screenrant.com Open in urlscan Pro
34.202.200.131 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Submission: On June 06 via api (June 6th 2022, 3:46:17 am UTC) from US — Scanned from DE

Summary HTTP 206 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 68 IPs in 10 countries across 55 domains to perform 206 HTTP transactions. The main IP is 34.202.200.131, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is screenrant.com. The Cisco Umbrella rank of the primary domain is 30932.
TLS certificate: Issued by R3 on May 4th 2022. Valid for: 3 months.

This is the only time screenrant.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
14	34.202.200.131 34.202.200.131	14618 (AMAZON-AES) (AMAZON-AES)
8	2606:4700:10:... 2606:4700:10::6816:2f51	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700:10:... 2606:4700:10::ac43:25aa	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 6	104.102.29.65 104.102.29.65	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	65.9.63.30 65.9.63.30	16509 (AMAZON-02) (AMAZON-02)
1	23.35.229.56 23.35.229.56	16625 (AKAMAI-AS) (AKAMAI-AS)
4	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
23	2600:9000:215... 2600:9000:2156:ea00:1a:5235:f980:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::2008	15169 (GOOGLE) (GOOGLE)
1	18.66.122.10 18.66.122.10	16509 (AMAZON-02) (AMAZON-02)
6	35.190.74.49 35.190.74.49	15169 (GOOGLE) (GOOGLE)
2	52.12.72.198 52.12.72.198	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
5	108.138.4.10 108.138.4.10	16509 (AMAZON-02) (AMAZON-02)
1 3	2606:4700::68... 2606:4700::6810:7aaf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:a30d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	52.12.61.6 52.12.61.6	16509 (AMAZON-02) (AMAZON-02)
5	148.251.135.181 148.251.135.181	24940 (HETZNER-AS) (HETZNER-AS)
6	34.192.73.199 34.192.73.199	14618 (AMAZON-AES) (AMAZON-AES)
1	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE)
1	2600:9000:215... 2600:9000:2156:3600:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
6	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
5	34.250.21.211 34.250.21.211	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:801::200e	15169 (GOOGLE) (GOOGLE)
1	143.204.98.49 143.204.98.49	16509 (AMAZON-02) (AMAZON-02)
1	104.89.31.187 104.89.31.187	16625 (AKAMAI-AS) (AKAMAI-AS)
2	44.239.82.163 44.239.82.163	16509 (AMAZON-02) (AMAZON-02)
1	46.105.202.126 46.105.202.126	16276 (OVH) (OVH)
1	34.120.133.55 34.120.133.55	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
2	104.102.28.254 104.102.28.254	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 2	185.94.180.125 185.94.180.125	35220 (SPOTX-AMS) (SPOTX-AMS)
1	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1	23.227.146.18 23.227.146.18	55081 (24SHELLS) (24SHELLS)
9	2600:9000:215... 2600:9000:2156:ec00:1:6448:6d00:93a1	16509 (AMAZON-02) (AMAZON-02)
1	54.93.141.89 54.93.141.89	16509 (AMAZON-02) (AMAZON-02)
1 1	23.88.75.187 23.88.75.187	24940 (HETZNER-AS) (HETZNER-AS)
2	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
2	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
2 2	185.33.221.90 185.33.221.90	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	2600:1f18:612... 2600:1f18:612b:4264:5a8d:94bc:2cf9:40df	14618 (AMAZON-AES) (AMAZON-AES)
1 1	184.87.212.24 184.87.212.24	16625 (AKAMAI-AS) (AKAMAI-AS)
1	216.52.2.19 216.52.2.19	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
1	34.215.170.216 34.215.170.216	16509 (AMAZON-02) (AMAZON-02)
1	18.65.39.61 18.65.39.61	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1	213.19.147.43 213.19.147.43	26120 (RHYTHMONE) (RHYTHMONE)
1	204.237.133.116 204.237.133.116	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
9	18.184.69.62 18.184.69.62	16509 (AMAZON-02) (AMAZON-02)
1	185.94.180.124 185.94.180.124	35220 (SPOTX-AMS) (SPOTX-AMS)
1	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0d::9b	15169 (GOOGLE) (GOOGLE)
2	18.209.251.242 18.209.251.242	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
1	35.186.249.84 35.186.249.84	15169 (GOOGLE) (GOOGLE)
2 4	185.33.221.89 185.33.221.89	29990 (ASN-APPNEX) (ASN-APPNEX)
1	104.36.113.23 104.36.113.23	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	2606:4700:303... 2606:4700:3034::6815:4466	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	18.203.97.155 18.203.97.155	16509 (AMAZON-02) (AMAZON-02)
2 3	37.157.2.239 37.157.2.239	198622 (ADFORM) (ADFORM)
5	23.227.139.243 23.227.139.243	55081 (24SHELLS) (24SHELLS)
2 2	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
3	2600:9000:215... 2600:9000:2156:7c00:f:4f64:8940:93a1	16509 (AMAZON-02) (AMAZON-02)
1 13	18.198.98.208 18.198.98.208	16509 (AMAZON-02) (AMAZON-02)
1	34.214.253.85 34.214.253.85	16509 (AMAZON-02) (AMAZON-02)
1	104.89.28.165 104.89.28.165	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	62.209.227.210 62.209.227.210	13036 (TMOBILE-) (TMOBILE-)
2 2	103.229.205.243 103.229.205.243	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 1	178.250.0.163 178.250.0.163	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 2	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
2 2	3.124.13.195 3.124.13.195	16509 (AMAZON-02) (AMAZON-02)
4	159.89.246.130 159.89.246.130	() ()
1	104.92.100.195 104.92.100.195	() ()
8	18.156.195.47 18.156.195.47	() ()
206	68

14 34.202.200.131 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-202-200-131.compute-1.amazonaws.com

screenrant.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:10::6816:2f51 (United States)

ASN13335 (CLOUDFLARENET, US)

static2.srcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static3.srcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:10::ac43:25aa (United States)

ASN13335 (CLOUDFLARENET, US)

static0.srcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.102.29.65 (Milan, Italy) 3 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-102-29-65.deploy.static.akamaitechnologies.com

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
as-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 65.9.63.30 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-63-30.fra56.r.cloudfront.net

tagan.adlightning.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.35.229.56 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-229-56.deploy.static.akamaitechnologies.com

a.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2600:9000:2156:ea00:1a:5235:f980:93a1 (United States)

ASN16509 (AMAZON-02, US)

live.primis.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.122.10 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-10.fra60.r.cloudfront.net

static.narrativ.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.190.74.49 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 49.74.190.35.bc.googleusercontent.com

aloofvest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.12.72.198 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-12-72-198.us-west-2.compute.amazonaws.com

a.ad.gt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 108.138.4.10 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-4-10.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:7aaf (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:a30d (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.viglink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.12.61.6 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-12-61-6.us-west-2.compute.amazonaws.com

seg.ad.gt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 148.251.135.181 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.181.135.251.148.clients.your-server.de

mbid.marfeelrev.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.192.73.199 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-192-73-199.compute-1.amazonaws.com

events.release.narrativ.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.197.193.217 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:3600:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a03:2880:f11c:8083:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.250.21.211 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-250-21-211.eu-west-1.compute.amazonaws.com

api.viglink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-49.fra50.r.cloudfront.net

ats.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.89.31.187 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-31-187.deploy.static.akamaitechnologies.com

secure.cdn.fastclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.239.82.163 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-239-82-163.us-west-2.compute.amazonaws.com

id.halo.ad.gt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.105.202.126 (France)

ASN16276 (OVH, FR)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.133.55 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 55.133.120.34.bc.googleusercontent.com

api.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.102.28.254 (Milan, Italy)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-102-28-254.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.94.180.125 (Amsterdam, Netherlands) 2 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.227.146.18 (Piscataway, United States)

ASN55081 (24SHELLS, US)

s.console.adtarget.com.tr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2600:9000:2156:ec00:1:6448:6d00:93a1 (United States)

ASN16509 (AMAZON-02, US)

video.primis.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.93.141.89 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-93-141-89.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.88.75.187 (Gunzenhausen, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.187.75.88.23.clients.your-server.de

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.245.213 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.156.0.31 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.221.90 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:612b:4264:5a8d:94bc:2cf9:40df (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

mb9eo.publishers.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.87.212.24 (Milan, Italy) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a184-87-212-24.deploy.static.akamaitechnologies.com

cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.52.2.19 (United States)

ASN30282 (AS-INAPCDN-OCY, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.215.170.216 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-215-170-216.us-west-2.compute.amazonaws.com

p.ad.gt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.65.39.61 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-65-39-61.ams1.r.cloudfront.net

geo.privacymanager.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.19.147.43 (Utrecht, Netherlands)

ASN26120 (RHYTHMONE, US)

tag.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 204.237.133.116 (West Chester, United States)

ASN3257 (GTT-BACKBONE GTT, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 18.184.69.62 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-69-62.eu-central-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.94.180.124 (Amsterdam, Netherlands)

ASN35220 (SPOTX-AMS, US)

search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0d::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.209.251.242 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-209-251-242.compute-1.amazonaws.com

api.narrativ.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.249.84 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 84.249.186.35.bc.googleusercontent.com

scarfsmash.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.33.221.89 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 719.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.36.113.23 (United States)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3034::6815:4466 (United States)

ASN13335 (CLOUDFLARENET, US)

images.getadmiral.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.203.97.155 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-203-97-155.eu-west-1.compute.amazonaws.com

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.157.2.239 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

cm.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.227.139.243 (Piscataway, United States)

ASN55081 (24SHELLS, US)

sync.console.adtarget.com.tr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.184.8.90 (Amsterdam, Netherlands) 2 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2156:7c00:f:4f64:8940:93a1 (United States)

ASN16509 (AMAZON-02, US)

js.adscale.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 18.198.98.208 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-198-98-208.eu-central-1.compute.amazonaws.com

ih.adscale.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.214.253.85 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-214-253-85.us-west-2.compute.amazonaws.com

pixels.ad.gt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.89.28.165 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-28-165.deploy.static.akamaitechnologies.com

at.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 62.209.227.210 (Prague, Czech Republic) 1 redirects

ASN13036 (TMOBILE-, CZ)
PTR: bbnautid1.ibillboard.com

bbnaut.ibillboard.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 103.229.205.243 (Singapore) 2 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.163 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.212.162 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f162.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.124.13.195 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-13-195.eu-central-1.compute.amazonaws.com

tracking.m6r.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tracking-a.dsp.m6r.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 159.89.246.130 (None, )

ASN- ()

e.serverbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.92.100.195 (None, )

ASN- ()

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 18.156.195.47 (None, )

ASN- ()

c2shb.ssp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
32	primis.tech live.primis.tech — Cisco Umbrella Rank: 2935 video.primis.tech — Cisco Umbrella Rank: 5589	3 MB
16	adscale.de 1 redirects js.adscale.de — Cisco Umbrella Rank: 7030 ih.adscale.de — Cisco Umbrella Rank: 5629	16 KB
14	screenrant.com screenrant.com — Cisco Umbrella Rank: 30932	139 KB
13	srcdn.com static2.srcdn.com — Cisco Umbrella Rank: 33895 static0.srcdn.com — Cisco Umbrella Rank: 33366 static3.srcdn.com — Cisco Umbrella Rank: 33519	161 KB
11	3lift.com eb2.3lift.com — Cisco Umbrella Rank: 372 tlx.3lift.com — Cisco Umbrella Rank: 533	20 KB
10	yahoo.com 2 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 279 c2shb.ssp.yahoo.com	2 KB
9	narrativ.com static.narrativ.com — Cisco Umbrella Rank: 7807 events.release.narrativ.com — Cisco Umbrella Rank: 7741 api.narrativ.com — Cisco Umbrella Rank: 51072	43 KB
8	ad.gt a.ad.gt — Cisco Umbrella Rank: 4262 seg.ad.gt — Cisco Umbrella Rank: 10005 id.halo.ad.gt — Cisco Umbrella Rank: 4465 p.ad.gt — Cisco Umbrella Rank: 4774 pixels.ad.gt — Cisco Umbrella Rank: 4659	62 KB
6	adnxs.com 4 redirects secure.adnxs.com — Cisco Umbrella Rank: 391 ib.adnxs.com — Cisco Umbrella Rank: 214	29 KB
6	adtarget.com.tr s.console.adtarget.com.tr — Cisco Umbrella Rank: 4533 sync.console.adtarget.com.tr — Cisco Umbrella Rank: 4892	3 KB
6	casalemedia.com 3 redirects ssum.casalemedia.com — Cisco Umbrella Rank: 1279 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 494 htlb.casalemedia.com as-sec.casalemedia.com	4 KB
6	facebook.com www.facebook.com — Cisco Umbrella Rank: 97	403 B
6	viglink.com cdn.viglink.com — Cisco Umbrella Rank: 3701 api.viglink.com — Cisco Umbrella Rank: 3540	31 KB
6	aloofvest.com aloofvest.com — Cisco Umbrella Rank: 26510	147 KB
5	doubleclick.net 2 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 173 stats.g.doubleclick.net — Cisco Umbrella Rank: 84 cm.g.doubleclick.net — Cisco Umbrella Rank: 191	127 KB
5	marfeelrev.com mbid.marfeelrev.com — Cisco Umbrella Rank: 43439	6 KB
5	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 280	82 KB
4	serverbid.com e.serverbid.com	590 B
4	pubmatic.com ads.pubmatic.com — Cisco Umbrella Rank: 413 hbopenbid.pubmatic.com — Cisco Umbrella Rank: 416 image6.pubmatic.com — Cisco Umbrella Rank: 564	12 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 35	22 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 144	199 KB
3	adform.net 2 redirects cm.adform.net — Cisco Umbrella Rank: 1694 track.adform.net — Cisco Umbrella Rank: 3780	1 KB
3	spotxchange.com 2 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 492 search.spotxchange.com — Cisco Umbrella Rank: 388	2 KB
3	unpkg.com 1 redirects unpkg.com — Cisco Umbrella Rank: 847	4 KB
3	adlightning.com tagan.adlightning.com — Cisco Umbrella Rank: 1378	87 KB
2	m6r.eu 2 redirects tracking.m6r.eu — Cisco Umbrella Rank: 12755 tracking-a.dsp.m6r.eu — Cisco Umbrella Rank: 21140	1 KB
2	mathtag.com 2 redirects sync.mathtag.com — Cisco Umbrella Rank: 409	1 KB
2	creativecdn.com 2 redirects creativecdn.com — Cisco Umbrella Rank: 649	721 B
2	360yield.com 2 redirects ad.360yield.com — Cisco Umbrella Rank: 622	726 B
2	gstatic.com fonts.gstatic.com	45 KB
2	tremorhub.com 1 redirects mb9eo.publishers.tremorhub.com — Cisco Umbrella Rank: 6303	646 B
2	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 306	478 B
2	openx.net u.openx.net — Cisco Umbrella Rank: 699 rtb.openx.net — Cisco Umbrella Rank: 1376	656 B
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 42	2 KB
2	rlcdn.com ats.rlcdn.com — Cisco Umbrella Rank: 1245 api.rlcdn.com — Cisco Umbrella Rank: 783	38 KB
2	google.de ampcid.google.de — Cisco Umbrella Rank: 50179 www.google.de — Cisco Umbrella Rank: 6117	961 B
2	google.com ampcid.google.com — Cisco Umbrella Rank: 1698 www.google.com — Cisco Umbrella Rank: 2	1 KB
2	teads.tv a.teads.tv — Cisco Umbrella Rank: 1186 at.teads.tv — Cisco Umbrella Rank: 4370	5 KB
1	criteo.com 1 redirects dis.criteo.com — Cisco Umbrella Rank: 679	557 B
1	ibillboard.com 1 redirects bbnaut.ibillboard.com — Cisco Umbrella Rank: 17535	550 B
1	getadmiral.com images.getadmiral.com — Cisco Umbrella Rank: 66855	1 KB
1	scarfsmash.com scarfsmash.com — Cisco Umbrella Rank: 86235	79 KB
1	1rx.io tag.1rx.io — Cisco Umbrella Rank: 1201	170 B
1	privacymanager.io geo.privacymanager.io — Cisco Umbrella Rank: 1326	590 B
1	lijit.com ap.lijit.com — Cisco Umbrella Rank: 575	277 B
1	media.net 1 redirects cs.media.net — Cisco Umbrella Rank: 1358	821 B
1	loopme.me 1 redirects csync.loopme.me — Cisco Umbrella Rank: 794	243 B
1	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 269	220 B
1	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 1452	11 KB
1	fastclick.net secure.cdn.fastclick.net — Cisco Umbrella Rank: 1323	17 KB
1	adsafeprotected.com static.adsafeprotected.com — Cisco Umbrella Rank: 548	483 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 329	389 B
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 163	28 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 64	62 KB
1	indexww.com js-sec.indexww.com — Cisco Umbrella Rank: 586	47 KB
206	55

	Domain	Requested by
23	live.primis.tech	screenrant.com live.primis.tech tagan.adlightning.com
14	screenrant.com	screenrant.com
13	ih.adscale.de	1 redirects js.adscale.de ih.adscale.de
9	tlx.3lift.com	live.primis.tech js-sec.indexww.com
9	video.primis.tech	screenrant.com live.primis.tech
8	c2shb.ssp.yahoo.com	js-sec.indexww.com
6	www.facebook.com	screenrant.com connect.facebook.net
6	events.release.narrativ.com	static.narrativ.com tagan.adlightning.com screenrant.com
6	aloofvest.com	screenrant.com aloofvest.com
6	static2.srcdn.com	screenrant.com
5	sync.console.adtarget.com.tr	s.console.adtarget.com.tr js.adscale.de
5	api.viglink.com	cdn.viglink.com screenrant.com
5	mbid.marfeelrev.com	screenrant.com mbid.marfeelrev.com
5	c.amazon-adsystem.com	screenrant.com c.amazon-adsystem.com live.primis.tech
5	static0.srcdn.com	screenrant.com
4	e.serverbid.com	js-sec.indexww.com
4	ib.adnxs.com	2 redirects js-sec.indexww.com
4	www.google-analytics.com	screenrant.com www.google-analytics.com
4	connect.facebook.net	screenrant.com connect.facebook.net
3	js.adscale.de	s.console.adtarget.com.tr js.adscale.de ih.adscale.de
3	unpkg.com	1 redirects screenrant.com www.googletagmanager.com
3	tagan.adlightning.com	screenrant.com tagan.adlightning.com
2	cm.g.doubleclick.net	2 redirects
2	track.adform.net	2 redirects
2	sync.mathtag.com	2 redirects
2	creativecdn.com	2 redirects
2	ad.360yield.com	2 redirects
2	api.narrativ.com	static.narrativ.com
2	fonts.gstatic.com	fonts.googleapis.com
2	mb9eo.publishers.tremorhub.com	1 redirects screenrant.com
2	secure.adnxs.com	2 redirects
2	ups.analytics.yahoo.com	2 redirects
2	pixel.rubiconproject.com	screenrant.com
2	eb2.3lift.com	screenrant.com live.primis.tech
2	ssum-sec.casalemedia.com	2 redirects
2	sync.search.spotxchange.com	2 redirects
2	ads.pubmatic.com	tagan.adlightning.com live.primis.tech
2	fonts.googleapis.com	tagan.adlightning.com
2	ssum.casalemedia.com	1 redirects screenrant.com
2	id.halo.ad.gt	tagan.adlightning.com a.ad.gt
2	securepubads.g.doubleclick.net	tagan.adlightning.com www.googletagservices.com
2	seg.ad.gt	screenrant.com p.ad.gt
2	a.ad.gt	screenrant.com p.ad.gt
2	static3.srcdn.com	screenrant.com
1	as-sec.casalemedia.com	js-sec.indexww.com
1	htlb.casalemedia.com	js-sec.indexww.com
1	tracking-a.dsp.m6r.eu	1 redirects
1	tracking.m6r.eu	1 redirects
1	dis.criteo.com	1 redirects
1	bbnaut.ibillboard.com	1 redirects
1	at.teads.tv	a.teads.tv
1	pixels.ad.gt	tagan.adlightning.com
1	cm.adform.net	s.console.adtarget.com.tr
1	images.getadmiral.com	screenrant.com
1	image6.pubmatic.com	ads.pubmatic.com
1	scarfsmash.com	aloofvest.com
1	www.google.de	screenrant.com
1	www.google.com	screenrant.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	rtb.openx.net	screenrant.com
1	search.spotxchange.com	live.primis.tech
1	hbopenbid.pubmatic.com	live.primis.tech
1	tag.1rx.io	live.primis.tech
1	geo.privacymanager.io	ats.rlcdn.com
1	p.ad.gt	a.ad.gt
1	ap.lijit.com	screenrant.com
1	cs.media.net	1 redirects
1	csync.loopme.me	1 redirects
1	x.bidswitch.net	screenrant.com
1	s.console.adtarget.com.tr	tagan.adlightning.com
1	u.openx.net	tagan.adlightning.com
1	api.rlcdn.com	js-sec.indexww.com
1	cdn.id5-sync.com	tagan.adlightning.com
1	secure.cdn.fastclick.net	tagan.adlightning.com
1	ats.rlcdn.com	tagan.adlightning.com
1	ampcid.google.de	www.google-analytics.com
1	static.adsafeprotected.com	screenrant.com
1	ampcid.google.com	www.google-analytics.com
1	match.adsrvr.org	js-sec.indexww.com
1	cdn.viglink.com	screenrant.com
1	www.googletagservices.com	screenrant.com
1	static.narrativ.com	screenrant.com
1	www.googletagmanager.com	screenrant.com
1	a.teads.tv	screenrant.com
1	js-sec.indexww.com	screenrant.com
206	85

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.youtube.com
gamerant.com
www.cbr.com
www.thegamer.com
blog.checkpoint.com
research.checkpoint.com
getadmiral.com

Subject Issuer	Validity	Valid
screenrant.com R3	`2022-05-04` - `2022-08-02`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-01` - `2023-06-01`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-12-12` - `2022-12-13`	a year	crt.sh
*.adlightning.com Amazon	`2021-06-24` - `2022-07-23`	a year	crt.sh
teads.tv R3	`2022-06-01` - `2022-08-30`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-03-15` - `2022-06-13`	3 months	crt.sh
*.primis.tech Amazon	`2021-10-28` - `2022-11-26`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-05-09` - `2022-08-01`	3 months	crt.sh
static.narrativ.com Amazon	`2022-04-15` - `2023-05-13`	a year	crt.sh
aloofvest.com R3	`2022-04-04` - `2022-07-03`	3 months	crt.sh
*.ad.gt Amazon	`2022-05-10` - `2023-06-08`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-05-09` - `2022-08-01`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2022-05-09` - `2023-04-18`	a year	crt.sh
ssl1029306.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2022-06-01` - `2022-12-08`	6 months	crt.sh
*.cl01.k8s.mrf.io R3	`2022-05-16` - `2022-08-14`	3 months	crt.sh
*.release.narrativ.com Amazon	`2021-08-05` - `2022-09-03`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-05-09` - `2022-08-01`	3 months	crt.sh
static.adsafeprotected.com Amazon	`2021-09-05` - `2022-10-04`	a year	crt.sh
viglink.com Amazon	`2021-11-13` - `2022-12-11`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-05-09` - `2022-08-01`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
secure.cdn.fastclick.net DigiCert SHA2 Secure Server CA	`2022-01-15` - `2023-01-17`	a year	crt.sh
halo.ad.gt Amazon	`2022-04-04` - `2023-05-03`	a year	crt.sh
cdn.id5-sync.com R3	`2022-04-13` - `2022-07-12`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-05-09` - `2022-08-01`	3 months	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2022-02-04` - `2023-02-03`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
s.console.adtarget.com.tr ZeroSSL ECC Domain Secure Site CA	`2022-05-28` - `2022-08-26`	3 months	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2022-04-05` - `2023-05-04`	a year	crt.sh
*.3lift.com Amazon	`2022-05-13` - `2023-06-11`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2022-03-11` - `2023-04-12`	a year	crt.sh
*.privacymanager.io Amazon	`2021-09-25` - `2022-10-24`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-05-09` - `2022-08-01`	3 months	crt.sh
*.1rx.io Sectigo RSA Domain Validation Secure Server CA	`2021-06-01` - `2022-07-02`	a year	crt.sh
*.spotxchange.com GeoTrust RSA CA 2018	`2022-03-11` - `2023-03-29`	a year	crt.sh
api.planethowl.com Amazon	`2022-03-03` - `2023-04-01`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-05-09` - `2022-08-01`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-05-09` - `2022-08-01`	3 months	crt.sh
scarfsmash.com R3	`2022-03-23` - `2022-06-21`	3 months	crt.sh
getadmiral.com Cloudflare Inc ECC CA-3	`2022-04-12` - `2023-04-12`	a year	crt.sh
*.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2022-05-18` - `2023-06-16`	a year	crt.sh
sync.console.adtarget.com.tr R3	`2022-05-27` - `2022-08-25`	3 months	crt.sh
*.adscale.de Amazon	`2021-08-08` - `2022-09-06`	a year	crt.sh
*.consumableaudio.com R3	`2022-04-27` - `2022-07-26`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
web.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-03-08` - `2022-08-31`	6 months	crt.sh

This page contains 20 frames:

Primary Page: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Frame ID: C48E07542AFB239C1C67C38BB7036FA1
Requests: 132 HTTP requests in this frame

Frame: https://live.primis.tech/live/liveView.php?s=108508&subId=[SR-Reg-Org]&x=600&y=338&cbuster=1654487163&pubUrlAuto=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&isDoublePreroll=1&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Frame ID: 8808488AA9586902E22D1E0ACFB0167E
Requests: 28 HTTP requests in this frame

Frame: https://mbid.marfeelrev.com/static/cookie-sync.html
Frame ID: 60F94CC7D4D85395F2618E80149F9AC1
Requests: 8 HTTP requests in this frame

Frame: https://events.release.narrativ.com/api/v0/session.html
Frame ID: D7E2272D93DB5952E661E9422262235C
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D629d787b41c87%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D1%26gdpr_consent%3D
Frame ID: D594A0CC43F34655F17717A681BB3F18
Requests: 2 HTTP requests in this frame

Frame: https://live.primis.tech/live/liveCS.php?source=external&csuuid=629d787b41c87&pixel=&advId=94&advUuid=30bc066e-e54b-11ec-ab35-1d21b9eb0106
Frame ID: 26E7486001CE07AC527F341F857C8976
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/cm?id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D629d787b41c87%26pixel%3D%26advId%3D98%26advUuid%3D
Frame ID: BD6D81D3D4193559BA802C4E4CFBAF6B
Requests: 1 HTTP requests in this frame

Frame: https://s.console.adtarget.com.tr/sync.html?aid=556966
Frame ID: 56E850311FF5DFC28F8F9D5ECFFBE126
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 3C346ED7BD266AB63DD86BB12117DBCB
Requests: 1 HTTP requests in this frame

Frame: https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307457%26extuid%3D%24UID
Frame ID: C08BFD7AD6EC42D75544813C4B1F7944
Requests: 1 HTTP requests in this frame

Frame: https://sync.console.adtarget.com.tr/csync?t=a&ep=502624&extuid=${USER_ID}
Frame ID: 2E7A5CCE0883776E32CAD6814BDC8533
Requests: 1 HTTP requests in this frame

Frame: https://sync.console.adtarget.com.tr/csync?t=a&ep=544989&extuid=${USER_ID}
Frame ID: 3CF3C0EA46B87C26760C4F668A32D667
Requests: 1 HTTP requests in this frame

Frame: https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=a2Ng8HM13xJCohjYcZTZ&pi=admatic&tc=1
Frame ID: 8EFB9EEA54A66C570AC2D53D5F0F7AB9
Requests: 1 HTTP requests in this frame

Frame: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Frame ID: 1ADC8EDCA94E12F8837C32A2E54EA4C1
Requests: 5 HTTP requests in this frame

Frame: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Frame ID: 8EADB5FD114319514F704AE3C6C73645
Requests: 11 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?gdpr=true&
Frame ID: F39D3E2132F8FB2044D15EA284D38994
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=1&gdpr_consent=
Frame ID: FBE9651494B68C7CC6C47B49152365E8
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v7.0/plugins/comments.php?app_id=822150531210883&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df12f4fda068a194%26domain%3Dscreenrant.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fscreenrant.com%252Ff4e96614f6ba68%26relation%3Dparent.parent&container_width=0&count=true&height=100&href=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&locale=en_US&sdk=joey&version=v7.0&width=550
Frame ID: 7E32ABE654BC4BDE1E0B68082DDEEDE0
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v7.0/plugins/comments.php?app_id=822150531210883&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df7e4f749ffea%26domain%3Dscreenrant.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fscreenrant.com%252Ff4e96614f6ba68%26relation%3Dparent.parent&container_width=0&count=true&height=100&href=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&locale=en_US&sdk=joey&version=v7.0&width=550
Frame ID: 5446A9E1995FAEB97F423C7D96EE8794
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v7.0/plugins/comments.php?app_id=822150531210883&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2e0a5df0a196bc%26domain%3Dscreenrant.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fscreenrant.com%252Ff4e96614f6ba68%26relation%3Dparent.parent&container_width=419&height=100&href=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&locale=en_US&numposts=3&sdk=joey&version=v7.0&width=
Frame ID: E4B4D4E3F6F262D8DD471A43CB8B9AB4
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sharkbot Malware Uses Android Apps To Steal Credentials & Banking Detailsuser-signalchecklistsettings-toggle-horizontal

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

VigLink (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:^[^/]*//[^/]*viglink\.com/api/|vglnk\.js)

Page Statistics

206
Requests

90 %
HTTPS

28 %
IPv6

55
Domains

85
Subdomains

68
IPs

10
Countries

4879 kB
Transfer

8749 kB
Size

44
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/ScreenRant

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/follow?source=followbutton&variant=1.0&screen_name=screenrant

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/screenrant?sub_confirmation=1

Search URL Search Domain Scan URL

URL: https://gamerant.com/
Title: All the latest gaming news, game reviews and trailers

Search URL Search Domain Scan URL

URL: https://www.cbr.com/
Title: The go-to source for comic book and superhero movie fans.

