab064ba3970dafde17ef5ffed2749592eb5e620ebe3a72a
2d8a628333a76cfe484a2b9c01bca786fccf08d0010d4bffca2b38b29dd4ed0b
2f387b7b13ce156d6850f66b569dd1045627bcdcd5786c7b69c5db8e10a436a0
343bde3e98b9503c4aa226f553e1e53a20437cc8a4e3aa84eff40b5e8bd99afc
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
35615d33d85399601fd518df62c212642b6395b7fe44950bcfdcd97e9ecb33e5
357eac5a1ab8249b3fc4569040b13d64795f5aa945ae3570f782d979015bef56
35d68984026f9a8a77512b225cd326a5b75616c180345c0022164bf59259502b
36db3512ea89976cd734e544a1edd6a0609a824da59b596146f955cb6274040c
3c6325714859927a5839c9be1dfc2f395d383651c38265e76a3f2565171cbd26
3c7e5ca3e12d90c4b56b8c300e92cb5d618d32155ca76daaeb28faffabde39c7
3caff329d1e76a3a9a8ab8030abed403362ee5490631d7bb9774372388198763
3dbab26b6050d95f1f5165ebb4114ba93bc15f011f34eca927242cb3d1f0d95f
41842b8a7787f30dd7c129b53b921da9705e8420e0926550013d0252822547ec
41b974254f3dd5b0853af7585c0417998a1ffa52e97e000fe2af3eee2c916d57
42ecd6904f43af4e6cef62ddbeffa7b2b0b6c8ec5080a3e1deec4576f4294859
4455196ea058589b8062801e8475282f8e2eeff5b5cf3947d19f738233b90de5
446c3281ea690a4c2b548d4b0612c494ed7b79de0da27f1671bbaf33f2cb4066
44f42160647efdb85b129d040beee22d6e3a55998c83febb2f4a03ccb0e4b714
45055babdbc02ea34c7baa53f33fc68389c4c5f73afe0bfafd6c9bc5733399bc
48b3b17bf53635986804b63fb97b63fd84d72e6f2d169519f36ba2a3ca6a70a0
49f8cdf3a056d72bfe4d38df8785ed6086e5cdbe2d4c99cd40f67db286d4c5d8
4ebaeeefa60775d91761bb2f938feb7e5ee155c208be9b7d482e172032a4a197
4ed07f590bdfa9aa775dbfdef617d98e1e972d102d4289c7a68d3bd9118c280b
4fd8d147ffff3c6ede524e665ae9149c6f1027b6f17535756c8bad36e0f8522b
53d33383295f134946acb4185b90d16520506ff678352eda4a02d8e330ad8950
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
55760f124cf01db5108e183d7ab28a3a850a6342dae625b610c83ebc5071a73c
575593b187efc8e164cf80d79952d18b79ecad5fb42a81b1711dedf7a2af46b9
57b34a23487339f53b201f781b1ef81f58cdf77033f9551c44efe8a21b49867c
5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
622bd29e595894b02f5c5ab95628f99d6e6d46483bac342b4fff38bbc64a8a35
63144b9a81d914f9330c1fb4df1ca06726282acc261d6cb6ce4ce4739ee0a7f5
6476ec5b362dc55b3011f93b32ec4e1be14fa72ff2db47c418809ab3c54d0b47
659e7da9c5f2ea8933af2e78a4d9646b419851e9979dbb38d12e9d43c7711cb3
68ef2db0044b0bc91c0c74013fe8a8839d953a1fa0fc8766a2d1921cc0767da2
6991d47a2404180dc13579f85feeeb833211c3aa3e229ef66adf2a0eedf5b889
6c848f8748dcbd3ae9248bd4ef3309e931660b0ebd18b20b7c3989ac54144e5b
6c862bc35e8f0a33826d4313416658dc73c593b92afd86f4a4c931b54b63975f
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