Search URL Search Domain Scan URL

URL: https://www.thegamer.com/
Title: A one-stop shop for all things video games.

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=screenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&src=sdkpreparse
Title: Share

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Sharkbot%20Malware%20Uses%20Android%20Apps%20To%20Steal%20Credentials%20%26%20Banking%20Details&url=screenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information
Title: Tweet

Search URL Search Domain Scan URL

URL: https://blog.checkpoint.com/2022/04/07/android-banking-stealer-dubbed-sharkbot-found-disguised-as-legitimate-anti-virus-apps-on-the-google-play-store/
Title: Check Point

Search URL Search Domain Scan URL

URL: https://research.checkpoint.com/2022/google-is-on-guard-sharks-shall-not-pass/
Title: research paper

Search URL Search Domain Scan URL

URL: https://getadmiral.com/pb/?utm_source=screenrant.com&utm_medium=pb&session=5-a63deb7e1e133c2242eaec33b5bb480c-6763652d6575726f70652d7765737431-0
Title: Powered By

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 39

https://unpkg.com/web-vitals/dist/web-vitals.iife.js HTTP 302
https://unpkg.com/web-vitals@2.1.4/dist/web-vitals.iife.js

Request Chain 85

https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D629d787b41c87%26pixel%3D%26advId%3D94%26advUuid%3D%24SPOTX_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D629d787b41c87%26pixel%3D%26advId%3D94%26advUuid%3D%24SPOTX_USER_ID&__user_check__=1&sync_id=30bc06cb-e54b-11ec-ab35-1d21b9eb0106 HTTP 302
https://live.primis.tech/live/liveCS.php?source=external&csuuid=629d787b41c87&pixel=&advId=94&advUuid=30bc066e-e54b-11ec-ab35-1d21b9eb0106

Request Chain 92

https://csync.loopme.me/?redirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D629d787b41c87%26pixel%3D%26advId%3D93%26advUuid%3D%7Bdevice_id%7D HTTP 307
https://live.primis.tech/live/liveCS.php?source=external&csuuid=629d787b41c87&pixel=&advId=93&advUuid=34da2226-c797-4247-b012-872de91b2431

Request Chain 93

https://ssum-sec.casalemedia.com/usermatchredir?s=192962&cb=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D629d787b41c87%26pixel%3D%26advId%3D99%26advUuid%3D HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D629d787b41c87%26pixel%3D%26advId%3D99%26advUuid%3D&s=192962&C=1 HTTP 302
https://live.primis.tech/live/liveCS.php?source=external&csuuid=629d787b41c87&pixel=&advId=99&advUuid=Yp14fAc-l8_kJI4BXdpa1AAABF8AAAIB

Request Chain 96

https://ups.analytics.yahoo.com/ups/58627/occ HTTP 302
https://ups.analytics.yahoo.com/ups/58627/occ?verify=true HTTP 302
https://live.primis.tech/live/liveCS.php?source=external&pixel=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26mi%3D10%26dpi%3D1028935272%26pcid%3Dy-.2iSXfxE2uGshTlmRpg_eAGyLSlgbhmvBvyvsq8-~A&advUuid=y-.2iSXfxE2uGshTlmRpg_eAGyLSlgbhmvBvyvsq8-~A

Request Chain 97

https://secure.adnxs.com/getuid?https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D629d787b41c87%26pixel%3D%26advId%3D105%26advUuid%3D%24UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Flive.primis.tech%252Flive%252FliveCS.php%253Fsource%253Dexternal%2526csuuid%253D629d787b41c87%2526pixel%253D%2526advId%253D105%2526advUuid%253D%2524UID HTTP 302
https://live.primis.tech/live/liveCS.php?source=external&csuuid=629d787b41c87&pixel=&advId=105&advUuid=3971180447162116942

Request Chain 98

https://mb9eo.publishers.tremorhub.com/pubsync?redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D629d787b41c87%26pixel%3Dhttps%253A%252F%252Fsync.intentiq.com%252Fprofiles_engine%252FProfilesEngineServlet%253Fat%253D20%2526mi%253D10%2526dpi%253D%2B584182936%2526pcid%253D%5Btvid%5D%26advId%3D126%26advUuid%3D%5Btvid%5D HTTP 302
https://mb9eo.publishers.tremorhub.com/pubsync/verify?redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D629d787b41c87%26pixel%3Dhttps%253A%252F%252Fsync.intentiq.com%252Fprofiles_engine%252FProfilesEngineServlet%253Fat%253D20%2526mi%253D10%2526dpi%253D%2B584182936%2526pcid%253D%5Btvid%5D%26advId%3D126%26advUuid%3D%5Btvid%5D

Request Chain 99

https://cs.media.net/cksync?cs=34&type=pri&ovsid=629d787b41c87&redirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D629d787b41c87%26pixel%3Dhttps%253A%252F%252Fsync.intentiq.com%252Fprofiles_engine%252FProfilesEngineServlet%253Fat%253D20%2526mi%253D10%2526dpi%253D1723987475%2526pcid%253D%3Cvsid%3E%26advId%3D127%26advUuid%3D%3Cvsid%3E HTTP 302
https://live.primis.tech/live/liveCS.php?source=external&csuuid=629d787b41c87&pixel=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26mi%3D10%26dpi%3D1723987475%26pcid%3D0000EEA&advId=127&advUuid=0000EEA

Request Chain 130

https://ib.adnxs.com/getuid?https%3A%2F%2Fmbid.marfeelrev.com%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26f%3Di%26uid%3D%24UID HTTP 302
https://mbid.marfeelrev.com/setuid?bidder=adnxs&gdpr=&gdpr_consent=&us_privacy=&f=i&uid=3971180447162116942

Request Chain 135

https://ad.360yield.com/server_match?gdpr=&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fmbid.marfeelrev.com%2Fsetuid%3Fbidder%3Dimprovedigital%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26f%3Di%26uid%3D%7BPUB_USER_ID%7D HTTP 302
https://ad.360yield.com/ul_cb/server_match?gdpr=&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fmbid.marfeelrev.com%2Fsetuid%3Fbidder%3Dimprovedigital%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26f%3Di%26uid%3D%7BPUB_USER_ID%7D HTTP 302
https://mbid.marfeelrev.com/setuid?bidder=improvedigital&gdpr=&gdpr_consent=&us_privacy=&f=i&uid=136811dd-f799-4d55-9cb4-ad33baa947c7

Request Chain 139

https://creativecdn.com/cm-notify?pi=admatic HTTP 302
https://creativecdn.com/cm-notify?pi=admatic&tc=1 HTTP 302
https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=a2Ng8HM13xJCohjYcZTZ&pi=admatic&tc=1

Request Chain 144

https://ih.adscale.de/uu?cbfn=receive&t=1654487165 HTTP 302
https://ih.adscale.de/uu?cbfn=receive&t=1654487165&nut&uu=90965c3d5e514211bb86bfceb3905458

Request Chain 150

https://ib.adnxs.com/getuid?https%3A%2F%2Fmbid.marfeelrev.com%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26f%3Di%26uid%3D%24UID HTTP 302
https://mbid.marfeelrev.com/setuid?bidder=adnxs&gdpr=&gdpr_consent=&us_privacy=&f=i&uid=3971180447162116942

Request Chain 157

https://bbnaut.ibillboard.com/match/AdScale?partneruid=90965c3d5e514211bb86bfceb3905458&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F4217fb758ef84aa083454f611d8fc583%2F1654487165568%2F0%2Fimg%3Ftpid%3D101%26tpuid%3DIBB_USER_ID&gdpr=0 HTTP 302
https://ih.adscale.de/sium/4217fb758ef84aa083454f611d8fc583/1654487165568/0/img?tpid=101&tpuid=BBID-01-03292011658303345-16622424

Request Chain 158

https://ssum.casalemedia.com/usermatchredir?s=183592&cb=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D63%26tpuid%3D__UID__&uid=a5c8779eccce9ea0e90d8849c3968898a4e40a93b275d65e26552c8cc137299b&tpid=63&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F4217fb758ef84aa083454f611d8fc583%2F1654487165568%2F0%2Fimg&gdpr=0 HTTP 302
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?gdpr=0&tpid=63&tpuid=Yp14fAc.l8-kJI4BXdpa1AAA%261119

Request Chain 159

https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D108%26tpuid%3D%5BMM_UUID%5D&uid=3b7c242961e290ca8713e5e6233d55fc55dc6984d50f84b9852896d82ddb5718&tpid=108&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F4217fb758ef84aa083454f611d8fc583%2F1654487165568%2F0%2Fimg&gdpr=0 HTTP 302
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=eb50629d-787f-4500-a574-e07ea982d81b&gdpr=0&gdpr_consent=

Request Chain 168

https://track.adform.net/serving/cookie/match/?party=9&uid=febec25e0d0a4e3be2ca406383fe14f6effc92d3a87ba35164b3d2cb13b863ec&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F4217fb758ef84aa083454f611d8fc583%2F1654487165568%2F0%2Fimg&gdpr=0 HTTP 302
https://track.adform.net/serving/cookie/match/?CC=1&party=9&uid=febec25e0d0a4e3be2ca406383fe14f6effc92d3a87ba35164b3d2cb13b863ec&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F4217fb758ef84aa083454f611d8fc583%2F1654487165568%2F0%2Fimg&gdpr=0 HTTP 302
https://ih.adscale.de/sium/4217fb758ef84aa083454f611d8fc583/1654487165568/0/img?tpid=42&gdpr=0&tpuid=8361669292563733058

Request Chain 171

https://dis.criteo.com/dis/usersync.aspx?r=17&p=32&cp=adscale&url=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D40%26tpuid%3D%40%40CRITEO_USERID%40%40&uid=12ed7185d35d79a44078c3f2e619e4c828b31231071ea55615ea9ac4579a636b&tpid=40&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F4217fb758ef84aa083454f611d8fc583%2F1654487165568%2F0%2Fimg&gdpr=0 HTTP 302
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=3404d6f6-3226-4511-94fc-0ef6e516c5f4&gdpr=0

Request Chain 172

https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D39%26tpuid%3D%5BMM_UUID%5D&uid=6055184a449ee7dc3027690e712dc189b9c315c741e59c4fe28783d4ca7a3572&tpid=39&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F4217fb758ef84aa083454f611d8fc583%2F1654487165568%2F0%2Fimg&gdpr=0 HTTP 302
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=02fe629d-787f-4200-b567-9fe0cd08841e&gdpr=0&gdpr_consent=

Request Chain 173

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_sc&uid=1c8f7165e482aca1d839a634b92074e729f63bb32b2d043c150587cd54df1786&tpid=38&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F4217fb758ef84aa083454f611d8fc583%2F1654487165568%2F0%2Fimg&gdpr=0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm=&google_sc=&uid=1c8f7165e482aca1d839a634b92074e729f63bb32b2d043c150587cd54df1786&tpid=38&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F4217fb758ef84aa083454f611d8fc583%2F1654487165568%2F0%2Fimg&gdpr=0&google_tc= HTTP 302
https://ih.adscale.de/sium/4217fb758ef84aa083454f611d8fc583/1654487165568/0/img?uid=1c8f7165e482aca1d839a634b92074e729f63bb32b2d043c150587cd54df1786&tpid=38&gdpr=0&tpuid=CAESECjRV0Q1Wq-bvr1J9GwmURo&google_cver=1

Request Chain 174

https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=c8e3e85b7d5a0dded419140aeb3644c92d8f754c224f065e7283fc5a0037ac62&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F4217fb758ef84aa083454f611d8fc583%2F1654487165568%2F0%2Fjs&gdpr=0 HTTP 302
https://tracking-a.dsp.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=c8e3e85b7d5a0dded419140aeb3644c92d8f754c224f065e7283fc5a0037ac62&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F4217fb758ef84aa083454f611d8fc583%2F1654487165568%2F0%2Fjs&gdpr=0&checkcookies=true HTTP 302
https://ih.adscale.de/sium/4217fb758ef84aa083454f611d8fc583/1654487165568/0/js?tpid=48&tpuid=704e91fbb9133e6337f5ec8bc52357ae

206 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/ 181 KB
24 KB 660ms
394ms Document
text/html 34.202.200.131
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.202.200.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-202-200-131.compute-1.amazonaws.com

Software

nginx /

Resource Hash

13dc18598f971d1d020bfddd38898f0dd1fa1ce194ae2582c2b069d8ac39a2bc

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, private
content-encoding: br
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
content-type: text/html; charset=UTF-8
date: Mon, 06 Jun 2022 03:46:02 GMT
referrer-policy: no-referrer-when-downgrade
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 Mobile-malware.jpg
static2.srcdn.com/wordpress/wp-content/uploads/2022/04/ 33 KB
34 KB 265ms
167ms Image
image/webp 2606:4700:10::6816:2f51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static2.srcdn.com/wordpress/wp-content/uploads/2022/04/Mobile-malware.jpg?q=50&fit=crop&w=960&h=500&dpr=1.5
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2f51 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5b7c474f3282ff9cb5cdc13d6982a706b012f674a4ff33a8febbda9f13df43de

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
cf-cache-status: HIT
cf-polished: qual=85, origFmt=jpeg, origSize=43953
content-disposition: inline; filename="Mobile-malware.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 33940
x-request-id: ezvvJ4FUaXSiJAS3gOc5o
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: cd38a71a9e130cb5331df7fb44c5ca26959d0f0a92036972adab1dc2ec0a1770
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
access-control-allow-methods: GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 716e28a0af439271-FRA
expires: Tue, 06 Jun 2023 03:25:32 GMT

GET
H2 200 David-Toborowsky-Annie-Suwan-In-90-Day-Fiance.jpg
static0.srcdn.com/wordpress/wp-content/uploads/2020/11/ 7 KB
7 KB 146ms
49ms Image
image/webp 2606:4700:10::ac43:25aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static0.srcdn.com/wordpress/wp-content/uploads/2020/11/David-Toborowsky-Annie-Suwan-In-90-Day-Fiance.jpg?q=50&fit=crop&w=320&h=160&dpr=1.5
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:25aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd45e607d9e2e4bd54f3c4f6270cabc326d8631bb38010fdbcd15be5018f66b4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:02 GMT
cf-cache-status: HIT
age: 1578913
cf-polished: qual=85, origFmt=jpeg, origSize=8415
content-disposition: inline; filename="David-Toborowsky-Annie-Suwan-In-90-Day-Fiance.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6710
x-request-id: rVHhfUhcHDutXocVNc0dM
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: 39a6f374b2b0c5235c8664f9c1cb3e5d069c4704b0ce9f30216360310d222749
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
access-control-allow-methods: GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 716e28a0ab22927f-FRA
expires: Tue, 16 May 2023 21:30:57 GMT

GET
H2 200 90-Day-Fiance-Before-the-90-Days-Jasmine-and-Gino.jpg
static3.srcdn.com/wordpress/wp-content/uploads/2022/04/ 8 KB
8 KB 429ms
420ms Image
image/webp 2606:4700:10::6816:2f51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static3.srcdn.com/wordpress/wp-content/uploads/2022/04/90-Day-Fiance-Before-the-90-Days-Jasmine-and-Gino.jpg?q=50&fit=crop&w=320&h=160&dpr=1.5
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2f51 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6fd8aeb3e7a2f92a13af1180be7f8a43a615b9d8fdc114a80d7d5b144ef510bd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
cf-cache-status: HIT
cf-polished: qual=85, origFmt=jpeg, origSize=9638
content-disposition: inline; filename="90-Day-Fiance-Before-the-90-Days-Jasmine-and-Gino.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8268
x-request-id: wPHoMjqjOimul6Sa_phn-
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: 9b124208d840c240e53ed60f806ee42cb17ca4fa103edd23d490d43db1175f6b
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
access-control-allow-methods: GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 716e28a12fde9271-FRA
expires: Mon, 05 Jun 2023 01:53:48 GMT

GET
H2 200 a-article.c95c8a9c.css
screenrant.com/public/build/ 117 KB
18 KB 141ms
140ms Stylesheet
text/css 34.202.200.131
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://screenrant.com/public/build/a-article.c95c8a9c.css

Requested by

Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.202.200.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-202-200-131.compute-1.amazonaws.com

Software

nginx /

Resource Hash

502ef097688d09580b38dcf3b5fe5b3f0edbf20eae84778a863e382c78c68ec8

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:02 GMT
content-encoding: br
x-content-type-options: nosniff
vary: Accept-Encoding
x-xss-protection: 1; mode=block
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 01 Jun 2022 21:55:08 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"6297e03c-1d2de"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css
cache-control: max-age=31536000, max-age=31536000, public
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
expires: Tue, 06 Jun 2023 03:46:02 GMT

GET
H2 200 dfp.js Show response
screenrant.com/public/build/ 36 B
509 B 138ms
132ms Script
application/javascript 34.202.200.131
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://screenrant.com/public/build/dfp.js

Requested by

Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.202.200.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-202-200-131.compute-1.amazonaws.com

Software

nginx /

Resource Hash

ffc4b44e1b7402c08e5f2f702ca535e7e7083a684cda203dfdcb734cd5761aa6

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
content-encoding: br
x-content-type-options: nosniff
vary: Accept-Encoding
x-xss-protection: 1; mode=block
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 01 Jun 2022 21:55:08 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"6297e03c-24"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000, max-age=31536000, public
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
expires: Tue, 06 Jun 2023 03:46:03 GMT

GET
H2 200 valnet-header-ads.cc6558be.js Show response
screenrant.com/public/build/ 167 KB
48 KB 144ms
138ms Script
application/javascript 34.202.200.131
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://screenrant.com/public/build/valnet-header-ads.cc6558be.js

Requested by

Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.202.200.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-202-200-131.compute-1.amazonaws.com

Software

nginx /

Resource Hash

28da1c861d903f7c583beeb324e2a1f6237bed86b3ad1231c149f7583200ce11

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
content-encoding: br
x-content-type-options: nosniff
vary: Accept-Encoding
x-xss-protection: 1; mode=block
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 01 Jun 2022 21:55:08 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"6297e03c-29b60"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000, max-age=31536000, public
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
expires: Tue, 06 Jun 2023 03:46:03 GMT

GET
H/1.1 200
OK 184735-252190346293640.js Show response
js-sec.indexww.com/ht/p/ 184 KB
47 KB 193ms
49ms Script
text/javascript 104.102.29.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/ht/p/184735-252190346293640.js
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.102.29.65 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-102-29-65.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e773d33c4261d262bd0d614bfc80c5e007512e222b89e871913ca717d08ab665

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Mon, 06 Jun 2022 03:46:03 GMT
Content-Encoding: gzip
Last-Modified: Mon, 06 Jun 2022 02:51:41 GMT
Server: Apache
ETag: "da3ac2-2e059-5e0be8d390d0c"
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=646
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 48145
Expires: Mon, 06 Jun 2022 03:56:49 GMT

GET
H2 200 op.js Show response
tagan.adlightning.com/valnet/ 48 KB
19 KB 147ms
43ms Script
application/javascript 65.9.63.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/valnet/op.js
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.63.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-63-30.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 443f923efa3236e548fef972cf8a8c68a819aa75af2ffd71cc68aa1e6d70035c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-version-id: IGhSr0VkIxa0I.E2r3j8CU26m.Amt9I5
content-encoding: gzip
etag: "03dc5f95e37b0a1903e0790b9c4ad4ad"
age: 2062
x-cache: Hit from cloudfront
content-length: 19478
x-amz-meta-git_commit: 39123b0
last-modified: Mon, 25 Apr 2022 05:16:08 GMT
server: AmazonS3
date: Mon, 06 Jun 2022 03:12:37 GMT
content-type: application/javascript
via: 1.1 6b38a2e1db230db568190464ab7177da.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-cf-id: ZRcxYKwmAl5_siWufItcSPVIg3KhGkq5bbBWI6hFHdYGYwex6ruTyw==

GET
H2 200 tag.js Show response
a.teads.tv/analytics/ 18 KB
5 KB 186ms
37ms Script
text/javascript 23.35.229.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://a.teads.tv/analytics/tag.js
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.229.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-229-56.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: ea77d70739ed678e86c3d934e7051c228ff1738bf9bcbd009f276430eba99f1b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
x-amz-version-id: KLBVzPXbkA14yzpQA19k5.TPyz1K0vCk
content-encoding: br
last-modified: Thu, 12 May 2022 08:35:31 GMT
x-amz-request-id: JV33N9GTG108P2FF
etag: "33fb273755173ad09b4684d7a0a54444"
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: private, max-age=3600
date: Mon, 06 Jun 2022 03:46:03 GMT
accept-ranges: bytes
content-length: 4724
x-amz-id-2: W2Ki+HRlSX4CBs2jUiOaiKMlhHGsATNbrM7kLQFVjFgyRsK3ODdQAn2XDDkOEuv7JleWXYDpptM=

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 122ms
38ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

503269dded73bca0163e5bf87351301696ff6b0f04e704354bcfe01fdeb7c3c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: rno+NV96J2KJECFp46rRpw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1686
x-fb-rlafr: 0
x-fb-debug: iARrnEXBE9h9vuDtZGxOGt76YdE/FRAA7uwT9P/c01aw/TnvB4rl5v+AUTpuld86hSoKT6rC7wOyiX87wRtqqA==
x-fb-trip-id: 686109401
x-fb-content-md5: 0c7c6860b1204d9a1c28a9d14d4ea65a
x-frame-options: DENY
date: Mon, 06 Jun 2022 03:46:03 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "c34ae534cece24781b38c88df9274a10"
timing-allow-origin: *
priority: u=3,i
expires: Mon, 06 Jun 2022 03:51:58 GMT

GET
H2 200 gr-logo-full-colored-light.52180668.svg
screenrant.com/public/build/images/ 1 KB
1 KB 260ms
254ms Image
image/svg+xml 34.202.200.131
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://screenrant.com/public/build/images/gr-logo-full-colored-light.52180668.svg

Requested by

Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.202.200.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-202-200-131.compute-1.amazonaws.com

Software

nginx /

Resource Hash

a1ae17abf7d81068b9f8548675673ffae3ca59c50a511a782c03adf176583d6e

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
content-encoding: br
x-content-type-options: nosniff
vary: Accept-Encoding
x-xss-protection: 1; mode=block
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 01 Jun 2022 21:55:08 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"6297e03c-5a7"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, max-age=31536000, public
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
expires: Tue, 06 Jun 2023 03:46:03 GMT

GET
H2 200 cb-logo-full-colored-light.4e17204e.svg
screenrant.com/public/build/images/ 11 KB
4 KB 131ms
126ms Image
image/svg+xml 34.202.200.131
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://screenrant.com/public/build/images/cb-logo-full-colored-light.4e17204e.svg

Requested by

Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.202.200.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-202-200-131.compute-1.amazonaws.com

Software

nginx /

Resource Hash

b5a2c7e4f57f102b95f4dae4128a145cdfadc6e326185bb4f3b6909415ed7509

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
content-encoding: br
x-content-type-options: nosniff
vary: Accept-Encoding
x-xss-protection: 1; mode=block
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 01 Jun 2022 21:55:08 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"6297e03c-2d8b"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, max-age=31536000, public
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
expires: Tue, 06 Jun 2023 03:46:03 GMT

GET
H2 200 tg-logo-full-colored-light.4617d85c.svg
screenrant.com/public/build/images/ 3 KB
1 KB 260ms
255ms Image
image/svg+xml 34.202.200.131
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://screenrant.com/public/build/images/tg-logo-full-colored-light.4617d85c.svg

Requested by

Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.202.200.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-202-200-131.compute-1.amazonaws.com

Software

nginx /

Resource Hash

f136be1c736721a3a258ffed1d6870f3b87cf1266c7ac43cc61250ed117637a1

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
content-encoding: br
x-content-type-options: nosniff
vary: Accept-Encoding
x-xss-protection: 1; mode=block
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 01 Jun 2022 21:55:08 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"6297e03c-bbb"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, max-age=31536000, public
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
expires: Tue, 06 Jun 2023 03:46:03 GMT

GET
H2 200 liveView.php Show response
live.primis.tech/live/ 44 KB
45 KB 164ms
51ms Script
text/javascript 2600:9000:2156:ea00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveView.php?s=108508&subId=[SR-Reg-Org]
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ea00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: c613b581afcfcdb9f77a3e96fcba86f145228d61ff8dec3b889b823f89fb538e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:02 GMT
via: 1.1 632ee301c4920b52f2463aa9e978c57e.cloudfront.net (CloudFront)
server: nginx
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-store
x-amz-cf-pop: FRA50-C1
content-type: text/javascript; charset=utf-8
x-amz-cf-id: a81-VdtlcTwDZLOpcR7IEoQgWUr9fP4NDzljeFdqIYWqQpsPt8Eifg==

GET
H2 200 Did-Obi-Wan-Have-Romantic-Feelings-For-Padme-.jpg
static3.srcdn.com/wordpress/wp-content/uploads/2022/06/ 12 KB
13 KB 52ms
45ms Image
image/webp 2606:4700:10::6816:2f51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static3.srcdn.com/wordpress/wp-content/uploads/2022/06/Did-Obi-Wan-Have-Romantic-Feelings-For-Padme-.jpg?q=50&fit=crop&w=320&h=160&dpr=1.5
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2f51 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9ba97369bdedabba40fbe402042b5aec66b9bf40d34423980d3bd5f866dfce0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
cf-cache-status: HIT
age: 25428
cf-polished: qual=85, origFmt=jpeg, origSize=13070
content-disposition: inline; filename="Did-Obi-Wan-Have-Romantic-Feelings-For-Padme-.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 12776
x-request-id: vUCwuiZUDEE8SViOdM0vi
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: 257beacb4337aac84c82fce8020381497362a90144c5f49b69950d2334dc2a87
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
access-control-allow-methods: GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 716e28a12fdd9271-FRA
expires: Mon, 05 Jun 2023 19:35:05 GMT

GET
H2 200 Obi-Wan-Kenobi-Duel-with-Darth-Vader-on-Mazupo.jpg
static2.srcdn.com/wordpress/wp-content/uploads/2022/06/ 8 KB
9 KB 46ms
42ms Image
image/webp 2606:4700:10::6816:2f51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static2.srcdn.com/wordpress/wp-content/uploads/2022/06/Obi-Wan-Kenobi-Duel-with-Darth-Vader-on-Mazupo.jpg?q=50&fit=crop&w=320&h=160&dpr=1.5
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2f51 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29ba76e50edca0dfeec3d26af642957eddf33817ca79256efe611922808d6641

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
cf-cache-status: HIT
age: 18624
cf-polished: qual=85, origFmt=jpeg, origSize=9443
content-disposition: inline; filename="Obi-Wan-Kenobi-Duel-with-Darth-Vader-on-Mazupo.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8566
x-request-id: qsR9nUeZj7ZznH7se1p1d
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: f6a5d7a383850ceed4c2d8eb199b8581f22037edf9f1a0786844f488cc6907a4
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
access-control-allow-methods: GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 716e28a12fd29271-FRA
expires: Mon, 05 Jun 2023 22:32:22 GMT

GET
H2 200 Who-The-Vault-Is-In-AC-Valhalla.jpg
static0.srcdn.com/wordpress/wp-content/uploads/2022/06/ 10 KB
10 KB 55ms
51ms Image
image/webp 2606:4700:10::ac43:25aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static0.srcdn.com/wordpress/wp-content/uploads/2022/06/Who-The-Vault-Is-In-AC-Valhalla.jpg?q=50&fit=crop&w=320&h=160&dpr=1.5
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:25aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e4f9e4d5d1563bb3a9a34d8c4edaa11e18cb21cbac6a1f8e596cb0b111d4e4ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
cf-cache-status: HIT
age: 24231
cf-polished: qual=85, origFmt=jpeg, origSize=10302
content-disposition: inline; filename="Who-The-Vault-Is-In-AC-Valhalla.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 9782
x-request-id: -S7-bgK6s1eWbBC23ay8C
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: 329d288d5b55fad5c2e24dec27cd256458a4d46e2989fa7e9627dd491ae048bd
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
access-control-allow-methods: GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 716e28a12bc7927f-FRA
expires: Mon, 05 Jun 2023 20:32:41 GMT

GET
H2 200 KalaniKoliliFaagataInstagram-In-90-Day-Fiance-3.jpg
static2.srcdn.com/wordpress/wp-content/uploads/2022/06/ 7 KB
8 KB 47ms
43ms Image
image/webp 2606:4700:10::6816:2f51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static2.srcdn.com/wordpress/wp-content/uploads/2022/06/KalaniKoliliFaagataInstagram-In-90-Day-Fiance-3.jpg?q=50&fit=crop&w=320&h=160&dpr=1.5
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2f51 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f5ecd17f7771e4d95d503848174b60b664c8d91f9acb4ca63581938c193fa1d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
cf-cache-status: HIT
age: 110452
cf-polished: qual=85, origFmt=jpeg, origSize=8880
content-disposition: inline; filename="KalaniKoliliFaagataInstagram-In-90-Day-Fiance-3.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7498
x-request-id: Nd0jEd4qYwni_KaFE2ZW3
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: 9af6e2727cfe81d911a4f66b4cf7720e3856f89e88a7bbd7d61dbeff58b72d2a
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
access-control-allow-methods: GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 716e28a12fd39271-FRA
expires: Sun, 04 Jun 2023 20:31:26 GMT

GET
H2 200 The-Voice-Carson-Daly.jpg
static2.srcdn.com/wordpress/wp-content/uploads/2021/06/ 9 KB
9 KB 48ms
44ms Image
image/webp 2606:4700:10::6816:2f51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static2.srcdn.com/wordpress/wp-content/uploads/2021/06/The-Voice-Carson-Daly.jpg?q=50&fit=crop&w=320&h=160&dpr=1.5
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2f51 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e2e410eda44b3090b41feb8e2919c644c410d270a97ee5b9fa5db953fc64ba60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
cf-cache-status: HIT
age: 22438
cf-polished: qual=85, origFmt=jpeg, origSize=10341
content-disposition: inline; filename="The-Voice-Carson-Daly.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8742
x-request-id: GzKmAM_3Mm5P6ZAKdJYf2
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: 6cb5118852d02a3a9b714ae96a35a226158ae5921424d8d74a615bcef4f233fc
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
access-control-allow-methods: GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 716e28a12fd89271-FRA
expires: Mon, 05 Jun 2023 19:33:25 GMT

GET
H2 200 Ultra-Instinct-Goku-and-Ultra-Ego-Vegeta.jpg
static0.srcdn.com/wordpress/wp-content/uploads/2022/05/ 14 KB
14 KB 47ms
43ms Image
image/jpeg 2606:4700:10::ac43:25aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static0.srcdn.com/wordpress/wp-content/uploads/2022/05/Ultra-Instinct-Goku-and-Ultra-Ego-Vegeta.jpg?q=50&fit=crop&w=320&h=160&dpr=1.5
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:25aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd3aa99057ebe4341d47bb0164e4e95c87f24c3a389f1c7d1f09c180ccd9f9c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
cf-cache-status: HIT
age: 25605
cf-polished: degrade=85, origSize=14261, status=webp_bigger
content-disposition: inline; filename="Ultra-Instinct-Goku-and-Ultra-Ego-Vegeta.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13980
x-request-id: XUazbr__YeBuQEwdlx7zd
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: 792e17e03e3ba1a9f252bbedecc8318e2826a8850992b10bde5fa87502fcd268
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 716e28a12bc8927f-FRA
expires: Mon, 05 Jun 2023 19:31:15 GMT

GET
H2 200 Colt-Johnson-90-Day-The-Single-Life.jpg
static2.srcdn.com/wordpress/wp-content/uploads/2022/01/ 6 KB
6 KB 50ms
47ms Image
image/webp 2606:4700:10::6816:2f51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static2.srcdn.com/wordpress/wp-content/uploads/2022/01/Colt-Johnson-90-Day-The-Single-Life.jpg?q=50&fit=crop&w=320&h=160&dpr=1.5
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2f51 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 97165975f4509ddf4ed5f3cd4eef9a5dbdf9b0adef4f751c86c1978e32193075

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
cf-cache-status: HIT
age: 30899
cf-polished: qual=85, origFmt=jpeg, origSize=7349
content-disposition: inline; filename="Colt-Johnson-90-Day-The-Single-Life.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5782
x-request-id: Df90BZm-peK-cDZn3Vr3a
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: 7696e79daf65c31e1da0c4ce24c5452e2bf1b3f4c1e381e5048f297968e7fc96
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
access-control-allow-methods: GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 716e28a12fda9271-FRA
expires: Mon, 05 Jun 2023 18:32:28 GMT

GET
H2 200 Panosian-Catwoman-Variant-Cover-Featured-Image.jpg
static2.srcdn.com/wordpress/wp-content/uploads/2022/06/ 17 KB
17 KB 49ms
45ms Image
image/jpeg 2606:4700:10::6816:2f51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static2.srcdn.com/wordpress/wp-content/uploads/2022/06/Panosian-Catwoman-Variant-Cover-Featured-Image.jpg?q=50&fit=crop&w=320&h=160&dpr=1.5
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2f51 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5fbf7f15d57880307b2e2522d549ae36a40cc53432866e16ad47a1b5beedf82e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
cf-cache-status: HIT
age: 10812
cf-polished: degrade=85, origSize=18422, status=webp_bigger
content-disposition: inline; filename="Panosian-Catwoman-Variant-Cover-Featured-Image.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17512
x-request-id: 84Qe01PLU4AtISRxZTgzG
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: 45c2ef1f6a499d8718207e38022ec36a788f9c69061daf7505b489dd5cb6bb1f
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 716e28a12fdb9271-FRA
expires: Tue, 06 Jun 2023 00:31:03 GMT

GET
H2 200 Jet-Li-in-Fearless-fight-scene-pic.jpg
static0.srcdn.com/wordpress/wp-content/uploads/2022/05/ 9 KB
9 KB 46ms
42ms Image
image/webp 2606:4700:10::ac43:25aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static0.srcdn.com/wordpress/wp-content/uploads/2022/05/Jet-Li-in-Fearless-fight-scene-pic.jpg?q=50&fit=crop&w=320&h=160&dpr=1.5
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:25aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 76cf5d67b154644e0926c299dc6f871bee270d04abeadff81ba60821850dac54

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
cf-cache-status: HIT
age: 11261
cf-polished: qual=85, origFmt=jpeg, origSize=10023
content-disposition: inline; filename="Jet-Li-in-Fearless-fight-scene-pic.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 9048
x-request-id: mlh9Lt5GXrTft1S3XCiWN
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: 68851e735ccba3ddbc7f38e718c2712a691ce445df047efb0400f396d16c7f24
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
access-control-allow-methods: GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 716e28a12bc9927f-FRA
expires: Mon, 05 Jun 2023 23:32:01 GMT

GET
H2 200 valnet-footer.e81fad81.js Show response
screenrant.com/public/build/ 31 KB
10 KB 130ms
127ms Script
application/javascript 34.202.200.131
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://screenrant.com/public/build/valnet-footer.e81fad81.js

Requested by

Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.202.200.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-202-200-131.compute-1.amazonaws.com

Software

nginx /

Resource Hash

1050117d227427739a7eab9087460aab08cde768ff982be42968074c804d1a99

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
content-encoding: br
x-content-type-options: nosniff
vary: Accept-Encoding
x-xss-protection: 1; mode=block
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 01 Jun 2022 21:55:08 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"6297e03c-7bde"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000, max-age=31536000, public
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
expires: Tue, 06 Jun 2023 03:46:03 GMT

GET
H2 200 valnet-footer-article.cb7988da.js Show response
screenrant.com/public/build/ 3 KB
1 KB 132ms
129ms Script
application/javascript 34.202.200.131
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://screenrant.com/public/build/valnet-footer-article.cb7988da.js

Requested by

Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.202.200.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-202-200-131.compute-1.amazonaws.com

Software

nginx /

Resource Hash

515138cedf6ac4776653a8d117e4207be46fe50ce39b96cdbcf16ab99330ab02

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
content-encoding: br
x-content-type-options: nosniff
vary: Accept-Encoding
x-xss-protection: 1; mode=block
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 01 Jun 2022 21:55:08 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"6297e03c-a1d"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000, max-age=31536000, public
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
expires: Tue, 06 Jun 2023 03:46:03 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 121ms
37ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 5215
date: Mon, 06 Jun 2022 02:19:08 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 06 Jun 2022 04:19:08 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 175 KB
62 KB 132ms
48ms Script
application/javascript 2a00:1450:4001:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N2QHW32

Requested by

Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1053cb045635da4470fdcee7e886e05f862d8e71ed782e8d3d7d7c0fde874bdd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62627
x-xss-protection: 0
last-modified: Mon, 06 Jun 2022 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 06 Jun 2022 03:46:03 GMT

GET
H/1.1 200
OK narrativ-pub.1.0.0.js Show response
static.narrativ.com/tags/ 39 KB
40 KB 140ms
44ms Script
application/octet-stream 18.66.122.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.narrativ.com/tags/narrativ-pub.1.0.0.js
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-10.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: aa318ad60a4086b7b754b6543052ca0bffe3cefc58577feac2052c2f0f1609be

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Sun, 05 Jun 2022 05:23:03 GMT
Via: 1.1 375431e28d82888f474ac3665a4ceb66.cloudfront.net (CloudFront)
Last-Modified: Tue, 24 May 2022 19:48:58 GMT
Server: AmazonS3
Age: 80592
ETag: "4e38f8f79701d4df2e8d8694e20d4907"
X-Cache: Hit from cloudfront
Content-Type: application/octet-stream
Connection: keep-alive
X-Amz-Cf-Pop: FRA60-P2
Content-Length: 40394
X-Amz-Cf-Id: zM3X7Tp1aYWgrJi6Q5lHNhgGekbUPuqjb3denKOQ5xJKkaDGy6wCjQ==

GET
H2 200 v2ici-GreEooOb39MzUWkIYDjUpMATVprWlVca_jlOajlnF7Q2YBLh0j4FOUXtl6T Show response
aloofvest.com/ 546 KB
93 KB 164ms
62ms Script
text/javascript 35.190.74.49
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://aloofvest.com/v2ici-GreEooOb39MzUWkIYDjUpMATVprWlVca_jlOajlnF7Q2YBLh0j4FOUXtl6T

Requested by

Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.74.49 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

49.74.190.35.bc.googleusercontent.com

Software

Resource Hash

0854ea2969c3bb3991b339091ef994c16adee7a56a424063d54dd9e258e04eac

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
x-datacenter: gce-europe-west1
etag: "a5675778abb05176293b9bfc3dc53ddfea2fe3063bcebffbe4d8e6789c596cdb"
vary: Accept-Encoding, Accept-Language
x-hostname: fen-hoothoot-europe-west1-fhcq
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
date: Mon, 06 Jun 2022 03:46:03 GMT
x-buildnumber: 541459873
timing-allow-origin: *

GET
H2 200 v2lrlkLATGNQxzzeKiI6IdcXKOqR7fSFUC7Qlwqp5HbNuSUWGA96k2eghWhtvqDoIM-jsrMruurLPO7OzNw Show response
aloofvest.com/ 16 KB
6 KB 121ms
54ms Script
text/javascript 35.190.74.49
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://aloofvest.com/v2lrlkLATGNQxzzeKiI6IdcXKOqR7fSFUC7Qlwqp5HbNuSUWGA96k2eghWhtvqDoIM-jsrMruurLPO7OzNw

Requested by

Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.74.49 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

49.74.190.35.bc.googleusercontent.com

Software

Resource Hash

9cb70d57963bcf4e703e87c1350d59382ab2cc49dfddfd730c0094c98a3b773f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: gzip
x-datacenter: gce-europe-west1
etag: "d3977398a92d77da144ddc133d0b2aa679239b9197db407a91cde85ce0c5b89c"
vary: Accept-Encoding, Accept-Language
x-hostname: fen-hoothoot-europe-west1-fhcq
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
date: Mon, 06 Jun 2022 03:46:03 GMT
x-buildnumber: 541459873
timing-allow-origin: *

GET
H2 200 269 Show response
a.ad.gt/api/v1/u/matches/ 8 KB
9 KB 618ms
202ms Script
application/javascript 52.12.72.198
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://a.ad.gt/api/v1/u/matches/269?url=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&ref=
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.12.72.198 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-12-72-198.us-west-2.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: 52106a836385c1a28e56b524cb3a414e27d3d79864edf54b8de903dc6fe36867

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 06 Jun 2022 03:46:03 GMT
cross-origin-resource-policy: cross-origin
server: nginx/1.20.0
content-length: 8655
content-type: application/javascript

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 82 KB
28 KB 129ms
47ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cfa51911106a64d4b274ec739c28fb2c5b0d2aacbac11b8b49c4b06174199c71

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28121
x-xss-protection: 0
server: sffe
etag: "1236 / 791 of 1000 / last-modified: 1654293884"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 06 Jun 2022 03:46:03 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 134 KB
37 KB 139ms
45ms Script
application/javascript 108.138.4.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.4.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-4-10.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1eabadac42cf734244db7ffc1ccbe12580ef8574ca267ca2f106439d9eb6169e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Mon, 06 Jun 2022 03:33:10 GMT
via: 1.1 ec1ac21acdbd36c971eca9d6b61d0744.cloudfront.net (CloudFront), 1.1 22ec86e3f4ec676e17ef8eea76eefba2.cloudfront.net (CloudFront)
last-modified: Tue, 24 May 2022 19:53:04 GMT
server: AmazonS3
age: 774
etag: W/"cc07895b7b7c30a55c948b849ccd5e56"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-pop: FRA60-P1, FRA56-P6
content-encoding: gzip
x-amz-cf-id: 3G4HjozmIMQ5b-M51-3Nh5QTan5qedKWTJwEaPBnElyAEReu-VNhvA==

GET
H2 200 sr-logo-full-colored-light.54036564.svg
screenrant.com/public/build/images/ 2 KB
1 KB 128ms
127ms Image
image/svg+xml 34.202.200.131
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://screenrant.com/public/build/images/sr-logo-full-colored-light.54036564.svg

Requested by

Host: screenrant.com
URL: https://screenrant.com/public/build/a-article.c95c8a9c.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.202.200.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-202-200-131.compute-1.amazonaws.com

Software

nginx /

Resource Hash

c3966fad1c54aa07641f049e66a8697297ab6d9643d4200f3e47f7ac638caba5

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/public/build/a-article.c95c8a9c.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
content-encoding: br
x-content-type-options: nosniff
vary: Accept-Encoding
x-xss-protection: 1; mode=block
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 01 Jun 2022 21:55:08 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"6297e03c-85b"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, max-age=31536000, public
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
expires: Tue, 06 Jun 2023 03:46:03 GMT

GET
H2 200 icomoon.284f6729.woff
screenrant.com/public/build/fonts/ 13 KB
14 KB 242ms
242ms Font
font/woff 34.202.200.131
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://screenrant.com/public/build/fonts/icomoon.284f6729.woff

Requested by

Host: screenrant.com
URL: https://screenrant.com/public/build/a-article.c95c8a9c.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.202.200.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-202-200-131.compute-1.amazonaws.com

Software

nginx /

Resource Hash

33dfa806e2056c81aab1b2e46ba016313f5189d10e0b7c9a3e355b59bfada530

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://screenrant.com/public/build/a-article.c95c8a9c.css
Origin: https://screenrant.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
x-content-type-options: nosniff
content-length: 13380
x-xss-protection: 1; mode=block
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 01 Jun 2022 21:55:08 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: "6297e03c-3444"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=31536000, max-age=31536000, public
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
accept-ranges: bytes
expires: Tue, 06 Jun 2023 03:46:03 GMT

GET
H2 200 khand-v8-latin-700.2084d191.woff2
screenrant.com/public/build/fonts/ 14 KB
14 KB 221ms
220ms Font
font/woff2 34.202.200.131
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://screenrant.com/public/build/fonts/khand-v8-latin-700.2084d191.woff2

Requested by

Host: screenrant.com
URL: https://screenrant.com/public/build/a-article.c95c8a9c.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.202.200.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-202-200-131.compute-1.amazonaws.com

Software

nginx /

Resource Hash

55590528f3843330e079ab923a28a2e8f95b47c9b38d413b98b019b244f6c9cc

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://screenrant.com/public/build/a-article.c95c8a9c.css
Origin: https://screenrant.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
x-content-type-options: nosniff
content-length: 14300
x-xss-protection: 1; mode=block
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 01 Jun 2022 21:55:08 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: "6297e03c-37dc"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000, max-age=31536000, public
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
accept-ranges: bytes
expires: Tue, 06 Jun 2023 03:46:03 GMT

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 296 KB
84 KB 76ms
37ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=a5bf1a6363c7d2a2ce40fddb9f070b68

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f7c1f0669433ac14a315d9c6f87bde0528a5268b9d7cd12b759112846984e9d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Origin: https://screenrant.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: OMfUrv+Jo7t9JBAJGtjYhw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 86125
x-fb-rlafr: 0
x-fb-debug: 2MslEEnAzvz3TCl9ze3DcfNhXixLkd1Y4eKShVQSzrBWb6ytF9VbCFbwhPt/Arv6QgDHpeDkK0gmyDx04QaAdw==
x-fb-content-md5: ace6f8277812f75abc9488852d3a42af
x-frame-options: DENY
date: Mon, 06 Jun 2022 03:46:03 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "e76e190d1f17c928271c0dad2ef74f29"
timing-allow-origin: *
priority: u=3,i
expires: Tue, 06 Jun 2023 01:29:13 GMT

GET
H2 200 liveView.php Show response
live.primis.tech/live/ Frame 8808 5 KB
5 KB 51ms
51ms Script
text/javascript 2600:9000:2156:ea00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveView.php?s=108508&subId=[SR-Reg-Org]&x=600&y=338&cbuster=1654487163&pubUrlAuto=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&isDoublePreroll=1&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=108508&subId=[SR-Reg-Org]
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ea00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 07f8fe57519d07fa235e70f14ecf4d280f994539ed285a9b9c24ac94acc752c9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:02 GMT
via: 1.1 632ee301c4920b52f2463aa9e978c57e.cloudfront.net (CloudFront)
server: nginx
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-store
x-amz-cf-pop: FRA50-C1
content-type: text/javascript; charset=utf-8
x-amz-cf-id: diDqwxF41V8BjAami16bebFK0cgRnV90Np8QTG-R9JAGZjmCGvlSSQ==

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
26 KB 77ms
38ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4a9a6afeba8624295a87efaf0d3c76fa7a55271f310adffcfa683bccacc0fc5d

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26310
x-xss-protection: 0
pragma: public
x-fb-debug: w+XRiGZKUfMmnFqbuQZnWVmd3JaCwQhAbMXXfrSAtzBQOlQdD6fbWbyeCss2Ki6EheqN/1mN2FP29NKAvyJUxw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 06 Jun 2022 03:46:03 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

web-vitals.iife.js Show response
unpkg.com/web-vitals@2.1.4/dist/
Redirect Chain

https://unpkg.com/web-vitals/dist/web-vitals.iife.js
https://unpkg.com/web-vitals@2.1.4/dist/web-vitals.iife.js

4 KB
2 KB

45ms
44ms

Script
application/javascript

2606:4700::6810:7aaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/web-vitals@2.1.4/dist/web-vitals.iife.js

Requested by

Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/

Protocol

Server

2606:4700::6810:7aaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ad3e1ebf36f4d5375c097486e514befc0294cf035eb492965b32a3274e6fed0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 11389889
fly-request-id: 01FT83NDR9FPMTDSSVS65CE944
content-encoding: br
vary: Accept-Encoding
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"114c-NCNEyA/dMQ5L7XGqd2v2QNXHero"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 716e28a3bf629107-FRA

Redirect headers

date: Mon, 06 Jun 2022 03:46:03 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
fly-request-id: 01G4VHEWH7AG5HVNC4CGMVCPF4-fra
server: cloudflare
age: 571
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
location: /web-vitals@2.1.4/dist/web-vitals.iife.js
cache-control: public, s-maxage=600, max-age=60
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 716e28a33efe9107-FRA
access-control-allow-origin: *

GET
H2 200 vglnk.js Show response
cdn.viglink.com/api/ 81 KB
28 KB 151ms
54ms Script
text/javascript 2606:4700::6810:a30d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viglink.com/api/vglnk.js
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:a30d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 73073ed7160406dcfbe826dcabd7ec807cf2aa72afe0303424f518767120cf2e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 2082437
cf-ray: 716e28a34ac79b40-FRA
content-length: 28567
x-amz-id-2: JRuATVnhK5aTWebrb/UxEx668VPTef9xrWWoafFq1mrvOYUxBj2865eVYh+xN7Y/BElkqf0Gcj4=
last-modified: Wed, 02 Dec 2020 18:57:12 GMT
server: cloudflare
etag: "072eaf64a771815874455704fca9301b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-request-id: T5CV2HSV57XY278Z
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: text/javascript
expires: Mon, 13 Jun 2022 03:46:03 GMT

GET
H2 204 segments.js Show response
seg.ad.gt/api/v1/ 0
52 B 638ms
212ms Script
text/plain 52.12.61.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://seg.ad.gt/api/v1/segments.js?partner_id=269&url=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.12.61.6 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-12-61-6.us-west-2.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
server: nginx/1.20.0

GET
H/1.1 200
OK cookie-sync.html Show response
mbid.marfeelrev.com/static/ Frame 60F9 6 KB
3 KB 186ms
64ms Document
text/html 148.251.135.181
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://mbid.marfeelrev.com/static/cookie-sync.html
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 148.251.135.181 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.181.135.251.148.clients.your-server.de
Software: istio-envoy /
Resource Hash: c97fc82429a0a8c24a88c64213782da0c325bebc3fc3293235c5c5bd79cb0aa0

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Mon, 06 Jun 2022 03:46:03 GMT
expires: 0
last-modified: Mon, 16 May 2022 14:51:30 GMT
pragma: no-cache
server: istio-envoy
transfer-encoding: chunked
vary: accept-encoding
x-envoy-upstream-service-time: 3

GET
H2 200 sr-logo-full-white.b0cc2b44.svg
screenrant.com/public/build/images/ 2 KB
1 KB 128ms
128ms Image
image/svg+xml 34.202.200.131
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://screenrant.com/public/build/images/sr-logo-full-white.b0cc2b44.svg

Requested by

Host: screenrant.com
URL: https://screenrant.com/public/build/a-article.c95c8a9c.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.202.200.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-202-200-131.compute-1.amazonaws.com

Software

nginx /

Resource Hash

8d3eb2caccafb998548a9c5795a2e870ecc7d0c8fa3d6fee9e0cf9dd79801c04

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/public/build/a-article.c95c8a9c.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
content-encoding: br
x-content-type-options: nosniff
vary: Accept-Encoding
x-xss-protection: 1; mode=block
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 01 Jun 2022 21:55:08 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"6297e03c-829"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, max-age=31536000, public
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
expires: Tue, 06 Jun 2023 03:46:03 GMT

GET
H2 200 pixel.png Show response
screenrant.com/ 103 B
441 B 123ms
123ms XHR
image/png 34.202.200.131
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://screenrant.com/pixel.png?params=---{%22group%22:%22browseclip_imp%22,%22device%22:%22desktop%22,%22ids%22:[{%22id%22:%225352510%22,%22position%22:%22sentinel-article-sidebarTop-1%22},{%22id%22:%225444171%22,%22position%22:%22sentinel-article-sidebarTop-2%22},{%22id%22:%225441476%22,%22position%22:%22sentinel-article-sidebarTop-3%22},{%22id%22:%225431778%22,%22position%22:%22sentinel-article-sidebarTop-4%22},{%22id%22:%225442104%22,%22position%22:%22sentinel-article-sidebarTop-5%22},{%22id%22:%225442950%22,%22position%22:%22sentinel-article-sidebarTop-6+%22},{%22id%22:%224909809%22,%22position%22:%22sentinel-article-sidebarSticky-1%22},{%22id%22:%225440891%22,%22position%22:%22sentinel-article-sidebarSticky-2%22},{%22id%22:%225442321%22,%22position%22:%22sentinel-article-sidebarSticky-3%22},{%22id%22:%225441189%22,%22position%22:%22sentinel-article-relatedContent-1%22},{%22id%22:%225436600%22,%22position%22:%22sentinel-article-relatedContent-2%22},{%22id%22:%225439790%22,%22position%22:%22sentinel-article-relatedContent-3%22},{%22id%22:%225425042%22,%22position%22:%22sentinel-article-relatedContent-4%22},{%22id%22:%225422222%22,%22position%22:%22sentinel-article-relatedContent-5%22},{%22id%22:%225379963%22,%22position%22:%22sentinel-article-relatedContent-6+%22},{%22id%22:%225430546%22,%22position%22:%22sentinel-article-relatedContent-6+%22},{%22id%22:%225441001%22,%22position%22:%22sentinel-article-relatedContent-6+%22},{%22id%22:%225309137%22,%22position%22:%22sentinel-article-relatedContent-6+%22},{%22id%22:%225441212%22,%22position%22:%22sentinel-article-nextArticle%22}],%22eventType%22:%22impression%22}---&rdm=0.33075194386822715