6f97fb27fc5a2b0b2ef192937aeea30f869e026c98518e154a796755e3d0d864
71309d21fd82c57354b34487ff868904dad240c520d211e2f3fee28d6414611e
717c288dc6b91d3c1774be2fcf06f0eccd923966e3df65bef32b78e26cc18b75
76d666bbc532de8a57f94ae08e5759b437ba2557e3b8c2169593bd1f1de01453
7800b40f542132a2f06b7f476c83db62d5dca0f6592cb61e99ccbdee71e55c3a
787b24b64caeab65207d03ff5655ee76f075f0201da65eb3290b255d9338db78
78d2c259c6634b9eb8ae3e59c68ba8a9901e3efbf3f9dbba787936de75f93a94
7963a62013fabffe1829e619d567cc39d6f781bc8f311d379518f36ec42812e6
7b5fc275c98a58b1073a713920cefa54fab60ad9d85a67cf6907aaf8fbb3c474
7cd9e72894580d70b0cc6a28b3836d34eb7f907eb97a152c310bfebafb65a2f7
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
7e0c4a1ed3d232553d98c82ea0e04cee8975d0a67df819e161f96e7c32179e8c
7f2771d337cd178894978018060c937d78d87ac2db3ba0401fe552d1fd50fd2f
7f8d55f4cfdfcd229de8ba159502e01463d8f78500accbb63232713dd896347e
8220596e6a32feeaa3c95078f2a72efb6a01025245097384816d26c2a3f38c3a
85d11a34cf5ae0738a3f2a2e0f463484c9b7371b46c9e5bc991f57d44f58400f
8602dbbc6945c0457b209ae943c6e15bf222160ea37c5ababcbc5b5ef920efb2
8742843c9c346c419f6a487e08a8f6d6c5f3200d4f7a7c0e15dab4a4a7c0c65d
88731bd32d2242a6918772bd11e6e16f46c2e3c05c7bbd4ed47d162cff9683f3
8a322ede0b619b9051fccbe2a1a31f402f416d45f92c245aafcbe75e42f6f2b2
8ab75b37e150efe65cdfd300029b88de8355d72c7bbb5d2055f902aeaec3c14d
8c00bc4dc76920c141870cd6266e0e7bb507407e9017b43dc0d7667bb14b6d54
8cb438bd4d1961f80ade4f1a295ca7de253630adcdd10473932908e638908c5e
8db469b90b8d9e2a0675931132266a305d0f080fc5ef4e7bd0f841f161b78b5f
91187645301e876abd07026702cf342c24f0a185e42c2990c5662d885bb0328d
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
96e3623b4080d2a019664c7f4e55cb1536a45fb84c3b34aeaede4c04b4bae373
9975832ec96ac91e1ee6b03a587673960e14d9a25cab0124783f61e8ee6b970a
9a44ab6217570448889e9e625c86288f47692343285d48fd2642e9f9e46c3158
9b8115b40bf3869ba5a712cee0bbf754ce7b97875e93f086dc9fbb5fa75a1f11
9b92a7874bb65cb145a44813ca34e1cd4b120c6a59ddae5b146b5e3ab01c4fe8
9be7537f55bde87db7acf7c9aa482e56e3c8891f09710e19113637cdbb8143ea
9ce05f444e82bdeaa45fcb475a4a01761d687fc8369b1f12af28ae8a869275d7
9d0a480f9d066fcc93a12357cfa833ffd2f8246ef534ba2a02be778b9406147d
9ec90d90c8875865ec465bea304f4c5caed1b1eac2d4ba1b3f1b710288738935
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a2d705eabcea3ef590541e4290bb76a955861f958c488b37f886435a4f492c3a
a3391a9fa68a12cce5d9736593e3b24f78698c5f7f6a6a3a1a6644f813875403
a3622c7c6c64b493c982f365e01b5eaa59f48da664e98025c383d4f8c57c4396
a3f36146f67554b989421cd2be6d58d97fc92f7c6e130d6152a0659a770f8fc2
a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c