Requested by

Host: screenrant.com
URL: https://screenrant.com/public/build/valnet-footer.e81fad81.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.202.200.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-202-200-131.compute-1.amazonaws.com

Software

nginx /

Resource Hash

d4ed5bd20c3036042165e91001bd91497551164b0e34c76cb8a6eb15c33f3c15

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 24 Oct 2019 21:53:00 GMT
server: nginx
etag: "5db21d3c-67"
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1; mode=block
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
content-length: 103
x-content-type-options: nosniff

OPTIONS
H2 200 /
events.release.narrativ.com/api/v0/publishers/2439/pub_info/ Frame 0
0 393ms
128ms Preflight
text/html 34.192.73.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://events.release.narrativ.com/api/v0/publishers/2439/pub_info/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.192.73.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-192-73-199.compute-1.amazonaws.com

Software

nginx/1.22.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Headers: access-control-allow-credentials,x-requested-with
Access-Control-Request-Method: GET
Origin: https://screenrant.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-headers: access-control-allow-credentials, x-requested-with
access-control-allow-methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
access-control-allow-origin: https://screenrant.com
allow: GET, HEAD, OPTIONS
content-length: 0
content-type: text/html; charset=utf-8
date: Mon, 06 Jun 2022 03:46:03 GMT
server: nginx/1.22.0
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin
x-bam-build-version: 75f11a0c6cab80095b394b7093c0325845b73163
x-bam-env: release
x-robots-tag: none

GET
H2 200 / Show response
events.release.narrativ.com/api/v0/publishers/2439/pub_info/ 185 B
450 B 137ms
137ms XHR
application/json 34.192.73.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://events.release.narrativ.com/api/v0/publishers/2439/pub_info/

Requested by

Host: static.narrativ.com
URL: https://static.narrativ.com/tags/narrativ-pub.1.0.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.192.73.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-192-73-199.compute-1.amazonaws.com

Software

nginx/1.22.0 /

Resource Hash

c16fe63d5e6c3d1acc9b2aedec440d98db4ebd7ea1bdfe9f26aab74e7be91a7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Access-Control-Allow-Credentials: true
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-bam-build-version: 75f11a0c6cab80095b394b7093c0325845b73163
date: Mon, 06 Jun 2022 03:46:03 GMT
server: nginx/1.22.0
x-bam-env: release
vary: Origin
content-type: application/json
access-control-allow-origin: https://screenrant.com
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-robots-tag: none
content-length: 185

GET
H2 200 b-39123b0-fa09635e.js Show response
tagan.adlightning.com/valnet/ 80 KB
30 KB 43ms
42ms Script
application/javascript 65.9.63.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/valnet/b-39123b0-fa09635e.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.63.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-63-30.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a385633f1e2fe45e65c2bc3b322d776c9bab1c9687998f764c0c83f79e2963e2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 20 Apr 2022 17:41:54 GMT
content-encoding: gzip
age: 4010650
x-cache: Hit from cloudfront
content-length: 30715
x-amz-meta-git_commit: 39123b0
last-modified: Wed, 20 Apr 2022 17:41:08 GMT
server: AmazonS3
etag: "23c27c2577b9feea80aa6027bc91763c"
x-amz-version-id: JSEd0qRkBL1UzV0q0sd2GocBv7cTMBwJ
via: 1.1 6b38a2e1db230db568190464ab7177da.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: aQuine4xmQx3IfmoBGkz2Ez-euUEdmkPa83GOTQU35qRPZDIDEDxvg==

GET
H2 200 bl-c5c1c29-a98a0826.js Show response
tagan.adlightning.com/valnet/ 121 KB
37 KB 54ms
54ms Script
application/javascript 65.9.63.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/valnet/bl-c5c1c29-a98a0826.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.63.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-63-30.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c306e0eb185c26a5e849c2ae76abe8f1b9213d37cc6d652be1f302ad202ebe52

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 02 May 2022 00:04:42 GMT
content-encoding: gzip
age: 3037282
x-cache: Hit from cloudfront
content-length: 37538
x-amz-meta-git_commit: c5c1c29
last-modified: Mon, 25 Apr 2022 05:15:16 GMT
server: AmazonS3
etag: "9fefdc0783e190fc1e946b0909160db2"
x-amz-version-id: 4RaFjBiS4fZmVSTgQh74_Oy_vxoIu4XS
via: 1.1 6b38a2e1db230db568190464ab7177da.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: RujlvsrKQTSLCXzBAolQ3KM6MqLHugzcpQJmEz2mxs1kvuKdieTFkA==

GET
H2 200 rid Show response
match.adsrvr.org/track/ 63 B
389 B 174ms
55ms XHR
application/json 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=casale&fmt=json&p=184735&gdpr=0
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184735-252190346293640.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 9bc16da6242423453287d1d88a7a5cbacf5fc3e87cd405f9cae6309b73159877

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://screenrant.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 63
expires: Wed, 06 Jul 2022 03:46:03 GMT

GET
H3 200 Bobs-burgers-movie-detail-that-should-change-the-show-1.jpg
static0.srcdn.com/wordpress/wp-content/uploads/2022/06/ 17 KB
18 KB 44ms
44ms Image
image/jpeg 2606:4700:10::ac43:25aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static0.srcdn.com/wordpress/wp-content/uploads/2022/06/Bobs-burgers-movie-detail-that-should-change-the-show-1.jpg?q=50&fit=crop&w=320&h=160&dpr=1.5
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::ac43:25aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cc0443b74fe4ae9a0ec1f6415633664be6bc924b746fa736f5cd13b33eedbcaa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
cf-cache-status: HIT
age: 32059
cf-polished: degrade=85, origSize=18372, status=webp_bigger
content-disposition: inline; filename="Bobs-burgers-movie-detail-that-should-change-the-show-1.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17473
x-request-id: wYrhnUz4JUoR269OOHxRr
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: 72a916602c57a3132a2cba071cbb348549a26995852822fc0b5e00d192c52abe
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 716e28a3b9425c26-FRA
expires: Mon, 05 Jun 2023 18:31:58 GMT

GET
H2 200 performance-observer.es5.umd.min.js Show response
unpkg.com/@sumup/performance-observer@1.0.2/dist/ 6 KB
2 KB 45ms
45ms Script
application/javascript 2606:4700::6810:7aaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/@sumup/performance-observer@1.0.2/dist/performance-observer.es5.umd.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N2QHW32

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7aaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

42080e8886b0375095dd9682c2c52392d77bcf2bd60f731adb4e942901381d52

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 8422028
fly-request-id: 01FX0J185GRCGCPQZXFRK0W700-fra
content-encoding: br
vary: Accept-Encoding
last-modified: Mon, 19 Oct 2020 11:08:56 GMT
server: cloudflare
etag: W/"1654-vrqQ9smL7WjXbofodM4F8vF2DaI"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 716e28a3bf6b9107-FRA

POST
H2 200 publisher:getClientId Show response
ampcid.google.com/v1/ 74 B
531 B 148ms
45ms XHR
application/json 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://screenrant.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 94
x-xss-protection: 0

GET
H2 200 iab_consent_sdk.v1.0.js Show response
live.primis.tech/content/ClientDetections/ Frame 8808 19 KB
6 KB 49ms
48ms Script
application/javascript 2600:9000:2156:ea00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/content/ClientDetections/iab_consent_sdk.v1.0.js
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=108508&subId=[SR-Reg-Org]&x=600&y=338&cbuster=1654487163&pubUrlAuto=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&isDoublePreroll=1&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ea00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: a3336e3373c170b40764f5a62d121335bec4243b0034e561937194dfe2e413fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
content-encoding: gzip
last-modified: Wed, 12 Feb 2020 15:01:36 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
etag: W/"5e441350-4be0"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 632ee301c4920b52f2463aa9e978c57e.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public
x-amz-cf-id: D3xk48jNpkQcte9os4vRYQzIGTRkFHQYCVHF74JOa3TBcvdXqx5yoQ==
expires: Tue, 06 Jun 2023 03:46:03 GMT

GET
H2 200 DetectGDPR2.v1.1.js Show response
live.primis.tech/content/ClientDetections/ Frame 8808 9 KB
3 KB 50ms
49ms Script
application/javascript 2600:9000:2156:ea00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/content/ClientDetections/DetectGDPR2.v1.1.js
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=108508&subId=[SR-Reg-Org]&x=600&y=338&cbuster=1654487163&pubUrlAuto=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&isDoublePreroll=1&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ea00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 154212eb976f7df7c79f5844fcb356740bcb6c51edacb2e8515108e2d7effa67

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
content-encoding: gzip
last-modified: Thu, 11 Feb 2021 09:45:48 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
etag: W/"6024fccc-228f"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 632ee301c4920b52f2463aa9e978c57e.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public
x-amz-cf-id: DlDzRRqty5FIk9XT73KZFakwMpaqQSk36ppdyN_ILnR2qjP3KddK0g==
expires: Tue, 06 Jun 2023 03:46:03 GMT

GET
H2 200 DetectGDPR.v1.1.js Show response
live.primis.tech/content/ClientDetections/ Frame 8808 8 KB
3 KB 52ms
51ms Script
application/javascript 2600:9000:2156:ea00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/content/ClientDetections/DetectGDPR.v1.1.js
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=108508&subId=[SR-Reg-Org]&x=600&y=338&cbuster=1654487163&pubUrlAuto=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&isDoublePreroll=1&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ea00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5bb08412d18881e3fc69fdb44226bfc6f66a77d45dfff3f10b98a100c09bc970

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
content-encoding: gzip
last-modified: Thu, 11 Feb 2021 09:45:48 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
etag: W/"6024fccc-1ef8"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 632ee301c4920b52f2463aa9e978c57e.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public
x-amz-cf-id: CqYXJOZaFoOIrSjXs3oj3MYf-w___UylE440MJtoeQ_y4hBWGQ_Uzw==
expires: Tue, 06 Jun 2023 03:46:03 GMT

GET
H2 200 hls.0.12.4_3.min.js Show response
live.primis.tech/content/video/hls/ Frame 8808 258 KB
72 KB 51ms
50ms Script
application/javascript 2600:9000:2156:ea00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/content/video/hls/hls.0.12.4_3.min.js
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=108508&subId=[SR-Reg-Org]&x=600&y=338&cbuster=1654487163&pubUrlAuto=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&isDoublePreroll=1&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ea00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: a20010b26bce05ea3cfc83cf3a162b7c16b5d2fa2bcf2253b0394b0eb322347a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:02 GMT
content-encoding: gzip
last-modified: Wed, 23 Mar 2022 12:48:36 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
etag: W/"623b1724-409bc"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 632ee301c4920b52f2463aa9e978c57e.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public
x-amz-cf-id: hv6HI4GimwddrI60Y1W0U5xFFL590_NiZ1q4xgohjD0U20uo3BdbWg==
expires: Tue, 06 Jun 2023 03:46:02 GMT

GET
H2 200 prebidVid.6.18.0_5.min.js Show response
live.primis.tech/content/prebid/ Frame 8808 458 KB
138 KB 50ms
49ms Script
application/javascript 2600:9000:2156:ea00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/content/prebid/prebidVid.6.18.0_5.min.js
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=108508&subId=[SR-Reg-Org]&x=600&y=338&cbuster=1654487163&pubUrlAuto=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&isDoublePreroll=1&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ea00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 038817395a0cb1971b5fcc8692109728e062490a435da27adac9702f0bf52f76

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
content-encoding: gzip
last-modified: Sun, 22 May 2022 11:31:24 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
etag: W/"628a1f0c-7279a"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 632ee301c4920b52f2463aa9e978c57e.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public
x-amz-cf-id: gLA4WXrseJ0D0bpKsJOLRLl3uyxRwKu_O-0qCFU6xLUCrO4Wdjpt8g==
expires: Tue, 06 Jun 2023 03:46:03 GMT

GET
H2 200 liveVideo.php Show response
live.primis.tech/live/ Frame 8808 542 KB
542 KB 131ms
130ms Script
text/html 2600:9000:2156:ea00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30362D30365F30367D7B7331363735303030327D7B4335377D7B5363334974636D566E4C5739795A31397A59334A6C5A573579595735304C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583630307D7B593333387D7B66317D7B4C31313434347DFEFE&userIpAddr=2a01%3A4a0%3A1338%3A92%3A%3A10&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F102.0.5005.61+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=5&sdkv=&isSinglePageFloatSupport=0&csuuid=629d787b41c87&debugInfo=16750002_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=16750002&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2a52pqmrtyjz&secondaryContent=&x=600&y=338&pubUrl=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=0&flow_bottomOffset=0&impGap=1&flow_width=340&flow_height=192&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.2993&geoLong=9.491&vpTemplate=11444&flowMode=seenboth&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=sr-reg-org_screenrant.com
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=108508&subId=[SR-Reg-Org]&x=600&y=338&cbuster=1654487163&pubUrlAuto=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&isDoublePreroll=1&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ea00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: f7f3794df7ed786c86dde78f81c48bb895f08ff6cf1f55c054f7d3a2282493da

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
via: 1.1 632ee301c4920b52f2463aa9e978c57e.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: 98Ua91iPI1BcDFLson_eDOtkx13CS1OZv6gLaWZJ_hBmXTYvxv9BNQ==
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8

GET
H2 200 acv.json Show response
aloofvest.com/ 210 KB
46 KB 132ms
49ms Fetch
application/json 35.190.74.49
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://aloofvest.com/acv.json

Requested by

Host: aloofvest.com
URL: https://aloofvest.com/v2ici-GreEooOb39MzUWkIYDjUpMATVprWlVca_jlOajlnF7Q2YBLh0j4FOUXtl6T

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.74.49 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

49.74.190.35.bc.googleusercontent.com

Software

Resource Hash

6e75948ee66bf6e7da9235ee5cecbda03fa7f592a3f08193757202be43d6cb38

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
last-modified: Tue, 03 May 2022 19:59:06 GMT
x-datacenter: gce-europe-west1
date: Mon, 06 Jun 2022 03:46:03 GMT
vary: Accept-Encoding, Origin
x-hostname: fen-hoothoot-europe-west1-fhcq
content-type: application/json
access-control-allow-origin: https://screenrant.com
access-control-allow-credentials: true
access-control-allow-methods: POST, OPTIONS
x-buildnumber: 541459873
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
accept-ranges: bytes

GET
H2 200 skeleton.gif
static.adsafeprotected.com/ 43 B
483 B 147ms
38ms Image
image/gif 2600:9000:2156:3600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:3600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 16:14:35 GMT
via: 1.1 9128c49d19c76fd86ec4c647434ccb0a.cloudfront.net (CloudFront)
age: 26220689
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
cache-control: max-age=315360000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-type: image/gif
x-amz-cf-id: 6CPxjZylXwTThhfFhtOMAJc3huhF39vArEhQ2sLYSv4bqPtQxRpbEg==

GET
H2 200 pubads_impl_2022053101.js Show response
securepubads.g.doubleclick.net/gpt/ 366 KB
125 KB 139ms
36ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022053101.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

sffe /

Resource Hash

f7a0dbff813bc7c5605b8a86f87c6aaf78793b501ad00953f5fe4fc3beee65e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Sun, 05 Jun 2022 20:35:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25831
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127016
x-xss-protection: 0
last-modified: Tue, 31 May 2022 08:34:15 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 05 Jun 2023 20:35:32 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 403 B
806 B 148ms
46ms XHR
application/json 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=screenrant.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

e7fe490839fba49ee38d30ec62ccf4ad6f0be68d8c47a51b1acd008b220effd5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 06 Jun 2022 03:46:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Mon, 06 Jun 2022 03:46:03 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
297 B 120ms
37ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=822150531210883&ev=fb_page_view&dl=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&rl=&if=false&ts=1654487163536&sw=1600&sh=1200&at=

Requested by

Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Mon, 06 Jun 2022 03:46:03 GMT

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 2 KB
2 KB 132ms
131ms XHR
application/json 108.138.4.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=3741&u=https%3A%2F%2Fscreenrant.com
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.4.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-4-10.fra56.r.cloudfront.net
Software: Server /
Resource Hash: 8b51fff4ef0d655c6f08650b81a835b8521a4179b08118d34c2938f2a1fb6c00

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
via: 1.1 22ec86e3f4ec676e17ef8eea76eefba2.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://screenrant.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 1975
x-amz-cf-id: 4-3zjVfC8blaaQNhRvl0Lb50GtG4Pgaiko2zhH4Im44HMGKgUN30TQ==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 111ms
36ms XHR
application/javascript 108.138.4.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.4.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-4-10.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Sun, 05 Jun 2022 05:05:16 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin
age: 81648
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Thu, 02 Jun 2022 00:57:09 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-version-id: rJc1WQUAqhvSMPW5pAnZljyS35FriyaP
via: 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA56-P6
content-type: application/javascript
x-amz-cf-id: iVscItRMxFH_QppJzS5NN1-SQfS19gg_OSpewChOei7PA7JKoblEDA==

GET
H3 200 297467373958238 Show response
connect.facebook.net/signals/config/ 305 KB
87 KB 39ms
38ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/297467373958238?v=2.9.61&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2179307b3f0f1a14584e3c3bca37baaccdf0f4dd469483df5404c32bb59ef9f6

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 88744
x-xss-protection: 0
pragma: public
x-fb-debug: dOznQJUwilLaAvR40FAA+Yn+UcWUL4Hds5D3T1h8biGJRwZw51KUmEcfpCgGkPZhOe0JPcCGOg8vno9akuOBlg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 06 Jun 2022 03:46:03 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H/1.1 200
OK ping Show response
api.viglink.com/api/ 242 B
689 B 254ms
60ms XHR
text/javascript 34.250.21.211
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viglink.com/api/ping
Requested by: Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.250.21.211 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-250-21-211.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: 77a3c182a3a1a4a092a2fcc719138a4526d40351d4e5553c6bedbe9d30dbc680

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Mon, 06 Jun 2022 03:46:03 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://screenrant.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 242
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H/1.1 200
OK cookie_sync Show response
mbid.marfeelrev.com/ Frame 60F9 1 KB
804 B 44ms
44ms XHR
application/json 148.251.135.181
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://mbid.marfeelrev.com/cookie_sync
Requested by: Host: mbid.marfeelrev.com
URL: https://mbid.marfeelrev.com/static/cookie-sync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 148.251.135.181 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.181.135.251.148.clients.your-server.de
Software: istio-envoy /
Resource Hash: 7cdbcbd9038cdf89efa9a53d9eeaf89a2fc0629baa2c32268a7b0eda97849d06

Request headers

Referer: https://mbid.marfeelrev.com/static/cookie-sync.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:03 GMT
content-encoding: gzip
server: istio-envoy
content-type: application/json
access-control-allow-origin: https://mbid.marfeelrev.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
content-length: 436
expires: 0

POST
H2 200 publisher:getClientId Show response
ampcid.google.de/v1/ 3 B
460 B 153ms
45ms XHR
application/json 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.de/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 06 Jun 2022 03:46:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://screenrant.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 23
x-xss-protection: 0

GET
H2 200 ats.js Show response
ats.rlcdn.com/ 109 KB
38 KB 142ms
44ms Script
application/x-javascript 143.204.98.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ats.rlcdn.com/ats.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-49.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4b05d7f4339a505c65d2fcb1b21addd2a13a0c155ddf7ca766d1e7203b2b6cae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-version-id: qhkEQKrW4Gg_gxbK41emvSsDXWYdvDMl
content-encoding: gzip
etag: W/"148e21f812b555a13b2a9c6b616141f4"
age: 6496
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:469675294282:build/ATSLibrary-prod:598424ed-c6de-48e8-8068-45662e39c3ce
x-cache: Hit from cloudfront
x-amz-meta-codebuild-content-md5: 58acf9e97c03c481f490be71338f7f57
last-modified: Tue, 17 May 2022 11:35:33 GMT
server: AmazonS3
date: Mon, 06 Jun 2022 01:57:49 GMT
vary: Accept-Encoding
x-amz-meta-codebuild-content-sha256: 57180e34d853b9e6be67670dae22a049fb237e6bca37c60f7ba138272a8487cc
via: 1.1 009e5e3e32afcd1d135a7234c9da5520.cloudfront.net (CloudFront)
cache-control: must-revalidate,public,max-age=86400
x-amz-cf-pop: FRA50-C1
content-type: application/x-javascript
x-amz-cf-id: En-U_HGjYnJ5SW158nKOOWGgRlBAX7Rvqy1oYq7rpskm1sDXv6oU3A==

GET
H2 200 pubcid.min.js Show response
secure.cdn.fastclick.net/js/pubcid/latest/ 53 KB
17 KB 134ms
38ms Script
application/javascript 104.89.31.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.31.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-31-187.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:04 GMT
content-encoding: gzip
last-modified: Tue, 01 Jun 2021 17:06:57 GMT
server: Apache
etag: "d398-5c3b75e9ebb41-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 17087
expires: Mon, 06 Jun 2022 04:01:04 GMT

GET
H2 200 269 Show response
id.halo.ad.gt/api/v1/partner/ 52 KB
10 KB 633ms
200ms Script
text/javascript 44.239.82.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://id.halo.ad.gt/api/v1/partner/269?url=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&ref=&_it=amazon
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.239.82.163 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-82-163.us-west-2.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: 6dcb0c0071641df39ead02cf283ce592b99250a391b2ba69785e007150e2fc84

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:04 GMT
content-encoding: gzip
origin-trial
server: nginx/1.20.0
content-type: text/javascript; charset=UTF-8

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ 40 KB
11 KB 185ms
78ms Script
text/javascript 46.105.202.126
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

46.105.202.126 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

9476350068dbd8b61373906f6d9dba49ed31ed5d64d6ee2d48da082c44a447dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:34:25 GMT
content-encoding: br
x-cacheable: Matched cache
x-cdn-pop-ip: 137.74.120.0/27
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: text/javascript;charset=utf-8
cache-control: max-age=3600
x-cdn-pop: sbg
content-disposition: attachment;filename="id5-api.js"
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes
content-length: 11181
x-request-id: 791414003

GET
H/1.1 200
OK sync.js Show response
api.viglink.com/api/ 43 B
390 B 56ms
56ms Script
image/gif 34.250.21.211
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viglink.com/api/sync.js?key=df10cab76273c1045e8e961336f37c82&ccpaConsent=1---
Requested by: Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.250.21.211 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-250-21-211.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: b6d018729b6cc00b3732df6a76d2d350e205062eac8b2e6ac254db938eeab31b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 06 Jun 2022 03:46:03 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Cache-Control: no-cache, no-store
Connection: keep-alive
Content-Type: image/gif;charset=UTF-8
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK sync.gif
api.viglink.com/api/ 43 B
390 B 165ms
58ms Image
image/gif 34.250.21.211
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.viglink.com/api/sync.gif?key=df10cab76273c1045e8e961336f37c82&ccpaConsent=1---
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.250.21.211 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-250-21-211.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 06 Jun 2022 03:46:03 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Cache-Control: no-cache, no-store
Connection: keep-alive
Content-Type: image/gif;charset=UTF-8
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK usermatchredir
ssum.casalemedia.com/ Frame 60F9 43 B
315 B 235ms
75ms Image
image/gif 104.102.29.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum.casalemedia.com/usermatchredir?s=193424&cb=
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.102.29.65 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-102-29-65.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mbid.marfeelrev.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 06 Jun 2022 03:46:04 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Mon, 06 Jun 2022 03:46:04 GMT

GET
H2 200 session.html Show response
events.release.narrativ.com/api/v0/ Frame D7E2 713 B
1 KB 376ms
129ms Document
text/html 34.192.73.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://events.release.narrativ.com/api/v0/session.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.192.73.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-192-73-199.compute-1.amazonaws.com

Software

nginx/1.22.0 /

Resource Hash

974dc9c26127eb2cda9916d37a1403314652ee8d5fdb5386e55c85b74e2744ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
cache-control: private, max-age=7776000, must-revalidate, proxy-revalidate
content-length: 713
content-type: text/html; charset=utf-8
date: Mon, 06 Jun 2022 03:46:04 GMT
server: nginx/1.22.0
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-bam-build-version: 75f11a0c6cab80095b394b7093c0325845b73163
x-bam-env: release
x-robots-tag: none

POST
H/1.1 200
OK domains Show response
api.viglink.com/api/ 41 B
487 B 71ms
57ms XHR
text/javascript 34.250.21.211
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viglink.com/api/domains
Requested by: Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.250.21.211 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-250-21-211.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: 965cd705447b25221feb2fbc6f25a00b4e881fcd354c9b97c94cf750dc833f00

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Mon, 06 Jun 2022 03:46:03 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://screenrant.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 41
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 451 identity Show response
api.rlcdn.com/api/ 44 B
359 B 142ms
47ms XHR
text/plain 34.120.133.55
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.rlcdn.com/api/identity?pid=2&rt=envelope

Requested by

Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184735-252190346293640.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.133.55 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

55.133.120.34.bc.googleusercontent.com

Software

Resource Hash

da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Mon, 06 Jun 2022 03:46:04 GMT
via: 1.1 google
x-content-type-options: nosniff
access-control-allow-headers: Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
access-control-allow-methods: GET, OPTIONS
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://screenrant.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 78ms
37ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=297467373958238&ev=PageView&dl=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&rl=&if=false&ts=1654487164232&sw=1600&sh=1200&v=2.9.61&r=stable&ec=0&o=30&fbp=fb.1.1654487164231.1187602872&it=1654487163551&coo=false&rqm=GET

Requested by

Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:04 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Mon, 06 Jun 2022 03:46:04 GMT

GET
H2 200 primisslate.css
live.primis.tech/content/video/css/ 18 KB
18 KB 48ms
48ms Stylesheet
text/css 2600:9000:2156:ea00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/content/video/css/primisslate.css
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ea00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 616f41fbbcf44ba72bb9c97132871526164c81d78f56a15e04ece1a44eb5606a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:03 GMT
via: 1.1 632ee301c4920b52f2463aa9e978c57e.cloudfront.net (CloudFront)
last-modified: Wed, 09 Feb 2022 07:06:30 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
etag: "620367f6-465a"
x-cache: Miss from cloudfront
content-type: text/css
accept-ranges: bytes
content-length: 18010
x-amz-cf-id: D4BRBza8je3IAmnSErfPMcsr2LEWemEkSme17cuMDyEg3kd4G5expw==

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame 8808 134 KB
37 KB 40ms
40ms Script
application/javascript 108.138.4.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30362D30365F30367D7B7331363735303030327D7B4335377D7B5363334974636D566E4C5739795A31397A59334A6C5A573579595735304C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583630307D7B593333387D7B66317D7B4C31313434347DFEFE&userIpAddr=2a01%3A4a0%3A1338%3A92%3A%3A10&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F102.0.5005.61+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=5&sdkv=&isSinglePageFloatSupport=0&csuuid=629d787b41c87&debugInfo=16750002_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=16750002&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2a52pqmrtyjz&secondaryContent=&x=600&y=338&pubUrl=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=0&flow_bottomOffset=0&impGap=1&flow_width=340&flow_height=192&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.2993&geoLong=9.491&vpTemplate=11444&flowMode=seenboth&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=sr-reg-org_screenrant.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.4.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-4-10.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1eabadac42cf734244db7ffc1ccbe12580ef8574ca267ca2f106439d9eb6169e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Mon, 06 Jun 2022 03:33:10 GMT
via: 1.1 ec1ac21acdbd36c971eca9d6b61d0744.cloudfront.net (CloudFront), 1.1 22ec86e3f4ec676e17ef8eea76eefba2.cloudfront.net (CloudFront)
last-modified: Tue, 24 May 2022 19:53:04 GMT
server: AmazonS3
age: 775
etag: W/"cc07895b7b7c30a55c948b849ccd5e56"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-pop: FRA60-P1, FRA56-P6
content-encoding: gzip
x-amz-cf-id: TXBNki_qwwQylHb4-cwEf534nPKgYyMA2TVrfvsiEZUlA3ytc4xA8w==

GET
H2 200 css
fonts.googleapis.com/ 1 KB
934 B 128ms
45ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins&display=swap

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0dabde244ca54751439b42b2bc6754887cf48d7d13835c2ed1fa37b253a4731a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 06 Jun 2022 03:18:53 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 06 Jun 2022 03:46:04 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 06 Jun 2022 03:46:04 GMT

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame D594 15 KB
6 KB 573ms
45ms Document
text/html 104.102.28.254
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D629d787b41c87%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D1%26gdpr_consent%3D
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.102.28.254 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-102-28-254.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=94159
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Mon, 06 Jun 2022 03:46:04 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Tue, 07 Jun 2022 05:55:23 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache/2.2.15 (CentOS)
vary: Accept-Encoding

GET
H2

200

liveCS.php Show response
live.primis.tech/live/ Frame 26E7
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D629d787b41c87%26pixel%3D%26advId%3D94%26advUuid%3D%24...
https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D629d787b41c87%26pixel%3D%26advId%3D94%26advUuid%3D%24...
https://live.primis.tech/live/liveCS.php?source=external&csuuid=629d787b41c87&pixel=&advId=94&advUuid=30bc066e-e54b-11ec-ab35-1d21b9eb0106

0
332 B

50ms
50ms

Document
text/html

2600:9000:2156:ea00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveCS.php?source=external&csuuid=629d787b41c87&pixel=&advId=94&advUuid=30bc066e-e54b-11ec-ab35-1d21b9eb0106
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ea00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 0
cache-control: no-store
content-type: text/html; charset=utf-8
date: Mon, 06 Jun 2022 03:46:03 GMT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
pragma: no-cache
server: nginx
via: 1.1 632ee301c4920b52f2463aa9e978c57e.cloudfront.net (CloudFront)
x-amz-cf-id: V58f5ipMagh4UqcBVRULOSc-RPby7rzh5J-_T1pwJghZXEI3KEACPg==
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront

Redirect headers

Access-Control-Allow-Credentials: false
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Connection: keep-alive
Content-Length: 0
Content-Type: text/plain
Date: Mon, 06 Jun 2022 03:46:04 GMT
Location: https://live.primis.tech/live/liveCS.php?source=external&csuuid=629d787b41c87&pixel=&advId=94&advUuid=30bc066e-e54b-11ec-ab35-1d21b9eb0106
Server: nginx
X-fe: 129

GET
H2 200 cm Show response
u.openx.net/w/1.0/ Frame BD6D 43 B
305 B 152ms
55ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/cm?id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D629d787b41c87%26pixel%3D%26advId%3D98%26advUuid%3D
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/eecec1e /
Resource Hash: e963e7196beb9123059ec3534b042ebcd1ef0a470fa568bfbebfeab2f33c4fda

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-length: 56
content-type: text/html
date: Mon, 06 Jun 2022 03:46:04 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
pragma: no-cache
server: OXGW/eecec1e
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H/1.1 200
OK sync.html Show response
s.console.adtarget.com.tr/ Frame 56E8 2 KB
1 KB 749ms
112ms Document
text/html 23.227.146.18
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.227.146.18 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: Adtelligent /
Resource Hash: 5905fde036a5a7b3bc26d73a9c421c8796b0b02a85bf68c221d10f732b5b3474

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://screenrant.com
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 791
Content-Type: text/html; charset=UTF-8
Date: Mon, 06 Jun 2022 03:46:04 GMT
Server: Adtelligent
X-Robots-Tag: noindex

GET
H2 200 liveView.php Show response
live.primis.tech/live/ Frame 8808 41 KB
6 KB 69ms
68ms XHR
application/json 2600:9000:2156:ea00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0jJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMTxyMxZ2nWRyolUlRaVmZXJmJTJGY29hqzVlqGVxJTJGMmA4NmUyMxZ2nWRyo182MTuuMzE4MGFzNmp3NDtmOTQkMDY2JTJGqzyxNwI0ZwE5MDuuOTx5ZDIkOTA3NwpmNC5gpDQyM0Z0o2fyM0Ryq29aSUNBZ0ygRaNnrUx2SUNKSVV6STFOnUymQ2yBZ0yDQWyxSGk3SWciZ0yepFuWQ0yLZyEhZXqiZ0yDQWqJoWk6Y3yJNxyDSyFwoWk0YVuNnUkBo2qJQ0FaSW5OMVycSTZJQ0y2ZFuCp2IlRzgwrTydYzcFNUjmWaBnR1Z2TDNWrycYSacMMx52Yz5noGNhUzknQmu6TURaM05TOTJuV1JfYwE4Mx1UnGuNoUU0TUqGoU56YmNORGq6T1RRrE1EWTJMM1cjWxRZrU5HWXuPVEE0WVReNU9XUXyNVGg3TacZM016UXVvWEEjSWy3S0yDQWqJQ0c1WW1ZnU9cQXuOnyUjTxRZrU9EQXqMQW9aSUNBZ0ygVwRwQ0x2SURFMx5UUTFORGg5TURBS2ZRLyRFq3NZUU1YSGkOQWVXNGVupTFeqab2rx8kYmRkn0gPSG52VTZXQUNirTtzqzyxX2NioaRyoaRsnWQ9MwE1OTp2NlZ2nWRsY29hqGVhqF9xZXNwPUJynGyhZCgUnGUeU3R1oaRmK09zK1RipCgHqW4yM0EeTWF2ZXJcY2fzqzyxX2NioaRyoaRsqGy0oGU9QzVbnW5xK1RbZSgTqHVhqHMeT2YeVG9jK0q1ovUmQSgNYXZypzywnlZ2nWRsY29hqGVhqF9xqXJuqGyiow02MTMzZGVvqWqJozZipz1uqGyiow0zrD02MDAzrT0mMmtzpHVvVXJfPWu0qHBmJTNBJTJGJTJGp2NlZWVhpzFhqC5wo20yMxZmnGFln2JiqC1gYWk3YXJyLWFhZHJinWQgYXBjpl1wpzVxZW50nWFfpl1vYW5enW5aLWyhZz9loWF0nW9hJTJGJaJcPTZDNwx3NwY1NTM3NDYkNmQ3MmqDNmM2QwMkN0I1NDMjN0Q3QwY0MmImMDMlMmIlRDMjMmYlRDMjMmY1RwMjMmY3RDqCNmMmMTM2MmpmNTMjMmAmMDMlN0Q3QwQmMmUmNmqEN0I1MmYmMmM0OTp0NwM2RDU2NxU0QmU3Mmx3OTVBMmEmOTqBNTxmMmRBNxM1QTU3MmU3OTU5NTpmNTMjNEM2RDRFNmY2MwUkM0QmRDqEN0I2MwYmNwt3MwZGNxQ2NTqEN0I3MTY0NwU3MmZCNmQ2RwpjN0Q3QwZGNmp2OTZFNwQ2Rwp3NmM3RDqCNTtmNwMjMmA3RDqCNTxmMmMmMmt3RDqCNwYmMTqEN0I0QmMkMmEmNDM0MmQ3REZFRxUznXNBpHA9MCZmZGg2PSZaZW9MYXRcPTUkLwI5OTMzZ2ViTG9hZm05LwQ5MSZ1p2VlSXBBZGRlPTJuMDEyM0E0YTAyM0EkMmM4JTNBOTIyM0EyM0EkMCZ1p2VlVUE9TW96nWkfYSUlRwUhMCfyMwuXnW5xo3qmK05UKmEjLwAyM0IeV2yhNwQyM0IerDY0JTI5K0FjpGkyV2VvS2y0JTJGNTM3LwM2KlUlOEgIVE1MJTJDK2kcn2UeR2Vwn28yMwxeQ2ulo21yJTJGMTAlLwAhNTAjNS42MSgTYWZupzxyMxY1MmphMmYzpGkurWVlQXBcSWQ9JzNmqXVcZD02MwyxNmt3YwQkYmt3JzNvqXN0ZXI9MTY1NDQ4NmE2NDI3NvZaZHBlPTEzZ2RjpxNioaNyoaQ9JzymV2VQYXNmR2Rjpw0j
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30362D30365F30367D7B7331363735303030327D7B4335377D7B5363334974636D566E4C5739795A31397A59334A6C5A573579595735304C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583630307D7B593333387D7B66317D7B4C31313434347DFEFE&userIpAddr=2a01%3A4a0%3A1338%3A92%3A%3A10&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F102.0.5005.61+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=5&sdkv=&isSinglePageFloatSupport=0&csuuid=629d787b41c87&debugInfo=16750002_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=16750002&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2a52pqmrtyjz&secondaryContent=&x=600&y=338&pubUrl=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=0&flow_bottomOffset=0&impGap=1&flow_width=340&flow_height=192&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.2993&geoLong=9.491&vpTemplate=11444&flowMode=seenboth&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=sr-reg-org_screenrant.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ea00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 827b04a20e0b466a9f9517cf52a03793378a102898adfdebf881838ed6b129af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:04 GMT
content-encoding: gzip
server: nginx
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://screenrant.com
cache-control: no-store
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/json; charset=utf-8
content-length: 5907
via: 1.1 632ee301c4920b52f2463aa9e978c57e.cloudfront.net (CloudFront)
x-amz-cf-id: iCAPMkWKp4c037nDdQWnFS2RWENjlJz577NF_GZ08cj6FqKjUMTLOg==

GET
H2 200 logo_11444.png
video.primis.tech/uploads/video/users/logo/30875/ 18 KB
18 KB 146ms
38ms Image
image/png 2600:9000:2156:ec00:1:6448:6d00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://video.primis.tech/uploads/video/users/logo/30875/logo_11444.png?cbuster=1631182385
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ec00:1:6448:6d00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 7b6a77d9b4812f2cb80e6b9be02ac8c383911b010c4c95b8ec053fb62910e413

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Sun, 05 Jun 2022 04:20:26 GMT
via: 1.1 ca8cb14c76df16342491237cea8cfed6.cloudfront.net (CloudFront), 1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
last-modified: Thu, 09 Sep 2021 10:13:05 GMT
server: nginx
age: 84337
etag: "de86d20e0052f2f0ab0aa65b3e4928ab"
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: FRA60-P3, FRA50-C1
accept-ranges: bytes
content-length: 18021
x-amz-cf-id: c7wnPiwER3YSENKG3NMyGu5l3562jB_wdUXeMv5CbehWXHdwQn6oZw==
expires: Mon, 06 Jun 2022 04:20:26 GMT

GET
H2 200 liveView.php
live.primis.tech/live/ 0
355 B 72ms
69ms Image
text/html 2600:9000:2156:ea00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveView.php?hash=ozcmPTEznXRiPTEzqzyxX2V2ZW50PTUjJaNypaZypyRcoWU9MTY1NDQ4NmE2MlZ2nWRspGkurWVlVzVlPTMhMS4jJaM9MTA4NTA4JaN0YT0jJat9NwAjJax9MmM4JaZcZF9jYXNmRG9gYWyhPXNwpzVyoaJuoaQhY29gJaN1YxyxPXNlLXJyZl1ipzqsp2NlZWVhpzFhqC5wo20zZGVvqWqJozZipz1uqGyiow0znXNBpHA9MCZmZGg2PSZlnT02QmY5NmY2NTUmNmQ2MTp0NmM3QmpmNxImMTqCNTQmMDqEN0I2NDMlMmAmMwMlMxQmMDM2MxQmMDM2NUYmMDM2N0Q3QwpmMmEmNwM3MmUmMDMjMmAmMwqEN0I0MmM1Mmp3RDqCNTM2MmMmNDx3NDYmNxQ1NwZFNEM1NmM5Nmx1QTMkMmx3QTU5MmM0QTZDNUE1NmM1Nmx1OTU3MmUmMDRDNxQ0RTp2NwI1MTNEM0Q3RDqCNwI2MmY4NmI2RwZENwU3RDqCNmE2NDY1NmM2Qwp0NxY3MDqEN0I2Rwp3Nwx2RTY0NxY3NmpmN0Q3QwU4MmYmMDMjN0Q3QwU5MmMmMmM4N0Q3QwY2MmE3RDqCNEMmMTMkMmQmNDM0N0RGRUZFJzRcYWyxPSZ1p2VlSXBBZGRlPTJuMDEyM0E0YTAyM0EkMmM4JTNBOTIyM0EyM0EkMCZ1p2VlVUE9TW96nWkfYSUlRwUhMCUlMCUlOFqcozRiq3MyMwBOVCUlMDEjLwAyM0IyMwBXnW42NCUmQvUlMHt2NCUlOSUlMEFjpGkyV2VvS2y0JTJGNTM3LwM2JTIjJTI4S0uUTUjyMxMyMwBfnWgyJTIjR2Vwn28yMwxyMwBDnHJioWUyMxYkMDIhMC41MDA1LwYkJTIjU2FzYXJcJTJGNTM3LwM2JzNmqXVcZD02MwyxNmt3YwQkYmt3JzNioaRyoaRGnWkySWQ9MCZgZWRcYVBfYXyMnXN0SWQ9MCZgZWRcYUkcp3RJZD0jJzqxpHI9MSZaZHBlQ29hp2VhqD0znXNXZVBup3NHZHBlPTAzY2NjYT0jJzNwpGFDo25mZW50PSZwYaVmqGVlPTE2NTQ0ODpkNwQlNTxzqWyxPVNyn2yhZG9TUGkurWVlNwI5ZDp4N2I4NWRvOSZjqWJVpzj9nHR0pHMyM0EyMxYyMxZmY3JyZW5lYW50LzNioSUlRaNbYXJeYz90LW1uoHqupzUgYW5xpz9cZC1upHBmLWNlZWRyoaRcYWkmLWJuozgcozpgnW5zo3JgYXRco24yMxYzZzkiYXRTqGF0qXM9ZzFfp2UzZWyxp3A9pHJyYzyx
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ea00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:03 GMT
via: 1.1 632ee301c4920b52f2463aa9e978c57e.cloudfront.net (CloudFront)
server: nginx
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-store
x-amz-cf-pop: FRA50-C1
content-type: text/html; charset=UTF-8
x-amz-cf-id: XsjpouV-okkMVElv_Klflrs1L8ehKtB6d4UlhyFAvrBRTceDPXkakA==

GET
H/1.1 200
OK sync
x.bidswitch.net/ Frame 8808 43 B
220 B 488ms
39ms Image
image/gif 54.93.141.89
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=sekindo&gdpr=1&gdpr_consent=
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.141.89 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-141-89.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Mon, 06 Jun 2022 03:46:04 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2

200

liveCS.php
live.primis.tech/live/ Frame 8808
Redirect Chain

https://csync.loopme.me/?redirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D629d787b41c87%26pixel%3D%26advId%3D93%26advUuid%3D%7Bdevice_id%7D
https://live.primis.tech/live/liveCS.php?source=external&csuuid=629d787b41c87&pixel=&advId=93&advUuid=34da2226-c797-4247-b012-872de91b2431

0
332 B

50ms
49ms

Image
text/html

2600:9000:2156:ea00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveCS.php?source=external&csuuid=629d787b41c87&pixel=&advId=93&advUuid=34da2226-c797-4247-b012-872de91b2431
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Server: 2600:9000:2156:ea00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:04 GMT
via: 1.1 632ee301c4920b52f2463aa9e978c57e.cloudfront.net (CloudFront)
server: nginx
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-store
x-amz-cf-pop: FRA50-C1
content-type: text/html; charset=utf-8
x-amz-cf-id: 6jr5o7xSHNp8QfIBiWNe-1dlRK40kFpQuXHmvM6OQVda7WlDJjm2dw==

Redirect headers

location: https://live.primis.tech/live/liveCS.php?source=external&csuuid=629d787b41c87&pixel=&advId=93&advUuid=34da2226-c797-4247-b012-872de91b2431
date: Mon, 06 Jun 2022 03:46:04 GMT
server: _
content-length: 0

GET
H2

200

liveCS.php
live.primis.tech/live/ Frame 8808
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=192962&cb=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D629d787b41c87%26pixel%3D%26advId%3D99%26advUuid%3D
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D629d787b41c87%26pixel%3D%26advId%3D99%26advUuid%3D&s=192962&C=1
https://live.primis.tech/live/liveCS.php?source=external&csuuid=629d787b41c87&pixel=&advId=99&advUuid=Yp14fAc-l8_kJI4BXdpa1AAABF8AAAIB

0
332 B

50ms
49ms

Image
text/html

2600:9000:2156:ea00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveCS.php?source=external&csuuid=629d787b41c87&pixel=&advId=99&advUuid=Yp14fAc-l8_kJI4BXdpa1AAABF8AAAIB
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Server: 2600:9000:2156:ea00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:04 GMT
via: 1.1 632ee301c4920b52f2463aa9e978c57e.cloudfront.net (CloudFront)
server: nginx
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-store
x-amz-cf-pop: FRA50-C1
content-type: text/html; charset=utf-8
x-amz-cf-id: cbYIVpnIPf92JUhdwwhh2d1g_EtKnJQd6_Xr7i8YWJtO6LRECfw3jQ==

Redirect headers

Pragma: no-cache
Date: Mon, 06 Jun 2022 03:46:04 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://live.primis.tech/live/liveCS.php?source=external&csuuid=629d787b41c87&pixel=&advId=99&advUuid=Yp14fAc-l8_kJI4BXdpa1AAABF8AAAIB
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 334
Expires: Mon, 06 Jun 2022 03:46:04 GMT

GET
H2 200 getuid
eb2.3lift.com/ Frame 8808 37 B
140 B 133ms
41ms Image
image/gif 13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/getuid?redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3Dhttps%253A%252F%252Fsync.intentiq.com%252Fprofiles_engine%252FProfilesEngineServlet%253Fat%253D20%2526mi%253D10%2526dpi%253D259151345%2526pcid%253D%24UID%26advId%3D121%26advUuid%3D%24UID
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:04 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame 8808 0
239 B 184ms
39ms Image
image/gif 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=primis
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Content-Type: image/gif

GET
H2

200

liveCS.php
live.primis.tech/live/ Frame 8808
Redirect Chain

https://ups.analytics.yahoo.com/ups/58627/occ
https://ups.analytics.yahoo.com/ups/58627/occ?verify=true
https://live.primis.tech/live/liveCS.php?source=external&pixel=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26mi%3D10%26dpi%3D1028935272%26pcid%3Dy-.2iSXfxE2u...

0
332 B

50ms
50ms

Image
text/html

2600:9000:2156:ea00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveCS.php?source=external&pixel=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26mi%3D10%26dpi%3D1028935272%26pcid%3Dy-.2iSXfxE2uGshTlmRpg_eAGyLSlgbhmvBvyvsq8-~A&advUuid=y-.2iSXfxE2uGshTlmRpg_eAGyLSlgbhmvBvyvsq8-~A
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Server: 2600:9000:2156:ea00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:03 GMT
via: 1.1 632ee301c4920b52f2463aa9e978c57e.cloudfront.net (CloudFront)
server: nginx
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-store
x-amz-cf-pop: FRA50-C1
content-type: text/html; charset=utf-8
x-amz-cf-id: 7suxX7MhBLOUPdmd3rHWnNb8BHQTk-63jJp61Z0w2ENVWEPc1wQtkA==

Redirect headers

location: https://live.primis.tech/live/liveCS.php?source=external&pixel=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26mi%3D10%26dpi%3D1028935272%26pcid%3Dy-.2iSXfxE2uGshTlmRpg_eAGyLSlgbhmvBvyvsq8-~A&advUuid=y-.2iSXfxE2uGshTlmRpg_eAGyLSlgbhmvBvyvsq8-~A
date: Mon, 06 Jun 2022 03:46:04 GMT
server: ATS/9.1.0.46
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

liveCS.php
live.primis.tech/live/ Frame 8808
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D629d787b41c87%26pixel%3D%26advId%3D105%26advUuid%3D%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Flive.primis.tech%252Flive%252FliveCS.php%253Fsource%253Dexternal%2526csuuid%253D629d787b41c87%2526pixel%253D%2526advId%253D105%2526ad...
https://live.primis.tech/live/liveCS.php?source=external&csuuid=629d787b41c87&pixel=&advId=105&advUuid=3971180447162116942

0
332 B

50ms
50ms

Image
text/html

2600:9000:2156:ea00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveCS.php?source=external&csuuid=629d787b41c87&pixel=&advId=105&advUuid=3971180447162116942
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Server: 2600:9000:2156:ea00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:04 GMT
via: 1.1 632ee301c4920b52f2463aa9e978c57e.cloudfront.net (CloudFront)
server: nginx
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-store
x-amz-cf-pop: FRA50-C1
content-type: text/html; charset=utf-8
x-amz-cf-id: 2UZioR2Rn0wSNPULu2Tuf6ndvNSrtaHg2C3BRKAMbKYvqDPsUQ11Eg==

Redirect headers

Pragma: no-cache
Date: Mon, 06 Jun 2022 03:46:04 GMT
X-Proxy-Origin: 80.255.7.108; 80.255.7.108; 727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: e38431d5-d0a7-47f8-8207-00a6b348e67e
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://live.primis.tech/live/liveCS.php?source=external&csuuid=629d787b41c87&pixel=&advId=105&advUuid=3971180447162116942
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

verify
mb9eo.publishers.tremorhub.com/pubsync/ Frame 8808
Redirect Chain

https://mb9eo.publishers.tremorhub.com/pubsync?redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D629d787b41c87%26pixel%3Dhttps%253A%252F%252Fsync.intentiq.com%...
https://mb9eo.publishers.tremorhub.com/pubsync/verify?redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D629d787b41c87%26pixel%3Dhttps%253A%252F%252Fsync.intent...

43 B
182 B

139ms
139ms

Image
image/gif

2600:1f18:612b:4264:5a8d:94bc:2cf9:40df
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mb9eo.publishers.tremorhub.com/pubsync/verify?redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D629d787b41c87%26pixel%3Dhttps%253A%252F%252Fsync.intentiq.com%252Fprofiles_engine%252FProfilesEngineServlet%253Fat%253D20%2526mi%253D10%2526dpi%253D%2B584182936%2526pcid%253D%5Btvid%5D%26advId%3D126%26advUuid%3D%5Btvid%5D
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Server: 2600:1f18:612b:4264:5a8d:94bc:2cf9:40df Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:04 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type: image/gif

Redirect headers

location: pubsync/verify?redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D629d787b41c87%26pixel%3Dhttps%253A%252F%252Fsync.intentiq.com%252Fprofiles_engine%252FProfilesEngineServlet%253Fat%253D20%2526mi%253D10%2526dpi%253D%2B584182936%2526pcid%253D%5Btvid%5D%26advId%3D126%26advUuid%3D%5Btvid%5D
date: Mon, 06 Jun 2022 03:46:04 GMT
server: Apache-Coyote/1.1
content-length: 0
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'

GET
H2

200

liveCS.php
live.primis.tech/live/ Frame 8808
Redirect Chain

https://cs.media.net/cksync?cs=34&type=pri&ovsid=629d787b41c87&redirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D629d787b41c87%26pixel%3Dhttps%253A%252F%252...
https://live.primis.tech/live/liveCS.php?source=external&csuuid=629d787b41c87&pixel=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26mi%3D10%26dpi%3D1723987475%...