a549034009f79ead18a2154a8b730d8acb61e2f36c0434c0f9cff0f73df5d8cf
a6032ff79b2fad1bb5a468918fc49dc1178db84a65d3e23096ccb41d13905f9d
a71906f87b3603ad144c94d721618e87bd868fefbabf53743730c6aa0f1b1343
a74ec5e2fe1a2f859edf8c7de03b43379030f58f17b8e57371a347620f5c9b31
a761b426004caba495cdac2c93ce7dd306c47bc4d7bdc63c4840c3d8182396a9
a7a4410806b5bacbe492e33107ea69a13818ac30977ca44c47e8e75545e2b172
a80e5bc6824957c820fc176a64856461adcfdc8bf1ff884189e0c2591d5d58de
ac27da6723603ab32e05183b7e1bb1b9299d5396bad26ba082edda0ff8621eb8
ac9f660c71252375260c511a7ab14b3c411c6735d1f922a098d6d676a3b60be4
b2777b2136591370735374104618934a186d85121cf3fc7dd8cabeaa9d19ecd8
b3bd69bc73bb780c9b54f936936d5cdc97256b4afc237467d57cf261adb19cab
b6bad8fb5327a87ba126a50844529fa2d207b42b7df8e31e104c5d48c5092d87
b71119e3e7f2eb50916988137b72078dc0bc5e80188038bba928b4647e6613bd
b8638c6560401ceaa44e16b32245f9516c3cd767f7546003277265ccd7aa5e66
b8cb27788844e455b92854743ee7ecab79e95c50735dc7e23b064b92e359bbf6
b9382c1ac33e60533971224071a03c61bd2a759689a41085dbc757872e40ec5b
ba23d13ab9eb27eb4933ae12135dc7f2775699d06d8628f73b9ff9b9f01aeef4
bc1c1f202d4a020cd9d584b2cc0c5fa966204473cfcc87bf8ea574537e9d1724
bd5170ae2799156ffbaa1861ec8e9620cb2be471f80c8a25601c32ea21b3bd84
be1df94810e0fb0a01ef4d448c3b54c8f55f7ff7a1fb1eb83c1e1de58ee7483f
be73c16f766dc7c7a8c08a6ba72cdd7645f553ec28ca32640022b6d7355f590a
beeb1d89a4cb53349e346dd38586831ffbcb369de78d8e4d53166c7d3f079837
c08d34e96d34a37c16d4353b630225e5e1b9e02808eb2eaf32783be2a38e109d
c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3
c33e76afd7869d1447d15d536c88754e4ca946f3f2698c23048e55a4f71a0392
c36d0094cb3d176360c91599d13da78f0c77df004bc076aadd883f189fa1767e
ca782cbdd8cee7ccccef6983f6566c9c29e1aa5da753a81e65250fad30bb6359
caace78c6f887ecbf780bdf5b71e57a02776d7ef5a0e54e797e3e007130262e2
cb6f90a0263bcb4c570ea23dde36478aa894f85268ea57d6ee0a6723af317a37
ce4cb34807330a0b7afe401877ad09ecc7f930f9706cac7994716bcc1b3fd886
cea0a05c5af6e21a409875328ed2e3dba79131b7c41f8ea07d0e0e02c7b7b59e
d06df4184ba84e09a4be6a6ed101d1c3adefea0eaa833ddecf2f2251f6af33a3
d09e163a3868a47d1c51be0b013497ce6975c036fcc5d7b65bba70419c74b7ad
d5b7288f327425755badd771bd9807addb77d9a752890906f95eddfed131b627
d7f837ecf8426cc760739e8a17218b3b501156f43a7bd03afb7207949b12ab0b
d8eff42df2fab7eedf9599e9c2c1b8dcbdc97c6f4b344b8cb7fdc05530a31acd
dab98b1d5558dd15c7db5ada4438fe03a424a7c1f5e0f29567d39a0a892bcc41
db0de0d4de1311eb99b9327550146b23da220725b6739baa3158eb12f12d358a
ded16b9cb72df85ea242aaef8878c716abb57c746f0bfda6eabd2b9ddb2a23b5