0
333 B

50ms
50ms

Image
text/html

2600:9000:2156:ea00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveCS.php?source=external&csuuid=629d787b41c87&pixel=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26mi%3D10%26dpi%3D1723987475%26pcid%3D0000EEA&advId=127&advUuid=0000EEA
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Server: 2600:9000:2156:ea00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:04 GMT
via: 1.1 632ee301c4920b52f2463aa9e978c57e.cloudfront.net (CloudFront)
server: nginx
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-store
x-amz-cf-pop: FRA50-C1
content-type: text/html; charset=utf-8
x-amz-cf-id: mUx-pmcwNMTpPO3KIyYKJ9SSCdYvxGInHOd0oZm-IZ5QDhH76Dowtg==

Redirect headers

Pragma: no-cache
Date: Mon, 06 Jun 2022 03:46:04 GMT
Server: Apache
P3P: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Location: https://live.primis.tech/live/liveCS.php?source=external&csuuid=629d787b41c87&pixel=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26mi%3D10%26dpi%3D1723987475%26pcid%3D0000EEA&advId=127&advUuid=0000EEA
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html
Content-Length: 154
X-MNET-HL2: E
Expires: Mon, 06 Jun 2022 03:46:04 GMT

GET
H/1.1 204
No Content pixel
ap.lijit.com/ Frame 8808 0
277 B 143ms
43ms Image
text/plain 216.52.2.19
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/pixel?gdpr=1&gdpr_consent=&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D629d787b41c87%26pixel%3D%26advId%3D130%26advUuid%3D%24UID
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 06 Jun 2022 03:46:04 GMT
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap4ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, PUT

GET
H2 200 vid624f1908a999d219076734.jpg
video.primis.tech/uploads/cn19/video/users/converted/30875/video_618a2a80af777483941066/ 22 KB
22 KB 179ms
73ms Image
image/jpeg 2600:9000:2156:ec00:1:6448:6d00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://video.primis.tech/uploads/cn19/video/users/converted/30875/video_618a2a80af777483941066/vid624f1908a999d219076734.jpg?cbuster=1649352223
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ec00:1:6448:6d00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: ac4020b0bd2177e6f6102c8b44c52a44ea0eb7d7601255c5cb6a234ca0ec51e7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Sun, 05 Jun 2022 11:45:13 GMT
via: 1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront), 1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
last-modified: Thu, 07 Apr 2022 17:30:34 GMT
server: nginx
age: 57650
etag: "6dd270bebc0a8043e7b136e0647dd539"
x-cache: Hit from cloudfront
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: FRA60-P3, FRA50-C1
accept-ranges: bytes
content-length: 22443
x-amz-cf-id: 8YXYx4xqrvjM4LorbIt9chkp0UEWN22_Z7_1PeYrOW6n57HCxS6ONw==
expires: Mon, 06 Jun 2022 11:45:13 GMT

GET
H2 200 liveView.php Show response
live.primis.tech/live/ Frame 8808 89 KB
9 KB 100ms
100ms XHR
application/json 2600:9000:2156:ea00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0kJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMTxyMxZ2nWRyolUlRaVmZXJmJTJGY29hqzVlqGVxJTJGMmA4NmUyMxZ2nWRyo182MTuuMzE4MGFzNmp3NDtmOTQkMDY2JTJGqzyxNwI0ZwE5MDuuOTx5ZDIkOTA3NwpmNC5gpDQyM0Z0o2fyM0Ryq29aSUNBZ0ygRaNnrUx2SUNKSVV6STFOnUymQ2yBZ0yDQWyxSGk3SWciZ0yepFuWQ0yLZyEhZXqiZ0yDQWqJoWk6Y3yJNxyDSyFwoWk0YVuNnUkBo2qJQ0FaSW5OMVycSTZJQ0y2ZFuCp2IlRzgwrTydYzcFNUjmWaBnR1Z2TDNWrycYSacMMx52Yz5noGNhUzknQmu6TURaM05TOTJuV1JfYwE4Mx1UnGuNoUU0TUqGoU56YmNORGq6T1RRrE1EWTJMM1cjWxRZrU5HWXuPVEE0WVReNU9XUXyNVGg3TacZM016UXVvWEEjSWy3S0yDQWqJQ0c1WW1ZnU9cQXuOnyUjTxRZrU9EQXqMQW9aSUNBZ0ygVwRwQ0x2SURFMx5UUTFORGg5TURBS2ZRLyRFq3NZUU1YSGkOQWVXNGVupTFeqab2rx8kYmRkn0gPSG52VTZXQUNirTtzqzyxX2NioaRyoaRsnWQ9MwE1OTp2NlZ2nWRsY29hqGVhqF9xZXNwPUJynGyhZCgUnGUeU3R1oaRmK09zK1RipCgHqW4yM0EeTWF2ZXJcY2fzqzyxX2NioaRyoaRsqGy0oGU9QzVbnW5xK1RbZSgTqHVhqHMeT2YeVG9jK0q1ovUmQSgNYXZypzywnlZ2nWRsY29hqGVhqF9xqXJuqGyiow02MTMzZGVvqWqJozZipz1uqGyiow0zrD01MDAzrT0lODEzpHVvVXJfPWu0qHBmJTNBJTJGJTJGp2NlZWVhpzFhqC5wo20yMxZmnGFln2JiqC1gYWk3YXJyLWFhZHJinWQgYXBjpl1wpzVxZW50nWFfpl1vYW5enW5aLWyhZz9loWF0nW9hJTJGJaJcPTZDNwx3NwY1NTM3NDYkNmQ3MmqDNmM2QwMkN0I1NDMjN0Q3QwY0MmImMDMlMmIlRDMjMmYlRDMjMmY1RwMjMmY3RDqCNmMmMTM2MmpmNTMjMmAmMDMlN0Q3QwQmMmUmNmqEN0I1MmYmMmM0OTp0NwM2RDU2NxU0QmU3Mmx3OTVBMmEmOTqBNTxmMmRBNxM1QTU3MmU3OTU5NTpmNTMjNEM2RDRFNmY2MwUkM0QmRDqEN0I2MwYmNwt3MwZGNxQ2NTqEN0I3MTY0NwU3MmZCNmQ2RwpjN0Q3QwZGNmp2OTZFNwQ2Rwp3NmM3RDqCNTtmNwMjMmA3RDqCNTxmMmMmMmt3RDqCNwYmMTqEN0I0QmMkMmEmNDM0MmQ3REZFRxUznXNBpHA9MCZmZGg2PSZaZW9MYXRcPTUkLwI5OTMzZ2ViTG9hZm05LwQ5MSZ1p2VlSXBBZGRlPTJuMDEyM0E0YTAyM0EkMmM4JTNBOTIyM0EyM0EkMCZ1p2VlVUE9TW96nWkfYSUlRwUhMCfyMwuXnW5xo3qmK05UKmEjLwAyM0IeV2yhNwQyM0IerDY0JTI5K0FjpGkyV2VvS2y0JTJGNTM3LwM2KlUlOEgIVE1MJTJDK2kcn2UeR2Vwn28yMwxeQ2ulo21yJTJGMTAlLwAhNTAjNS42MSgTYWZupzxyMxY1MmphMmYzpGkurWVlQXBcSWQ9JzNmqXVcZD02MwyxNmt3YwQkYmt3JzNvqXN0ZXI9MTY1NDQ4NmE2NDI5MvZaZHBlPTEzZ2RjpxNioaNyoaQ9JzymV2VQYXNmR2Rjpw0j
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30362D30365F30367D7B7331363735303030327D7B4335377D7B5363334974636D566E4C5739795A31397A59334A6C5A573579595735304C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583630307D7B593333387D7B66317D7B4C31313434347DFEFE&userIpAddr=2a01%3A4a0%3A1338%3A92%3A%3A10&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F102.0.5005.61+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=5&sdkv=&isSinglePageFloatSupport=0&csuuid=629d787b41c87&debugInfo=16750002_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=16750002&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2a52pqmrtyjz&secondaryContent=&x=600&y=338&pubUrl=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=0&flow_bottomOffset=0&impGap=1&flow_width=340&flow_height=192&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.2993&geoLong=9.491&vpTemplate=11444&flowMode=seenboth&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=sr-reg-org_screenrant.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ea00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 25031a9668a00a33aed54a5d7d92ce239f78b097a212c27c24fd5937e09e4633

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:04 GMT
content-encoding: gzip
server: nginx
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://screenrant.com
cache-control: no-store
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/json; charset=utf-8
content-length: 8874
via: 1.1 632ee301c4920b52f2463aa9e978c57e.cloudfront.net (CloudFront)
x-amz-cf-id: 9u7F7II1oLNkWEJOYkUsXxH4MZPblvu2dlxH3K-NtBmOffLrgViQIQ==

GET
H2 200 liveView.php Show response
live.primis.tech/live/ Frame 8808 89 KB
9 KB 113ms
113ms XHR
application/json 2600:9000:2156:ea00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0kJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMTxyMxZ2nWRyolUlRaVmZXJmJTJGY29hqzVlqGVxJTJGMmA4NmUyMxZ2nWRyo182MTuuMzE4MGFzNmp3NDtmOTQkMDY2JTJGqzyxNwI0ZwE5MDuuOTx5ZDIkOTA3NwpmNC5gpDQyM0Z0o2fyM0Ryq29aSUNBZ0ygRaNnrUx2SUNKSVV6STFOnUymQ2yBZ0yDQWyxSGk3SWciZ0yepFuWQ0yLZyEhZXqiZ0yDQWqJoWk6Y3yJNxyDSyFwoWk0YVuNnUkBo2qJQ0FaSW5OMVycSTZJQ0y2ZFuCp2IlRzgwrTydYzcFNUjmWaBnR1Z2TDNWrycYSacMMx52Yz5noGNhUzknQmu6TURaM05TOTJuV1JfYwE4Mx1UnGuNoUU0TUqGoU56YmNORGq6T1RRrE1EWTJMM1cjWxRZrU5HWXuPVEE0WVReNU9XUXyNVGg3TacZM016UXVvWEEjSWy3S0yDQWqJQ0c1WW1ZnU9cQXuOnyUjTxRZrU9EQXqMQW9aSUNBZ0ygVwRwQ0x2SURFMx5UUTFORGg5TURBS2ZRLyRFq3NZUU1YSGkOQWVXNGVupTFeqab2rx8kYmRkn0gPSG52VTZXQUNirTtzqzyxX2NioaRyoaRsnWQ9MwE1OTp2NlZ2nWRsY29hqGVhqF9xZXNwPUJynGyhZCgUnGUeU3R1oaRmK09zK1RipCgHqW4yM0EeTWF2ZXJcY2fzqzyxX2NioaRyoaRsqGy0oGU9QzVbnW5xK1RbZSgTqHVhqHMeT2YeVG9jK0q1ovUmQSgNYXZypzywnlZ2nWRsY29hqGVhqF9xqXJuqGyiow02MTMzZGVvqWqJozZipz1uqGyiow0zrD0mNDAzrT0kOTEzpHVvVXJfPWu0qHBmJTNBJTJGJTJGp2NlZWVhpzFhqC5wo20yMxZmnGFln2JiqC1gYWk3YXJyLWFhZHJinWQgYXBjpl1wpzVxZW50nWFfpl1vYW5enW5aLWyhZz9loWF0nW9hJTJGJaJcPTZDNwx3NwY1NTM3NDYkNmQ3MmqDNmM2QwMkN0I1NDMjN0Q3QwY0MmImMDMlMmIlRDMjMmYlRDMjMmY1RwMjMmY3RDqCNmMmMTM2MmpmNTMjMmAmMDMlN0Q3QwQmMmUmNmqEN0I1MmYmMmM0OTp0NwM2RDU2NxU0QmU3Mmx3OTVBMmEmOTqBNTxmMmRBNxM1QTU3MmU3OTU5NTpmNTMjNEM2RDRFNmY2MwUkM0QmRDqEN0I2MwYmNwt3MwZGNxQ2NTqEN0I3MTY0NwU3MmZCNmQ2RwpjN0Q3QwZGNmp2OTZFNwQ2Rwp3NmM3RDqCNTtmNwMjMmA3RDqCNTxmMmMmMmt3RDqCNwYmMTqEN0I0QmMkMmEmNDM0MmQ3REZFRxUznXNBpHA9MCZmZGg2PSZaZW9MYXRcPTUkLwI5OTMzZ2ViTG9hZm05LwQ5MSZ1p2VlSXBBZGRlPTJuMDEyM0E0YTAyM0EkMmM4JTNBOTIyM0EyM0EkMCZ1p2VlVUE9TW96nWkfYSUlRwUhMCfyMwuXnW5xo3qmK05UKmEjLwAyM0IeV2yhNwQyM0IerDY0JTI5K0FjpGkyV2VvS2y0JTJGNTM3LwM2KlUlOEgIVE1MJTJDK2kcn2UeR2Vwn28yMwxeQ2ulo21yJTJGMTAlLwAhNTAjNS42MSgTYWZupzxyMxY1MmphMmYzpGkurWVlQXBcSWQ9JzNmqXVcZD02MwyxNmt3YwQkYmt3JzNvqXN0ZXI9MTY1NDQ4NmE2NDI5MlZaZHBlPTEzZ2RjpxNioaNyoaQ9JzymV2VQYXNmR2Rjpw0j
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30362D30365F30367D7B7331363735303030327D7B4335377D7B5363334974636D566E4C5739795A31397A59334A6C5A573579595735304C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583630307D7B593333387D7B66317D7B4C31313434347DFEFE&userIpAddr=2a01%3A4a0%3A1338%3A92%3A%3A10&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F102.0.5005.61+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=5&sdkv=&isSinglePageFloatSupport=0&csuuid=629d787b41c87&debugInfo=16750002_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=16750002&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2a52pqmrtyjz&secondaryContent=&x=600&y=338&pubUrl=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=0&flow_bottomOffset=0&impGap=1&flow_width=340&flow_height=192&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.2993&geoLong=9.491&vpTemplate=11444&flowMode=seenboth&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=sr-reg-org_screenrant.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ea00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: c3085bb97e7787bc30dcffce5e3d1677710d66cfbf1d203cb57549f8fc322cf5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:04 GMT
content-encoding: gzip
server: nginx
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://screenrant.com
cache-control: no-store
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/json; charset=utf-8
content-length: 8873
via: 1.1 632ee301c4920b52f2463aa9e978c57e.cloudfront.net (CloudFront)
x-amz-cf-id: 0YXv-bz91h3TH7mVbeEkQjJ6pfquAWZsIughSopxE95HzDfTAg1K3A==

GET
H2 200 liveView.php Show response
live.primis.tech/live/ Frame 8808 33 KB
5 KB 89ms
89ms XHR
application/json 2600:9000:2156:ea00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0jJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMTxyMxZ2nWRyolUlRaVmZXJmJTJGY29hqzVlqGVxJTJGMmA4NmUyMxZ2nWRyo182MTuuMzE4MGFzNmp3NDtmOTQkMDY2JTJGqzyxNwI0ZwE5MDuuOTx5ZDIkOTA3NwpmNC5gpDQyM0Z0o2fyM0Ryq29aSUNBZ0ygRaNnrUx2SUNKSVV6STFOnUymQ2yBZ0yDQWyxSGk3SWciZ0yepFuWQ0yLZyEhZXqiZ0yDQWqJoWk6Y3yJNxyDSyFwoWk0YVuNnUkBo2qJQ0FaSW5OMVycSTZJQ0y2ZFuCp2IlRzgwrTydYzcFNUjmWaBnR1Z2TDNWrycYSacMMx52Yz5noGNhUzknQmu6TURaM05TOTJuV1JfYwE4Mx1UnGuNoUU0TUqGoU56YmNORGq6T1RRrE1EWTJMM1cjWxRZrU5HWXuPVEE0WVReNU9XUXyNVGg3TacZM016UXVvWEEjSWy3S0yDQWqJQ0c1WW1ZnU9cQXuOnyUjTxRZrU9EQXqMQW9aSUNBZ0ygVwRwQ0x2SURFMx5UUTFORGg5TURBS2ZRLyRFq3NZUU1YSGkOQWVXNGVupTFeqab2rx8kYmRkn0gPSG52VTZXQUNirTtzqzyxX2NioaRyoaRsnWQ9MwE1OTp2NlZ2nWRsY29hqGVhqF9xZXNwPUJynGyhZCgUnGUeU3R1oaRmK09zK1RipCgHqW4yM0EeTWF2ZXJcY2fzqzyxX2NioaRyoaRsqGy0oGU9QzVbnW5xK1RbZSgTqHVhqHMeT2YeVG9jK0q1ovUmQSgNYXZypzywnlZ2nWRsY29hqGVhqF9xqXJuqGyiow02MTMzZGVvqWqJozZipz1uqGyiow0zrD01MDAzrT0lODEzpHVvVXJfPWu0qHBmJTNBJTJGJTJGp2NlZWVhpzFhqC5wo20yMxZmnGFln2JiqC1gYWk3YXJyLWFhZHJinWQgYXBjpl1wpzVxZW50nWFfpl1vYW5enW5aLWyhZz9loWF0nW9hJTJGJaJcPTZDNwx3NwY1NTM3NDYkNmQ3MmqDNmM2QwMkN0I1NDMjN0Q3QwY0MmImMDMlMmIlRDMjMmYlRDMjMmY1RwMjMmY3RDqCNmMmMTM2MmpmNTMjMmAmMDMlN0Q3QwQmMmUmNmqEN0I1MmYmMmM0OTp0NwM2RDU2NxU0QmU3Mmx3OTVBMmEmOTqBNTxmMmRBNxM1QTU3MmU3OTU5NTpmNTMjNEM2RDRFNmY2MwUkM0QmRDqEN0I2MwYmNwt3MwZGNxQ2NTqEN0I3MTY0NwU3MmZCNmQ2RwpjN0Q3QwZGNmp2OTZFNwQ2Rwp3NmM3RDqCNTtmNwMjMmA3RDqCNTxmMmMmMmt3RDqCNwYmMTqEN0I0QmMkMmEmNDM0MmQ3REZFRxUznXNBpHA9MCZmZGg2PSZaZW9MYXRcPTUkLwI5OTMzZ2ViTG9hZm05LwQ5MSZ1p2VlSXBBZGRlPTJuMDEyM0E0YTAyM0EkMmM4JTNBOTIyM0EyM0EkMCZ1p2VlVUE9TW96nWkfYSUlRwUhMCfyMwuXnW5xo3qmK05UKmEjLwAyM0IeV2yhNwQyM0IerDY0JTI5K0FjpGkyV2VvS2y0JTJGNTM3LwM2KlUlOEgIVE1MJTJDK2kcn2UeR2Vwn28yMwxeQ2ulo21yJTJGMTAlLwAhNTAjNS42MSgTYWZupzxyMxY1MmphMmYzpGkurWVlQXBcSWQ9JzNmqXVcZD02MwyxNmt3YwQkYmt3JzNvqXN0ZXI9MTY1NDQ4NmE2NDI5MlZaZHBlPTEzZ2RjpxNioaNyoaQ9JzymV2VQYXNmR2Rjpw0j
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30362D30365F30367D7B7331363735303030327D7B4335377D7B5363334974636D566E4C5739795A31397A59334A6C5A573579595735304C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583630307D7B593333387D7B66317D7B4C31313434347DFEFE&userIpAddr=2a01%3A4a0%3A1338%3A92%3A%3A10&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F102.0.5005.61+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=5&sdkv=&isSinglePageFloatSupport=0&csuuid=629d787b41c87&debugInfo=16750002_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=16750002&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2a52pqmrtyjz&secondaryContent=&x=600&y=338&pubUrl=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=0&flow_bottomOffset=0&impGap=1&flow_width=340&flow_height=192&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.2993&geoLong=9.491&vpTemplate=11444&flowMode=seenboth&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=sr-reg-org_screenrant.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ea00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 71584995d2225408d58e5966f23b68264153f4a15f6b39f705821915bb6c235a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:03 GMT
content-encoding: gzip
server: nginx
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://screenrant.com
cache-control: no-store
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/json; charset=utf-8
content-length: 5023
via: 1.1 632ee301c4920b52f2463aa9e978c57e.cloudfront.net (CloudFront)
x-amz-cf-id: sNT_Ow-VwUclTfbyLCkKwaBua7G9Qqv85CWDu6LPYoL-awa66kAPag==

GET
H2 200 269 Show response
id.halo.ad.gt/api/v1/partner/ 52 KB
10 KB 475ms
398ms Script
text/javascript 44.239.82.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://id.halo.ad.gt/api/v1/partner/269?sync=1&url=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F
Requested by: Host: a.ad.gt
URL: https://a.ad.gt/api/v1/u/matches/269?url=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&ref=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.239.82.163 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-82-163.us-west-2.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: db832fc70ce4ebdd701cff7078db3592642c38136733deda409ed5513d711d74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:04 GMT
content-encoding: gzip
origin-trial
server: nginx/1.20.0
content-type: text/javascript; charset=UTF-8

GET
H2 200 269 Show response
p.ad.gt/api/v1/p/ 32 KB
33 KB 629ms
206ms Script
application/javascript 34.215.170.216
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://p.ad.gt/api/v1/p/269?au_id=AU1D-0100-001654487164-X4IFXS76-OF8K
Requested by: Host: a.ad.gt
URL: https://a.ad.gt/api/v1/u/matches/269?url=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&ref=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.215.170.216 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-215-170-216.us-west-2.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: e01fb865710979ec02000f9f0b8bbdd3a8daf748e95e22ed298f64ed766ae4ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:05 GMT
last-modified: Sat, 04 Jun 2022 04:53:10 GMT
server: nginx/1.20.0
etag: "1654318390.0-33176-2713389681"
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=43200
accept-ranges: bytes
content-length: 33176
expires: Mon, 06 Jun 2022 15:46:05 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 120ms
44ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=152745762&t=pageview&_s=1&dl=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&ul=en-us&de=UTF-8&dt=Sharkbot%20Malware%20Uses%20Android%20Apps%20To%20Steal%20Credentials%20%26%20Banking%20Details&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=KEBAAEABEAQCAC~&jid=350158566&gjid=1434852240&cid=2067551132.1654487164&tid=UA-1923027-1&_gid=1657221140.1654487164&_r=1&_slc=1&cd1=5178743&cd2=kishalaya-kundu&cd3=&cd4=tech&cd5=tech&cd6=regular&cd7=0&cd8=all&cd9=&cd10=&cd11=false&cd12=native&cd13=regular-article&cd14=5178743&cd15=kishalaya-kundu&cd16=&cd17=&cd18=regular&cd19=all&cd20=false&cd21=0&cd22=false&cd23=native&cd24=desktop&cd25=80.255.7.108&cd26=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F102.0.5005.61%20Safari%2F537.36&cd27=20-24&cd28=20220407&cd29=&cd30=news&cd31=tech&cd32=%7Cprivacy%7Candroid%7C&cd33=N&cd34=showAds&cd35=false&cd36=content-all&cd38=software&cd39=News&cd40=Short-Term&z=1757413856

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:04 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://screenrant.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
geo.privacymanager.io/ 28 B
590 B 136ms
38ms Fetch
application/json 18.65.39.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.privacymanager.io/
Requested by: Host: ats.rlcdn.com
URL: https://ats.rlcdn.com/ats.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.65.39.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-65-39-61.ams1.r.cloudfront.net
Software: /
Resource Hash: 3b3ed4b191fdd529075b8e099f5daefd684e80acd4c9514a70b6ad746e949544

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Sun, 05 Jun 2022 03:51:18 GMT
via: 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront), 1.1 ca1ae3b3ff3d7a9e41b26e307972401e.cloudfront.net (CloudFront)
age: 86086
x-amzn-requestid: 9370c0cc-4520-48a6-b28e-b701ac920f49
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
content-type: application/json
access-control-allow-origin: *
x-amzn-trace-id: Root=1-629c2836-5ceb690c1bc935c80ae78400;Sampled=0
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA56-P3, AMS1-P1
x-amz-apigw-id: TOs4gHgQjoEF2jQ=
content-length: 28
x-amz-cf-id: u2aYRYIiJsN3N91yQQNKlH6R8pOkwQIpCKg5qN3qam5RFNvNXFveGA==
access-control-allow-headers: Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 8808 6 KB
3 KB 38ms
38ms XHR
application/javascript 108.138.4.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.4.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-4-10.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Sun, 05 Jun 2022 05:05:16 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin
age: 81649
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Thu, 02 Jun 2022 00:57:09 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-version-id: rJc1WQUAqhvSMPW5pAnZljyS35FriyaP
via: 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA56-P6
content-type: application/javascript
x-amz-cf-id: TaWC3I2skfpfmNJsTLn0FsE4SmhTG69KjkibU-WASYWK-FXTg48kmA==

POST
H2 200 v2drpa9SW7v4a9F8JsRS0RwNnr_7_zZWOD4nXImXc9RsPI6UjgY7X7yY03vjljrUt5YCdSdIV Show response
aloofvest.com/ 209 B
341 B 49ms
48ms Fetch
application/json 35.190.74.49
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://aloofvest.com/v2drpa9SW7v4a9F8JsRS0RwNnr_7_zZWOD4nXImXc9RsPI6UjgY7X7yY03vjljrUt5YCdSdIV

Requested by

Host: aloofvest.com
URL: https://aloofvest.com/v2ici-GreEooOb39MzUWkIYDjUpMATVprWlVca_jlOajlnF7Q2YBLh0j4FOUXtl6T

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.74.49 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

49.74.190.35.bc.googleusercontent.com

Software

Resource Hash

68dd49d9550aa445274496ef6e63ee82c80b1758f5a075570f3368ef0cc9e8e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
access-control-allow-methods: POST, OPTIONS
x-datacenter: gce-europe-west1
date: Mon, 06 Jun 2022 03:46:04 GMT
vary: Accept-Encoding, Origin
x-hostname: fen-hoothoot-europe-west1-fhcq
content-type: application/json; charset=utf-8
access-control-allow-origin: https://screenrant.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-buildnumber: 541459873
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 209
expires: Mon, 06 Jun 2022 03:46:03 GMT

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 125ms
38ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://screenrant.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 19:25:00 GMT
x-content-type-options: nosniff
age: 375664
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7884
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Jun 2023 19:25:00 GMT

POST
H2 204 mvo Show response
tag.1rx.io/rmp/243447/0/ Frame 8808 0
170 B 144ms
48ms XHR
text/plain 213.19.147.43
RHYTHMONE

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/243447/0/mvo?z=1r&hbv=6.18,2.1
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.6.18.0_5.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.43 Utrecht, Netherlands, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://screenrant.com
pragma: no-cache
date: Mon, 06 Jun 2022 03:46:04 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 8808 0
115 B 1615ms
183ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.6.18.0_5.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 West Chester, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://screenrant.com
date: Mon, 06 Jun 2022 03:46:04 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 auction Show response
tlx.3lift.com/header/ Frame 8808 19 B
506 B 197ms
98ms XHR
application/json 18.184.69.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=6.18.0&referrer=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&tmax=3000&gdpr=true

Requested by

Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.6.18.0_5.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.184.69.62 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-184-69-62.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:04 GMT
accept-ch: sec-ch-ua-platform-version,sec-ch-viewport-width,sec-ch-ua-platform,sec-ch-viewport-height,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua,sec-ch-ua-bitness,sec-ch-prefers-color-scheme,sec-ch-width,sec-ch-ect,user-agent,sec-ch-downlink,sec-ch-ua-mobile,sec-ch-save-data,sec-ch-device-memory,sec-ch-dpr,sec-ch-ua-full-version,sec-ch-ua-model
content-type: application/json; charset=utf-8
access-control-allow-origin: https://screenrant.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H/1.1 204
No Content 318113 Show response
search.spotxchange.com/openrtb/2.3/dados/ Frame 8808 0
1 KB 229ms
48ms XHR
application/json 185.94.180.124
SPOTX-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://search.spotxchange.com/openrtb/2.3/dados/318113?src_sys=prebid
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.6.18.0_5.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.94.180.124 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 06 Jun 2022 03:46:04 GMT
X-SpotX-Timing-Transform: 0.000253
X-SpotX-Timing-SpotMarket: 0.003019
X-SpotX-Timing-Page-Mux: 0.000250
X-SpotX-Timing-Page-Require: 0.000340
X-fe: 098
Connection: keep-alive
X-SpotX-Timing-Page-Cookie: 0.000022
X-SpotX-Timing-Page: 0.006462
Pragma: no-cache
X-SpotX-Timing-Page-Context: 0.000288
Last-Modified: Mon, 06 Jun 2022 03:46:04 GMT
Server: nginx
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
X-SpotX-Timing-SpotMarket-Primary: 0.003019
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://screenrant.com
X-SpotX-Timing-Page-Misc: 0.002278
X-SpotX-Timing-Page-Exception: 0.000001
X-SpotX-Timing-SpotMarket-Secondary: 0.000000
X-SpotX-Timing-Page-URI: 0.000011
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 liveView.php
live.primis.tech/live/ 43 B
471 B 50ms
50ms Image
image/gif 2600:9000:2156:ea00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveView.php?hash=ozcmPTEznXRiPTEzqzyxX2V2ZW50PTYzp2VlqzVlVGygZT0kNwU0NDt3MTY0JaZcZF9joGF5ZXJWZXI9Ml4kLwAzpm01ODA1NlZmqGE9MTY4MDAmNwUzrD01MDAzrT0lODEzoXN0YT0kNwp1MDAjMvZ2nWRsqzFmqFR5pGU9MlZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0jJaZcZF9jYXNmRG9gYWyhPXNwpzVyoaJuoaQhY29gJaN1YxyxPXNwpzVyoaJuoaQhY29gJzRyYaVaSW5zo3JgYXRco249JzymQXBjPTAzqXNypxyjQWRxpw0lYTAkJTNBNGEjJTNBMTMmOCUmQTxlJTNBJTNBMTAzqXNypyVBPU1irzyfoGEyMxY1LwAyMwAyMwuXnW5xo3qmJTIjTyQyMwAkMC4jJTNCJTIjV2yhNwQyM0IyMwB4NwQyMwxyMwBBpHBfZVqyYxgcqCUlRwUmNl4mNvUlMCUlOEgIVE1MJTJDJTIjoGyeZSUlMEqyY2giJTI5JTIjQ2ulo21yJTJGMTAlLwAhNTAjNS42MSUlMFNuZzFlnSUlRwUmNl4mNvZwp3V1nWQ9NwI5ZDp4N2I0MWM4NlZlqz49JHgWUF9SVx5sTUFDUx99JzF0qGVgpHRNqWk0nXBfnWVlPTIjJzNioaRyoaRGnWkySWQ9MCZgZWRcYVBfYXyMnXN0SWQ9MCZgZWRcYUkcp3RJZD0jJzqxpHI9MSZaZHBlQ29hp2VhqD0znXNXZVBup3NHZHBlPTAzY2NjYT0jJzNwpGFDo25mZW50PSZwYaVmqGVlPTE2NTQ0ODpkNwQ0MTAzqWyxPVNyn2yhZG9TUGkurWVlNwI5ZDp4N2I4NWRvOSZjqWJVpzj9nHR0pHMyM0EyMxYyMxZmY3JyZW5lYW50LzNioSUlRaNbYXJeYz90LW1uoHqupzUgYW5xpz9cZC1upHBmLWNlZWRyoaRcYWkmLWJuozgcozpgnW5zo3JgYXRco24yMxYzZzkiYXRTqGF0qXM9ZzFfp2UzZWyxp3A9pHJyYzyx
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ea00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:03 GMT
via: 1.1 632ee301c4920b52f2463aa9e978c57e.cloudfront.net (CloudFront)
server: nginx
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: max-age=315360000
content-disposition: inline; filename="pixel.gif"
x-amz-cf-pop: FRA50-C1
content-type: image/gif
x-amz-cf-id: hX4O8Bw0-YGpsHVMCCk_s1NvoJXgDS6Kq0JFuMqZtCetKc2_p-oi-Q==
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 prebid
rtb.openx.net/sync/ Frame 60F9 43 B
351 B 176ms
58ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/prebid?gdpr=&gdpr_consent=&r=https%3A%2F%2Fmbid.marfeelrev.com%2Fsetuid%3Fbidder%3Dopenx%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26f%3Di%26uid%3D%24%7BUID%7D
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mbid.marfeelrev.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:03 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 1an4j7ccilv4rdludam7cfbrhdh3pit6

POST
H2 200 v2vilxPbFkrWn9zbqZ3hObTBki8SjqSTCVXYsfli_FIvAikIe5b500eqFM4TX3lxPD71kdPlA Show response
aloofvest.com/ 2 KB
815 B 51ms
51ms Fetch
application/json 35.190.74.49
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://aloofvest.com/v2vilxPbFkrWn9zbqZ3hObTBki8SjqSTCVXYsfli_FIvAikIe5b500eqFM4TX3lxPD71kdPlA

Requested by

Host: aloofvest.com
URL: https://aloofvest.com/v2ici-GreEooOb39MzUWkIYDjUpMATVprWlVca_jlOajlnF7Q2YBLh0j4FOUXtl6T

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.74.49 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

49.74.190.35.bc.googleusercontent.com

Software

Resource Hash

13021e44e2f1d0c146464bd34139dca45c54e761d9806087ce3762117a79a200

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: gzip
x-datacenter: gce-europe-west1
date: Mon, 06 Jun 2022 03:46:04 GMT
vary: Accept-Encoding, Origin
x-hostname: fen-hoothoot-europe-west1-fhcq
content-type: application/json; charset=utf-8
access-control-allow-origin: https://screenrant.com
access-control-allow-credentials: true
access-control-allow-methods: POST, OPTIONS
x-buildnumber: 541459873
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 774

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
441 B 142ms
47ms XHR
text/plain 2a00:1450:400c:c0d::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-1923027-1&cid=2067551132.1654487164&jid=350158566&gjid=1434852240&_gid=1657221140.1654487164&_u=KEBAAEAAEAQCAC~&z=1067154173

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0d::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 06 Jun 2022 03:46:04 GMT
content-type: text/plain
access-control-allow-origin: https://screenrant.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 /
events.release.narrativ.com/api/v0/publishers/2439/impressions/page_impression/ Frame 0
0 129ms
129ms Preflight
text/html 34.192.73.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://events.release.narrativ.com/api/v0/publishers/2439/impressions/page_impression/?uid_bam=1776492065989364759

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.192.73.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-192-73-199.compute-1.amazonaws.com

Software

nginx/1.22.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Headers: access-control-allow-credentials,content-type,x-requested-with
Access-Control-Request-Method: POST
Origin: https://screenrant.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-headers: access-control-allow-credentials, content-type, x-requested-with
access-control-allow-methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
access-control-allow-origin: https://screenrant.com
allow: OPTIONS, POST
content-length: 0
content-type: text/html; charset=utf-8
date: Mon, 06 Jun 2022 03:46:04 GMT
server: nginx/1.22.0
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin
x-bam-build-version: 75f11a0c6cab80095b394b7093c0325845b73163
x-bam-env: release
x-robots-tag: none

GET
H2 304 session.gif
events.release.narrativ.com/api/v0/ 0
396 B 130ms
130ms Image 34.192.73.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://events.release.narrativ.com/api/v0/session.gif?uid_bam=1776492065989364759&cache_buster=1654487164528

Requested by

Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.192.73.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-192-73-199.compute-1.amazonaws.com

Software

nginx/1.22.0 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-origin: *
x-bam-build-version: 75f11a0c6cab80095b394b7093c0325845b73163
date: Mon, 06 Jun 2022 03:46:04 GMT
server: nginx/1.22.0
x-robots-tag: none
x-bam-env: release
strict-transport-security: max-age=63072000; includeSubDomains; preload

POST
H2 201 / Show response
events.release.narrativ.com/api/v0/publishers/2439/impressions/page_impression/ 2 B
463 B 133ms
133ms XHR
application/json 34.192.73.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://events.release.narrativ.com/api/v0/publishers/2439/impressions/page_impression/?uid_bam=1776492065989364759

Requested by

Host: static.narrativ.com
URL: https://static.narrativ.com/tags/narrativ-pub.1.0.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.192.73.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-192-73-199.compute-1.amazonaws.com

Software

nginx/1.22.0 /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Access-Control-Allow-Credentials: true
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

x-bam-build-version: 75f11a0c6cab80095b394b7093c0325845b73163
date: Mon, 06 Jun 2022 03:46:04 GMT
server: nginx/1.22.0
x-bam-env: release
vary: Origin
content-type: application/json
access-control-allow-origin: https://screenrant.com
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-robots-tag: none
content-length: 2

POST
H/1.1 200
OK / Show response
api.narrativ.com/api/v0/publishers/2439/smart_links/ 190 B
516 B 146ms
146ms XHR
application/json 18.209.251.242
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.narrativ.com/api/v0/publishers/2439/smart_links/

Requested by

Host: static.narrativ.com
URL: https://static.narrativ.com/tags/narrativ-pub.1.0.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.209.251.242 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-209-251-242.compute-1.amazonaws.com

Software

nginx/1.22.0 /

Resource Hash

ba39b58431e3386adf4a0b13467d95ddf28088e55fc51573eb2feac8e89d46c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

Accept: application/json
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Access-Control-Allow-Credentials: true
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

Date: Mon, 06 Jun 2022 03:46:05 GMT
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Server: nginx/1.22.0
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://screenrant.com
Connection: keep-alive
X-Robots-Tag: noindex, follow
Content-Length: 190

OPTIONS
H/1.1 200
OK /
api.narrativ.com/api/v0/publishers/2439/smart_links/ Frame 0
0 532ms
130ms Preflight
text/html 18.209.251.242
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.narrativ.com/api/v0/publishers/2439/smart_links/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.209.251.242 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-209-251-242.compute-1.amazonaws.com

Software

nginx/1.22.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

Accept: */*
Access-Control-Request-Headers: access-control-allow-credentials,content-type,x-requested-with
Access-Control-Request-Method: POST
Origin: https://screenrant.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Access-Control-Allow-Headers: access-control-allow-credentials, content-type, x-requested-with
Access-Control-Allow-Methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
Access-Control-Allow-Origin: https://screenrant.com
Access-Control-Max-Age: 86400
Allow: POST, OPTIONS
Connection: keep-alive
Content-Length: 0
Content-Type: text/html; charset=utf-8
Date: Mon, 06 Jun 2022 03:46:05 GMT
Server: nginx/1.22.0
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Vary: Origin
X-Robots-Tag: noindex, follow

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 132ms
48ms Image
image/gif 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-1923027-1&cid=2067551132.1654487164&jid=350158566&_u=KEBAAEAAEAQCAC~&z=992904098

Requested by

Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 132ms
49ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-1923027-1&cid=2067551132.1654487164&jid=350158566&_u=KEBAAEAAEAQCAC~&z=992904098

Requested by

Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ConsentManager,Sticky2 Show response
scarfsmash.com/v2fteQ_KPLa0syJYfX84E0ZAmukzCgMu07xhwViSbiZ5gd-lcVuL5ANL_n-E7yJX1z6irPqU/ 272 KB
79 KB 156ms
53ms Script
text/javascript 35.186.249.84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://scarfsmash.com/v2fteQ_KPLa0syJYfX84E0ZAmukzCgMu07xhwViSbiZ5gd-lcVuL5ANL_n-E7yJX1z6irPqU/ConsentManager,Sticky2

Requested by

Host: aloofvest.com
URL: https://aloofvest.com/v2ici-GreEooOb39MzUWkIYDjUpMATVprWlVca_jlOajlnF7Q2YBLh0j4FOUXtl6T

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.249.84 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

84.249.186.35.bc.googleusercontent.com

Software

Resource Hash

fb0d90f0dfba2ebd75a75952cd638ad515663fbbcf9691c6326b8410e1b550c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Origin: https://screenrant.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
x-datacenter: gce-europe-west1
etag: "38102daf14882a6d916c814e2daefe9c7c4c0fad56257df1b11d812cb1f143cd"
vary: Accept-Encoding, Accept-Language, Origin
x-hostname: fen-hoothoot-europe-west1-fhcq
content-type: text/javascript; charset=utf-8
access-control-allow-origin: https://screenrant.com
cache-control: private, must-revalidate, max-age=21600
access-control-allow-credentials: true
access-control-allow-methods: POST, OPTIONS
x-buildnumber: 541459873
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
date: Mon, 06 Jun 2022 03:46:04 GMT

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame 60F9 0
239 B 38ms
38ms Image
image/gif 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-marfeel&gdpr=&gdpr_consent=&us_privacy=
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mbid.marfeelrev.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Content-Type: image/gif

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 3C34 0
15 B 38ms
37ms Document
text/plain 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://screenrant.com
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://screenrant.com
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Mon, 06 Jun 2022 03:46:04 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H/1.1

200
OK

setuid
mbid.marfeelrev.com/ Frame 60F9
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fmbid.marfeelrev.com%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26f%3Di%26uid%3D%24UID
https://mbid.marfeelrev.com/setuid?bidder=adnxs&gdpr=&gdpr_consent=&us_privacy=&f=i&uid=3971180447162116942

86 B
688 B

45ms
44ms

Image
image/png

148.251.135.181
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mbid.marfeelrev.com/setuid?bidder=adnxs&gdpr=&gdpr_consent=&us_privacy=&f=i&uid=3971180447162116942
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: HTTP/1.1
Server: 148.251.135.181 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.181.135.251.148.clients.your-server.de
Software: istio-envoy /
Resource Hash: c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mbid.marfeelrev.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:04 GMT
content-encoding: gzip
server: istio-envoy
transfer-encoding: chunked
content-type: image/png
cache-control: no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 1
expires: 0

Redirect headers

Pragma: no-cache
Date: Mon, 06 Jun 2022 03:46:04 GMT
X-Proxy-Origin: 80.255.7.108; 80.255.7.108; 719.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 9351fa83-a766-428c-b6c2-4e71419b57c3
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://mbid.marfeelrev.com/setuid?bidder=adnxs&gdpr=&gdpr_consent=&us_privacy=&f=i&uid=3971180447162116942
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame D594 0
42 B 1968ms
185ms Script
text/plain 104.36.113.23
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=3685404&p=159196&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=1&gdpr_consent=&us_privacy=1---
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D629d787b41c87%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D1%26gdpr_consent%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.23 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:04 GMT
content-length: 0

GET
H3 200 css2
fonts.googleapis.com/ 7 KB
656 B 124ms
47ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Inter:wght@300;600;700&display=swap

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9d9621179e43127a9fd488cd7ce45396370b279d65f052b576d95489380b77a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 06 Jun 2022 02:27:53 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 06 Jun 2022 03:46:05 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 06 Jun 2022 03:46:05 GMT

POST
H/1.1 200
OK domains Show response
api.viglink.com/api/ 42 B
488 B 57ms
57ms XHR
text/javascript 34.250.21.211
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viglink.com/api/domains
Requested by: Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.250.21.211 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-250-21-211.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: 2b5a06f8ed70991d7d7d152a8e5602fbe23cc2a6e94faeb19947ef867d0e951c

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Mon, 06 Jun 2022 03:46:04 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://screenrant.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 MTUsMTQ0YmM1YjI2MjYz
images.getadmiral.com/ 763 B
1 KB 164ms
64ms Image
image/png 2606:4700:3034::6815:4466
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.getadmiral.com/MTUsMTQ0YmM1YjI2MjYz

Requested by

Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:4466 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2880fbb26ad5becd41ec25a5c37da351ac77225bbf30d5a9ab8accf5728591cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:05 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-buildnumber: 541457254
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 763
server: cloudflare
x-datacenter: gce-europe-west1
etag: "2c607cb7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1vUk5dBSyJ8mJSkWALQ03sm8UjjOFnyoer1gmJNEl1rEg0jtDX9AVhasnDWysPsFyVabOWZYBwzy3MWs4DpzOFFgDQRa5fHE8gi1Rx0HE5%2FKbwziMPr1FwGHW5CTkYnecjyy2POJk6OtBHsWK64Z5%2Bg4kwc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: private, must-revalidate, max-age=3600
x-hostname: icarus
cf-ray: 716e28ae7b879131-FRA

GET
H/1.1

200
OK

setuid
mbid.marfeelrev.com/ Frame 60F9
Redirect Chain

https://ad.360yield.com/server_match?gdpr=&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fmbid.marfeelrev.com%2Fsetuid%3Fbidder%3Dimprovedigital%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26f%3Di%26uid...
https://ad.360yield.com/ul_cb/server_match?gdpr=&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fmbid.marfeelrev.com%2Fsetuid%3Fbidder%3Dimprovedigital%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26f%3Di...
https://mbid.marfeelrev.com/setuid?bidder=improvedigital&gdpr=&gdpr_consent=&us_privacy=&f=i&uid=136811dd-f799-4d55-9cb4-ad33baa947c7

86 B
824 B

42ms
41ms

Image
image/png

148.251.135.181
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mbid.marfeelrev.com/setuid?bidder=improvedigital&gdpr=&gdpr_consent=&us_privacy=&f=i&uid=136811dd-f799-4d55-9cb4-ad33baa947c7
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: HTTP/1.1
Server: 148.251.135.181 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.181.135.251.148.clients.your-server.de
Software: istio-envoy /
Resource Hash: c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mbid.marfeelrev.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:05 GMT
content-encoding: gzip
server: istio-envoy
transfer-encoding: chunked
content-type: image/png
cache-control: no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 0
expires: 0

Redirect headers

location: https://mbid.marfeelrev.com/setuid?bidder=improvedigital&gdpr=&gdpr_consent=&us_privacy=&f=i&uid=136811dd-f799-4d55-9cb4-ad33baa947c7
date: Mon, 06 Jun 2022 03:46:05 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2 200 cookie Show response
cm.adform.net/ Frame C08B 43 B
106 B 155ms
53ms Document
image/gif 37.157.2.239
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307457%26extuid%3D%24UID
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://s.console.adtarget.com.tr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 43
content-type: image/gif
date: Mon, 06 Jun 2022 03:46:05 GMT
server: nginx

GET
H/1.1 200
OK csync Show response
sync.console.adtarget.com.tr/ Frame 2E7A 0
397 B 853ms
122ms Document
text/plain 23.227.139.243
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.console.adtarget.com.tr/csync?t=a&ep=502624&extuid=${USER_ID}
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://s.console.adtarget.com.tr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 0
Date: Mon, 06 Jun 2022 03:46:05 GMT
Etag: 78f41898bd296c54
Server: VertaMedia 1.0

GET
H/1.1 200
OK csync Show response
sync.console.adtarget.com.tr/ Frame 3CF3 0
397 B 1031ms
179ms Document
text/plain 23.227.139.243
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.console.adtarget.com.tr/csync?t=a&ep=544989&extuid=${USER_ID}
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://s.console.adtarget.com.tr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 0
Date: Mon, 06 Jun 2022 03:46:05 GMT
Etag: 78f41898bd296c54
Server: VertaMedia 1.0

GET
H/1.1

200
OK

csync Show response
sync.console.adtarget.com.tr/ Frame 8EFB
Redirect Chain

https://creativecdn.com/cm-notify?pi=admatic
https://creativecdn.com/cm-notify?pi=admatic&tc=1
https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=a2Ng8HM13xJCohjYcZTZ&pi=admatic&tc=1

0
407 B

835ms
146ms

Document
text/plain

23.227.139.243
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=a2Ng8HM13xJCohjYcZTZ&pi=admatic&tc=1
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://s.console.adtarget.com.tr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 0
Date: Mon, 06 Jun 2022 03:46:05 GMT
Etag: 78f41898bd296c54
Server: VertaMedia 1.0

Redirect headers

cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
date: Mon, 06 Jun 2022 03:46:05 GMT Mon, 06 Jun 2022 03:46:05 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=a2Ng8HM13xJCohjYcZTZ&pi=admatic&tc=1
pragma: no-cache

GET
H2 200 pbsync.html Show response
js.adscale.de/ Frame 1ADC 3 KB
2 KB 157ms
37ms Document
text/html 2600:9000:2156:7c00:f:4f64:8940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:7c00:f:4f64:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c82fab08e93db8934a27f5b26ddf48c8a013a92a21ea15b7fa8b675b0d866040

Request headers

Referer: https://s.console.adtarget.com.tr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 4503
cache-control: max-age=7200
content-encoding: br
content-type: text/html
date: Mon, 06 Jun 2022 02:31:03 GMT
etag: W/"9f4e83cc82a56a2a6e9851eeee2f9f34"
last-modified: Wed, 25 May 2022 02:14:44 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
x-amz-cf-id: eRtW9MbTzRmQceqSPi0NcgvmFkQmGfM3IATbNNgwPZNdJmH3jxjY3g==
x-amz-cf-pop: FRA50-C1
x-amz-version-id: 7.kZki2Df8oYMtrQ1D1a.RDwu0HgzPFw
x-cache: Hit from cloudfront

GET
H/1.1 200
OK csync
sync.console.adtarget.com.tr/ Frame 56E8 43 B
331 B 1186ms
217ms Image
image/gif 23.227.139.243
24SHELLS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.console.adtarget.com.tr/csync?redir=
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.console.adtarget.com.tr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Mon, 06 Jun 2022 03:46:05 GMT
Server: VertaMedia 1.0
Etag: 78f41898bd296c54
Content-Length: 43
Content-Type: image/gif

GET
H3 200 UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v11/ 37 KB
37 KB 117ms
39ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v11/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@300;600;700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b97c99a69a6275c8f90703cd4c0864089a74fd08383a1cc75a8a4d0c2cb60cce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://screenrant.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 31 May 2022 17:07:32 GMT
x-content-type-options: nosniff
age: 470313
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37716
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:29:50 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 May 2023 17:07:32 GMT

POST
H2 200 v2drpa9SW7v4a9F8JsRS0RwNnr_7_zZWOD4nXImXc9RsPI6UjgY7X7yY03vjljrUt5YCdSdIV Show response
aloofvest.com/ 196 B
280 B 67ms
67ms Fetch
application/json 35.190.74.49
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://aloofvest.com/v2drpa9SW7v4a9F8JsRS0RwNnr_7_zZWOD4nXImXc9RsPI6UjgY7X7yY03vjljrUt5YCdSdIV

Requested by

Host: aloofvest.com
URL: https://aloofvest.com/v2ici-GreEooOb39MzUWkIYDjUpMATVprWlVca_jlOajlnF7Q2YBLh0j4FOUXtl6T

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.74.49 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

49.74.190.35.bc.googleusercontent.com

Software

Resource Hash

59b37178f42e08d027c66d1a397822fd92f3ed94354e032bf93fc2ce7e2afd77

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
access-control-allow-methods: POST, OPTIONS
x-datacenter: gce-europe-west1
date: Mon, 06 Jun 2022 03:46:05 GMT
vary: Accept-Encoding, Origin
x-hostname: fen-hoothoot-europe-west1-fhcq
content-type: application/json; charset=utf-8
access-control-allow-origin: https://screenrant.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-buildnumber: 541459873
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 196
expires: Mon, 06 Jun 2022 03:46:04 GMT

GET
H2

200

uu Show response
ih.adscale.de/ Frame 1ADC
Redirect Chain

https://ih.adscale.de/uu?cbfn=receive&t=1654487165
https://ih.adscale.de/uu?cbfn=receive&t=1654487165&nut&uu=90965c3d5e514211bb86bfceb3905458

44 B
213 B

40ms
40ms

Script
text/javascript

18.198.98.208
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/uu?cbfn=receive&t=1654487165&nut&uu=90965c3d5e514211bb86bfceb3905458
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Protocol: H2
Server: 18.198.98.208 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-98-208.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 9967c4965a3c1f61bafa53d642c7fa743c9f2dea0e1207b0ff9aaddbd8a29f24

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:05 GMT
content-length: 44
content-type: text/javascript;charset=ISO-8859-1

Redirect headers

location: https://ih.adscale.de/uu?cbfn=receive&t=1654487165&nut&uu=90965c3d5e514211bb86bfceb3905458
date: Mon, 06 Jun 2022 03:46:05 GMT
content-length: 0

POST
H2 204 collect Show response
a.ad.gt/api/v1/ 0
102 B 619ms
220ms XHR
text/plain 52.12.72.198
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://a.ad.gt/api/v1/collect
Requested by: Host: p.ad.gt
URL: https://p.ad.gt/api/v1/p/269?au_id=AU1D-0100-001654487164-X4IFXS76-OF8K
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.12.72.198 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-12-72-198.us-west-2.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-type: text/plain

Response headers

access-control-allow-origin: https://screenrant.com
date: Mon, 06 Jun 2022 03:46:05 GMT
server: nginx/1.20.0
vary: Origin

GET
H2 204 getpixels Show response
pixels.ad.gt/api/v1/ 0
52 B 629ms
204ms Script
text/plain 34.214.253.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixels.ad.gt/api/v1/getpixels?tagger_id=au1t-2fc4901aecc5ebdfbe7f0259f1a29f0d&url=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&code=%27none%27
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/valnet/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.214.253.85 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-214-253-85.us-west-2.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:05 GMT
server: nginx/1.20.0

GET
H3 200 ecommerce.js Show response
www.google-analytics.com/plugins/ua/ 1 KB
763 B 39ms
38ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ecommerce.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 02:56:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2984
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 06 Jun 2022 03:56:21 GMT

GET
H3 200 ec.js Show response
www.google-analytics.com/plugins/ua/ 3 KB
1 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ec.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:27:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1134
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1129
x-xss-protection: 0
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 06 Jun 2022 04:27:11 GMT

GET
H2 200 segments Show response
seg.ad.gt/api/v1/ 21 B
219 B 615ms
210ms XHR
application/json 52.12.61.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://seg.ad.gt/api/v1/segments?url=https%253A%252F%252Fscreenrant.com%252Fsharkbot-malware-android-apps-credentials-banking-information%252F&partner_id=269&tagger_id=au1t-2fc4901aecc5ebdfbe7f0259f1a29f0d&au_id=AU1D-0100-001654487164-X4IFXS76-OF8K
Requested by: Host: p.ad.gt
URL: https://p.ad.gt/api/v1/p/269?au_id=AU1D-0100-001654487164-X4IFXS76-OF8K
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.12.61.6 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-12-61-6.us-west-2.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: 2f65b37814d674a38e2813bcb3fd9590d449087dfb30420deec70327fef7d1cc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-origin: https://screenrant.com
date: Mon, 06 Jun 2022 03:46:05 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.20.0
vary: Origin
content-type: application/json

GET
H/1.1

200
OK

setuid
mbid.marfeelrev.com/ Frame 60F9
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fmbid.marfeelrev.com%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26f%3Di%26uid%3D%24UID
https://mbid.marfeelrev.com/setuid?bidder=adnxs&gdpr=&gdpr_consent=&us_privacy=&f=i&uid=3971180447162116942

86 B
824 B

44ms
43ms

Image
image/png

148.251.135.181
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mbid.marfeelrev.com/setuid?bidder=adnxs&gdpr=&gdpr_consent=&us_privacy=&f=i&uid=3971180447162116942
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: HTTP/1.1
Server: 148.251.135.181 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.181.135.251.148.clients.your-server.de
Software: istio-envoy /
Resource Hash: c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mbid.marfeelrev.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:05 GMT
content-encoding: gzip
server: istio-envoy
transfer-encoding: chunked
content-type: image/png
cache-control: no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 2
expires: 0

Redirect headers

Pragma: no-cache
Date: Mon, 06 Jun 2022 03:46:05 GMT
X-Proxy-Origin: 80.255.7.108; 80.255.7.108; 719.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: d22b165e-89a0-49e1-ab1c-aa44ffe7cd47
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://mbid.marfeelrev.com/setuid?bidder=adnxs&gdpr=&gdpr_consent=&us_privacy=&f=i&uid=3971180447162116942
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK fpc Show response
at.teads.tv/ 0
337 B 224ms
67ms XHR
text/plain 104.89.28.165
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://at.teads.tv/fpc?analytics_tag_id=PUB_22144&tfpvi=&gdpr_status=21&gdpr_reason=240&gdpr_consent=&ccpa_consent=&sv=16514bb&
Requested by: Host: a.teads.tv
URL: https://a.teads.tv/analytics/tag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.28.165 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-28-165.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 06 Jun 2022 03:46:05 GMT
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: https://screenrant.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Mon, 06 Jun 2022 03:46:05 GMT

GET
H2 200 userconnect.js Show response
js.adscale.de/ Frame 1ADC 11 KB
4 KB 40ms
39ms Script
application/javascript 2600:9000:2156:7c00:f:4f64:8940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adscale.de/userconnect.js
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:7c00:f:4f64:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca38ab561201a1a68867f61d4fb3df9682756c8927fe80f047624e7ef662f0f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-version-id: jczEGsG4tFCJOCWrMN37Vo2da2gvAHCe
content-encoding: br
last-modified: Wed, 25 May 2022 02:14:44 GMT
server: AmazonS3
age: 3332
etag: W/"988fbfb6c270a6080f89deb043243858"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
cache-control: max-age=7200
date: Mon, 06 Jun 2022 02:50:34 GMT
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: a4EaOw7uznzmWNTtx4rqf7z164_P6tFzln6EZN-hCbBJCitXK89-dw==

GET
H/1.1 200
OK csync
sync.console.adtarget.com.tr/ Frame 1ADC 0
419 B 901ms
227ms Image
text/plain 23.227.139.243
24SHELLS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.console.adtarget.com.tr/csync?t=a&ep=307565&extuid=90965c3d5e514211bb86bfceb3905458
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Mon, 06 Jun 2022 03:46:06 GMT
Server: VertaMedia 1.0
Etag: b01b6e63a8849925
Content-Length: 0

GET
H2 200 userconnect Show response
ih.adscale.de/ Frame 1ADC 149 B
224 B 40ms
39ms Script
application/javascript 18.198.98.208
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/userconnect?ssl=1&sid=0&cbfn=stroeerCoreConnect&ts=1654487165488&umd=false&gdpr=0&gdpr_version=2&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/userconnect.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.98.208 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-98-208.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 3516496d97f72bf509cf5d6902b5deebf53355ccb21127dc777d265cd96ca2d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:05 GMT
content-length: 149
content-type: application/javascript

GET
H2 200 map Show response
ih.adscale.de/ Frame 8EAD 3 KB
3 KB 43ms
42ms Document
text/html 18.198.98.208
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/userconnect.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.98.208 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-98-208.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 704ddb07cbacf102e9c2ce1ce43a3a0306704c149a6cf00fd6bd6a1fa98eb781