e0013618876b34d5f4dd21bac1fbcf419bb41e4929ec93a7acac9061ba2050a9
e02a28e995334093dff6f19238e59aba7b5ba434ea2c84ef78f6a70ce260b49d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3cc2f7251c41ff1f4b2e07a3ccd074d21288160fbd9893f0f0e4fc62d2c63c5
e60d58e3602f1b85a212115e4d7300e09234e89eeec8df6065c2568c43e3f056
e69c8d33258983d26a64c123163df7cccdccffc8178e8c4365ae5c58e48040d3
e846ca01f190e98e1e3c57d8d24b984c64f5dbb0aabad93997f10b5dd8ef3587
ea3906631ed3ac3f02664bb801434732b02ec1b79ca261909136c5b4ef663de9
ea4e6da2366293ff3b031338c34bf50b838ee77bab98caeaf7f0d2239ef2afb0
eb12a261a24e54883613710a4c12f4d9205f634ca1a29d1df07f90105a93e746
eb3aca3f4848e881a27e8d7c1c0ea1fb16bc92a49a893a1b2133052d11f9a0a3
ec23ee46eeb42a80108bc249a6bb2214ec44f150647466e57468ebf35e145dc3
eda8f00e9255746e7620848227aca122053845c9b4a90f1b3e26b4cd99af9e25
eddfb285df91d818926b2f8ec64c71be82e0ea4f21ca9f63f5b0bc5dbcd75b0b
ee1a5e412426295d4981a9504675f49f452e1192a5a573c58200a28e37bd48e0
ef81eaaf31f0d368156ee18722033de5d350d267f6be2bcf4b92fcf59129df40
f055e217bde76d711bd8b42af773f9f99b8a29d81ad9ed10b6379cc7e6c60452
f379411aee07042cc205d014f801463f4c212aa0f769f2c35a9c8c74dd268f63
f41efbc61189d25ffe57ac93dd79480455f016179ba2594d7990f6f4258ab953
f523ff657175b7cb8d2667602adb77ccebf5e5c5c987e32800d2698b6bb0286e
f6040a2e2bd84a648be545195f89be5d78e92bbaaf577b1191dcdfb6b2b74fd8
f8cf69e4d0d285ff8e9be18f239b65e38fe1a235086a8daae53b1baa1e7a3557
f8d4eb9c3a5acb1413a0a7b1907b01130adfe2996a44fd18bbbf0f09b6ea1296
f939394bec5848077632a6aebd70cb05edafae19ea8d32bc6b9d2be1090e349f
f97c8a23733f498102cec9c49e2dddbd6cf7935437c714d8a0f79a9d9101893c
fc48ca4842ff2686f1d25fd0f132b86731fbb04ae7872a3401402d1c865c6464
fdf3003543c3572ba8dfc6a87a9289ebadde2db18f09a36657301eaccd157866
fef134a7880b8d72bac16738b34fe1ed9a72da52f702537b22486826cd3b5888
fefc057c0b9151beb858748b560413577988155200b6c1d85a1ac1bec44af1e4
ffcde34efda55a63cb66dbec4bf10acb531014d581e2d8e511836b84e08c2305

seguranca-informatica.pt Open in urlscan Pro 2606:4700:3037::681b:bc6c Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

215 Requests

100 %HTTPS

56 %IPv6

28 Domains

41 Subdomains

31 IPs

4 Countries

6803 kBTransfer

9071 kBSize

17 Cookies

34 Outgoing links

Redirected requests

215 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

seguranca-informatica.pt Open in urlscan Pro
2606:4700:3037::681b:bc6c Public Scan

Screenshot
Live screenshot

Full Image

215
Requests

100 %
HTTPS

56 %
IPv6

28
Domains

41
Subdomains

31
IPs

4
Countries

6803 kB
Transfer

9071 kB
Size

17
Cookies

215 HTTP transactions
9 data transactions