Request headers

Referer: https://js.adscale.de/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 2792
content-type: text/html;charset=ISO-8859-1
date: Mon, 06 Jun 2022 03:46:05 GMT

GET
H2 200 match.js Show response
js.adscale.de/ Frame 8EAD 4 KB
2 KB 38ms
37ms Script
application/javascript 2600:9000:2156:7c00:f:4f64:8940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adscale.de/match.js
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:7c00:f:4f64:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 45767d3452a56be0180eed18ff44acd5e688dc5bbde2b77e1da29b326a180416

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-version-id: zHniEUn6ueTHx4J_BeywLrsuDa00nkQA
content-encoding: br
last-modified: Wed, 25 May 2022 02:14:44 GMT
server: AmazonS3
age: 5612
etag: W/"ff7cce9128150bd82f1a709c03692e3d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
cache-control: max-age=7200
date: Mon, 06 Jun 2022 02:12:34 GMT
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: ukBdi4YXklDV2ivi10uXAy_X-i5r91_fPT1U9S2owefO75USazukpg==

GET
H2

200

img
ih.adscale.de/sium/4217fb758ef84aa083454f611d8fc583/1654487165568/0/ Frame 8EAD
Redirect Chain

https://bbnaut.ibillboard.com/match/AdScale?partneruid=90965c3d5e514211bb86bfceb3905458&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F4217fb758ef84aa083454f611d8fc583%2F1654487165568%2F0%2Fimg%3Ftpid%...
https://ih.adscale.de/sium/4217fb758ef84aa083454f611d8fc583/1654487165568/0/img?tpid=101&tpuid=BBID-01-03292011658303345-16622424

49 B
467 B

40ms
40ms

Image
image/gif

18.198.98.208
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/4217fb758ef84aa083454f611d8fc583/1654487165568/0/img?tpid=101&tpuid=BBID-01-03292011658303345-16622424
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Server: 18.198.98.208 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-98-208.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:05 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

Date: Mon, 06 Jun 2022 03:46:05 GMT
Server: nginx
Transfer-Encoding: chunked
p3p: CP="CUR ADM DEV OUR STP PRE DSP NOI COR NID"
Location: https://ih.adscale.de/sium/4217fb758ef84aa083454f611d8fc583/1654487165568/0/img?tpid=101&tpuid=BBID-01-03292011658303345-16622424
Cache-Control: private, max-age=3600
Access-Control-Allow-Credentials: true
Connection: close

GET
H2

200

img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame 8EAD
Redirect Chain

https://ssum.casalemedia.com/usermatchredir?s=183592&cb=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D63%26tpuid%3D__UID__&uid=a5c8779eccce9ea0e90d8849c...
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?gdpr=0&tpid=63&tpuid=Yp14fAc.l8-kJI4BXdpa1AAA%261119

49 B
559 B

40ms
39ms

Image
image/gif

18.198.98.208
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?gdpr=0&tpid=63&tpuid=Yp14fAc.l8-kJI4BXdpa1AAA%261119
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Server: 18.198.98.208 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-98-208.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:05 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Mon, 06 Jun 2022 03:46:05 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?gdpr=0&tpid=63&tpuid=Yp14fAc.l8-kJI4BXdpa1AAA%261119
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 310
Expires: Mon, 06 Jun 2022 03:46:05 GMT

GET
H2

200

img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame 8EAD
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D108%26tpuid%3D%5BMM_UUID%5D&uid=3b7c242961e290ca8713e5e...
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=eb50629d-787f-4500-a574-e07ea982d81b&gdpr=0&gdpr_consent=

49 B
613 B

41ms
41ms

Image
image/gif

18.198.98.208
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=eb50629d-787f-4500-a574-e07ea982d81b&gdpr=0&gdpr_consent=
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Server: 18.198.98.208 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-98-208.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:07 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

Date: Mon, 06 Jun 2022 03:46:07 GMT
Server: MT3 4419 e1034d5 master nrt-pixel-x20 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=eb50629d-787f-4500-a574-e07ea982d81b&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 06 Jun 2022 03:46:06 GMT

GET
H2 200 chunklist_480.m3u8 Show response
video.primis.tech/uploads/cn19/video/users/hls/30875/video_618a2a80af777483941066/vid624f1908a999d219076734.mp4/ 3 KB
810 B 116ms
39ms XHR
application/vnd.apple.mpegurl 2600:9000:2156:ec00:1:6448:6d00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://video.primis.tech/uploads/cn19/video/users/hls/30875/video_618a2a80af777483941066/vid624f1908a999d219076734.mp4/chunklist_480.m3u8
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_3.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ec00:1:6448:6d00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e7b0a8fe40952cadeb7bbaed6efc7f6539dd867bb027dab543767f71d3774bd3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Sun, 05 Jun 2022 15:13:42 GMT
via: 1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront), 1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront)
vary: Accept-Encoding
age: 45143
x-cache: Hit from cloudfront
content-encoding: br
last-modified: Thu, 07 Apr 2022 17:47:54 GMT
server: nginx
etag: W/"344af0c7cca610e144d9268077e69461"
access-control-max-age: 604800
access-control-allow-methods: GET, HEAD
content-type: application/vnd.apple.mpegurl
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: FRA60-P3, FRA50-C1
x-amz-cf-id: xIhz1TeMO-_dTaIPe_VKJ1N-hm9KwHeNnZnYS3I5ROQcvqvAw87aKQ==
expires: Mon, 06 Jun 2022 15:13:42 GMT

GET
H2 200 w_480_00000.ts Show response
video.primis.tech/uploads/cn19/video/users/hls/30875/video_618a2a80af777483941066/vid624f1908a999d219076734.mp4/ 364 KB
365 KB 42ms
41ms XHR
video/mp2t 2600:9000:2156:ec00:1:6448:6d00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://video.primis.tech/uploads/cn19/video/users/hls/30875/video_618a2a80af777483941066/vid624f1908a999d219076734.mp4/w_480_00000.ts
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_3.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ec00:1:6448:6d00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 17666b4dddb53f0264ed5e27c891a182d940852447aca743f66dee60b9d0382b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Sun, 05 Jun 2022 10:22:24 GMT
via: 1.1 071c6d250f90381986ebbec31df7b7e4.cloudfront.net (CloudFront), 1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront)
age: 62621
x-cache: Hit from cloudfront
content-length: 372428
last-modified: Thu, 07 Apr 2022 17:47:57 GMT
server: nginx
etag: "826e763c53ce0461d52de6e76d99ea13"
access-control-max-age: 604800
access-control-allow-methods: GET, HEAD
content-type: video/mp2t
access-control-allow-origin: *
cache-control: max-age=1209600
x-amz-cf-pop: BRU50-C1, FRA50-C1
accept-ranges: bytes
x-amz-cf-id: WNF18vHDHrEXaz34KAZtixkBuTzdOJWa84XCPtbzuWKEA_fXKQKpWw==
expires: Sun, 19 Jun 2022 10:22:24 GMT

GET
BLOB 200
OK eb1863b1-c0ad-44d4-9218-4abcbde19046
https://screenrant.com/ 67 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://screenrant.com/eb1863b1-c0ad-44d4-9218-4abcbde19046
Requested by: Host: screenrant.com
URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b3e57eb372e8b405c816875571e184854b2846261c7477c6c9bdb7782faa1a30

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Length: 68465
Content-Type: text/javascript

GET
H2 200 w_480_00001.ts Show response
video.primis.tech/uploads/cn19/video/users/hls/30875/video_618a2a80af777483941066/vid624f1908a999d219076734.mp4/ 468 KB
469 KB 42ms
42ms XHR
video/mp2t 2600:9000:2156:ec00:1:6448:6d00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://video.primis.tech/uploads/cn19/video/users/hls/30875/video_618a2a80af777483941066/vid624f1908a999d219076734.mp4/w_480_00001.ts
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_3.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ec00:1:6448:6d00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: a8f8fd440f8cfa99b7982a0b6421aa6166827f1076307747a62def70c431759d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Sun, 05 Jun 2022 10:22:24 GMT
via: 1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront), 1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront)
age: 62621
x-cache: Hit from cloudfront
content-length: 479212
last-modified: Thu, 07 Apr 2022 17:47:57 GMT
server: nginx
etag: "fdeba1d81982889796cd7f6ff4e4eb5a"
access-control-max-age: 604800
access-control-allow-methods: GET, HEAD
content-type: video/mp2t
access-control-allow-origin: *
cache-control: max-age=1209600
x-amz-cf-pop: FRA60-P3, FRA50-C1
accept-ranges: bytes
x-amz-cf-id: wm93hL7ningcE51l9_wBTc1JG1Zd_0fVTBuyURBh62RFBumJWu-01A==
expires: Sun, 19 Jun 2022 10:22:24 GMT

GET
H2 200 w_480_00002.ts Show response
video.primis.tech/uploads/cn19/video/users/hls/30875/video_618a2a80af777483941066/vid624f1908a999d219076734.mp4/ 481 KB
483 KB 41ms
40ms XHR
video/mp2t 2600:9000:2156:ec00:1:6448:6d00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://video.primis.tech/uploads/cn19/video/users/hls/30875/video_618a2a80af777483941066/vid624f1908a999d219076734.mp4/w_480_00002.ts
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_3.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ec00:1:6448:6d00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 52cdf93f534fa5624b941a56b164c1f8f94c4e2aa5155324f97dd15969f30e5b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Sun, 05 Jun 2022 10:22:26 GMT
via: 1.1 3fb11c5fe1841d9ab25fe106cf3eca38.cloudfront.net (CloudFront), 1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront)
age: 62619
x-cache: Hit from cloudfront
content-length: 492560
last-modified: Thu, 07 Apr 2022 17:47:57 GMT
server: nginx
etag: "b97d9eb6153bf43e2448408f4383e02c"
access-control-max-age: 604800
access-control-allow-methods: GET, HEAD
content-type: video/mp2t
access-control-allow-origin: *
cache-control: max-age=1209600
x-amz-cf-pop: BRU50-C1, FRA50-C1
accept-ranges: bytes
x-amz-cf-id: WwYDBcrmutPEqNeoEfIY-9w-UrrRw2Zpw_pLUyNkNXYy5ELk9i-k2g==
expires: Sun, 19 Jun 2022 10:22:26 GMT

GET
H2 200 w_480_00003.ts Show response
video.primis.tech/uploads/cn19/video/users/hls/30875/video_618a2a80af777483941066/vid624f1908a999d219076734.mp4/ 329 KB
330 KB 42ms
42ms XHR
video/mp2t 2600:9000:2156:ec00:1:6448:6d00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://video.primis.tech/uploads/cn19/video/users/hls/30875/video_618a2a80af777483941066/vid624f1908a999d219076734.mp4/w_480_00003.ts
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_3.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ec00:1:6448:6d00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 855ba8cc257021e83f4809afc70504fca25cb87dd3984868c6602b6351c316e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Sun, 05 Jun 2022 18:10:34 GMT
via: 1.1 753b5d9899259f7b8bd50e1338255e42.cloudfront.net (CloudFront), 1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront)
age: 34532
x-cache: Hit from cloudfront
content-length: 336520
last-modified: Thu, 07 Apr 2022 17:47:57 GMT
server: nginx
etag: "a6be0166f6b2dba0d0d9c27bf2fa57d9"
access-control-max-age: 604800
access-control-allow-methods: GET, HEAD
content-type: video/mp2t
access-control-allow-origin: *
cache-control: max-age=1209600
x-amz-cf-pop: BRU50-C1, FRA50-C1
accept-ranges: bytes
x-amz-cf-id: ol5JPnATyap6SSoM831Yd5LoFE_z3ZLKUH4ThdT69uRCnXnXAO_DDQ==
expires: Sun, 19 Jun 2022 18:10:34 GMT

GET
H2 200 w_480_00004.ts Show response
video.primis.tech/uploads/cn19/video/users/hls/30875/video_618a2a80af777483941066/vid624f1908a999d219076734.mp4/ 435 KB
436 KB 43ms
42ms XHR
video/mp2t 2600:9000:2156:ec00:1:6448:6d00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://video.primis.tech/uploads/cn19/video/users/hls/30875/video_618a2a80af777483941066/vid624f1908a999d219076734.mp4/w_480_00004.ts
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_3.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ec00:1:6448:6d00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 496a37acf00c2645d0aa20ce8b47649ab1a69c25405581e633863562ea84cb3a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Sun, 05 Jun 2022 10:22:29 GMT
via: 1.1 d34a6ddcccee7396488ec5eb47b67a4a.cloudfront.net (CloudFront), 1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront)
age: 62616
x-cache: Hit from cloudfront
content-length: 444996
last-modified: Thu, 07 Apr 2022 17:47:57 GMT
server: nginx
etag: "a046f61125ba9835227174d1fea62083"
access-control-max-age: 604800
access-control-allow-methods: GET, HEAD
content-type: video/mp2t
access-control-allow-origin: *
cache-control: max-age=1209600
x-amz-cf-pop: BRU50-C1, FRA50-C1
accept-ranges: bytes
x-amz-cf-id: aRmc2tthPq3OzF3WNgdT4-m1Pk9QeBvtPrmRvUlIO5_UNRI1UIckLA==
expires: Sun, 19 Jun 2022 10:22:29 GMT

GET
H2 200 w_480_00005.ts Show response
video.primis.tech/uploads/cn19/video/users/hls/30875/video_618a2a80af777483941066/vid624f1908a999d219076734.mp4/ 363 KB
364 KB 43ms
43ms XHR
video/mp2t 2600:9000:2156:ec00:1:6448:6d00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://video.primis.tech/uploads/cn19/video/users/hls/30875/video_618a2a80af777483941066/vid624f1908a999d219076734.mp4/w_480_00005.ts
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_3.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ec00:1:6448:6d00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 9c62df3df6d4f3b6847a67ac25a7b67f0bcffad2ef370caca888f6cfb88ec98e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Sun, 05 Jun 2022 10:22:30 GMT
via: 1.1 9099794184e0cace0bb57c49a112df52.cloudfront.net (CloudFront), 1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront)
age: 62615
x-cache: Hit from cloudfront
content-length: 371488
last-modified: Thu, 07 Apr 2022 17:47:57 GMT
server: nginx
etag: "cd6e2ccfe213127646c5fce382c5ddc2"
access-control-max-age: 604800
access-control-allow-methods: GET, HEAD
content-type: video/mp2t
access-control-allow-origin: *
cache-control: max-age=1209600
x-amz-cf-pop: BRU50-C1, FRA50-C1
accept-ranges: bytes
x-amz-cf-id: y7cUs1m4pggk5O3Q9yKEaOM1AcNqBlmHmpgkajYB1HRo1_5BgOWCgw==
expires: Sun, 19 Jun 2022 10:22:30 GMT

GET
H2

200

img
ih.adscale.de/sium/4217fb758ef84aa083454f611d8fc583/1654487165568/0/ Frame 8EAD
Redirect Chain

https://track.adform.net/serving/cookie/match/?party=9&uid=febec25e0d0a4e3be2ca406383fe14f6effc92d3a87ba35164b3d2cb13b863ec&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F4217fb758ef84aa083454f...
https://track.adform.net/serving/cookie/match/?CC=1&party=9&uid=febec25e0d0a4e3be2ca406383fe14f6effc92d3a87ba35164b3d2cb13b863ec&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F4217fb758ef84aa08...
https://ih.adscale.de/sium/4217fb758ef84aa083454f611d8fc583/1654487165568/0/img?tpid=42&gdpr=0&tpuid=8361669292563733058

49 B
569 B

44ms
43ms

Image
image/gif

18.198.98.208
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/4217fb758ef84aa083454f611d8fc583/1654487165568/0/img?tpid=42&gdpr=0&tpuid=8361669292563733058
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Server: 18.198.98.208 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-98-208.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:07 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:07 GMT
server: nginx
location: https://ih.adscale.de/sium/4217fb758ef84aa083454f611d8fc583/1654487165568/0/img?tpid=42&gdpr=0&tpuid=8361669292563733058
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 sync Show response
eb2.3lift.com/ Frame F39D 37 B
139 B 43ms
42ms Document
image/gif 13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?gdpr=true&
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.6.18.0_5.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif
date: Mon, 06 Jun 2022 03:46:07 GMT

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame FBE9 15 KB
6 KB 47ms
46ms Document
text/html 104.102.28.254
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=1&gdpr_consent=
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.6.18.0_5.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.102.28.254 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-102-28-254.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=94156
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Mon, 06 Jun 2022 03:46:07 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Tue, 07 Jun 2022 05:55:23 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache/2.2.15 (CentOS)
vary: Accept-Encoding

GET
H2

200

img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame 8EAD
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=17&p=32&cp=adscale&url=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D40%26tpuid%3D%40%40CRITEO_USERID%40%40&u...
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=3404d6f6-3226-4511-94fc-0ef6e516c5f4&gdpr=0

49 B
591 B

41ms
40ms

Image
image/gif

18.198.98.208
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=3404d6f6-3226-4511-94fc-0ef6e516c5f4&gdpr=0
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Server: 18.198.98.208 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-98-208.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:07 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:07 GMT
server: Kestrel
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=3404d6f6-3226-4511-94fc-0ef6e516c5f4&gdpr=0
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1617991
content-length: 0
expires: Mon, 06 Jun 2022 00:00:00 GMT

GET
H2

200

img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame 8EAD
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D39%26tpuid%3D%5BMM_UUID%5D&uid=6055184a449ee7dc3027690e...
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=02fe629d-787f-4200-b567-9fe0cd08841e&gdpr=0&gdpr_consent=

49 B
634 B

41ms
41ms

Image
image/gif

18.198.98.208
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=02fe629d-787f-4200-b567-9fe0cd08841e&gdpr=0&gdpr_consent=
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Server: 18.198.98.208 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-98-208.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:07 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

Date: Mon, 06 Jun 2022 03:46:07 GMT
Server: MT3 4419 e1034d5 master nrt-pixel-x10 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=02fe629d-787f-4200-b567-9fe0cd08841e&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 06 Jun 2022 03:46:06 GMT

GET
H2

200

img
ih.adscale.de/sium/4217fb758ef84aa083454f611d8fc583/1654487165568/0/ Frame 8EAD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_sc&uid=1c8f7165e482aca1d839a634b92074e729f63bb32b2d043c150587cd54df1786&tpid=38&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F421...
https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm=&google_sc=&uid=1c8f7165e482aca1d839a634b92074e729f63bb32b2d043c150587cd54df1786&tpid=38&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F4...
https://ih.adscale.de/sium/4217fb758ef84aa083454f611d8fc583/1654487165568/0/img?uid=1c8f7165e482aca1d839a634b92074e729f63bb32b2d043c150587cd54df1786&tpid=38&gdpr=0&tpuid=CAESECjRV0Q1Wq-bvr1J9GwmURo...

49 B
652 B

41ms
40ms

Image
image/gif

18.198.98.208
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/4217fb758ef84aa083454f611d8fc583/1654487165568/0/img?uid=1c8f7165e482aca1d839a634b92074e729f63bb32b2d043c150587cd54df1786&tpid=38&gdpr=0&tpuid=CAESECjRV0Q1Wq-bvr1J9GwmURo&google_cver=1
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Server: 18.198.98.208 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-98-208.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:08 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:08 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ih.adscale.de/sium/4217fb758ef84aa083454f611d8fc583/1654487165568/0/img?uid=1c8f7165e482aca1d839a634b92074e729f63bb32b2d043c150587cd54df1786&tpid=38&gdpr=0&tpuid=CAESECjRV0Q1Wq-bvr1J9GwmURo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 424
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

js Show response
ih.adscale.de/sium/4217fb758ef84aa083454f611d8fc583/1654487165568/0/ Frame 8EAD
Redirect Chain

https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=c8e3e85b7d5a0dded419140aeb3644c92d8f754c224f065e7283fc5a0037ac62&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F4217fb758ef84a...
https://tracking-a.dsp.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=c8e3e85b7d5a0dded419140aeb3644c92d8f754c224f065e7283fc5a0037ac62&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F4217fb75...
https://ih.adscale.de/sium/4217fb758ef84aa083454f611d8fc583/1654487165568/0/js?tpid=48&tpuid=704e91fbb9133e6337f5ec8bc52357ae

44 B
596 B

45ms
44ms

Script
text/javascript

18.198.98.208
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/sium/4217fb758ef84aa083454f611d8fc583/1654487165568/0/js?tpid=48&tpuid=704e91fbb9133e6337f5ec8bc52357ae
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Server: 18.198.98.208 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-98-208.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 91f746d77981bec47cafc5a1f89b602f812f6b012ccea776024b8d410cdc6eb2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 03:46:08 GMT
p3p: CP=NOI PSA OUR
content-length: 44
content-type: text/javascript

Redirect headers

location: https://ih.adscale.de/sium/4217fb758ef84aa083454f611d8fc583/1654487165568/0/js?tpid=48&tpuid=704e91fbb9133e6337f5ec8bc52357ae
date: Mon, 06 Jun 2022 03:46:08 GMT
content-type: text/plain; charset=utf-8
content-length: 147
vary: Accept
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

POST
H2 200 sium
ih.adscale.de/ Frame 8EAD 0
0 44ms
43ms Fetch
application/json 18.198.98.208
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/sium
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/match.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.98.208 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-98-208.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://ih.adscale.de
date: Mon, 06 Jun 2022 03:46:08 GMT
access-control-allow-credentials: true
access-control-allow-headers: x-openrtb-version
content-length: 0
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json

GET
H3 200 comments.php
www.facebook.com/v7.0/plugins/ Frame 7E32 0
0 66ms
66ms Document
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v7.0/plugins/comments.php?app_id=822150531210883&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df12f4fda068a194%26domain%3Dscreenrant.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fscreenrant.com%252Ff4e96614f6ba68%26relation%3Dparent.parent&container_width=0&count=true&height=100&href=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&locale=en_US&sdk=joey&version=v7.0&width=550

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=a5bf1a6363c7d2a2ce40fddb9f070b68

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-length: 0
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type: text/html;charset=utf-8
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 06 Jun 2022 03:46:08 GMT
expires: Sat, 01 Jan 2000 00:00:00 GMT
pragma: no-cache
priority: u=3,i
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
x-content-type-options: nosniff
x-fb-debug: /ou50S19tXoKGdYGkH3jYD+LECm8MKF7TggQjPh73OevtdvqT8SElvchEbVhNnPjMmsV05fz5a7U5lpLVPCaVw==
x-frame-options: DENY
x-xss-protection: 0

GET
H3 200 comments.php
www.facebook.com/v7.0/plugins/ Frame 5446 0
0 64ms
64ms Document
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v7.0/plugins/comments.php?app_id=822150531210883&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df7e4f749ffea%26domain%3Dscreenrant.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fscreenrant.com%252Ff4e96614f6ba68%26relation%3Dparent.parent&container_width=0&count=true&height=100&href=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&locale=en_US&sdk=joey&version=v7.0&width=550

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=a5bf1a6363c7d2a2ce40fddb9f070b68

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-length: 0
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type: text/html;charset=utf-8
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 06 Jun 2022 03:46:08 GMT
expires: Sat, 01 Jan 2000 00:00:00 GMT
pragma: no-cache
priority: u=0
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
x-content-type-options: nosniff
x-fb-debug: XotJvm23o1zyLS1XFioXf0WbfT7wk/j0xHthc4aPuuk1ezG3RbJAnqgMX0voJkAR5NIFMltgoKGOE5TTgJjCwQ==
x-frame-options: DENY
x-xss-protection: 0

GET
H3 200 comments.php
www.facebook.com/v7.0/plugins/ Frame E4B4 0
0 64ms
63ms Document
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v7.0/plugins/comments.php?app_id=822150531210883&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2e0a5df0a196bc%26domain%3Dscreenrant.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fscreenrant.com%252Ff4e96614f6ba68%26relation%3Dparent.parent&container_width=419&height=100&href=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&locale=en_US&numposts=3&sdk=joey&version=v7.0&width=

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=a5bf1a6363c7d2a2ce40fddb9f070b68

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-length: 0
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type: text/html;charset=utf-8
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 06 Jun 2022 03:46:08 GMT
expires: Sat, 01 Jan 2000 00:00:00 GMT
pragma: no-cache
priority: u=0
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
x-content-type-options: nosniff
x-fb-debug: ufG4fnr5HwMFsJ4R9YsOZpvn79KYBCNrPGmK6ntQt34Nyz+20vUhN9Ea2amXS2STENkoVYzWoIuBaNcMv79xkw==
x-frame-options: DENY
x-xss-protection: 0

POST
H2 200 liveMatching.php Show response
live.primis.tech/live/ Frame 8808 0
396 B 245ms
165ms XHR
text/html 2600:9000:2156:ea00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveMatching.php
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30362D30365F30367D7B7331363735303030327D7B4335377D7B5363334974636D566E4C5739795A31397A59334A6C5A573579595735304C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583630307D7B593333387D7B66317D7B4C31313434347DFEFE&userIpAddr=2a01%3A4a0%3A1338%3A92%3A%3A10&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F102.0.5005.61+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=5&sdkv=&isSinglePageFloatSupport=0&csuuid=629d787b41c87&debugInfo=16750002_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=16750002&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2a52pqmrtyjz&secondaryContent=&x=600&y=338&pubUrl=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=0&flow_bottomOffset=0&impGap=1&flow_width=340&flow_height=192&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=51.2993&geoLong=9.491&vpTemplate=11444&flowMode=seenboth&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=sr-reg-org_screenrant.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ea00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:09 GMT
via: 1.1 5721f7035c3fc934bd3f96dbb04ba1e4.cloudfront.net (CloudFront)
server: nginx
age: 0
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-store
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: buPaSs70i-k4wvGknNc7QrjF0vuR2xKgrW87xHePT2zmZLCiGx1nlw==

GET
H2 200 liveView.php
live.primis.tech/live/ 0
355 B 72ms
71ms Image
text/html 2600:9000:2156:ea00:1a:5235:f980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveView.php?hash=ozcmPTEznXRiPTEzqzyxX2V2ZW50PTI1JaNypaZypyRcoWU9MTY1NDQ4NmE2MlZ2nWRspGkurWVlVzVlPTMhMS4jJaM9MTA4NTA4JaN0YT0jJat9NwAjJax9MmM4JaZcZF9jYXNmRG9gYWyhPXNwpzVyoaJuoaQhY29gJaN1YxyxPXNlLXJyZl1ipzqsp2NlZWVhpzFhqC5wo20zZGVvqWqJozZipz1uqGyiow0znXNBpHA9MCZmZGg2PSZ1p2VlSXBBZGRlPTJuMDEyM0E0YTAyM0EkMmM4JTNBOTIyM0EyM0EkMCZ1p2VlVUE9TW96nWkfYSUlRwUhMCUlMCUlOFqcozRiq3MyMwBOVCUlMDEjLwAyM0IyMwBXnW42NCUmQvUlMHt2NCUlOSUlMEFjpGkyV2VvS2y0JTJGNTM3LwM2JTIjJTI4S0uUTUjyMxMyMwBfnWgyJTIjR2Vwn28yMwxyMwBDnHJioWUyMxYkMDIhMC41MDA1LwYkJTIjU2FzYXJcJTJGNTM3LwM2JzNmqXVcZD02MwyxNmt3YwQkYmt3JzNioaRyoaRGnWkySWQ9MCZgZWRcYVBfYXyMnXN0SWQ9MCZgZWRcYUkcp3RJZD0jJzR1pw04MDAzZ2Rjpw0kJzqxpHJDo25mZW50PSZcp1qyUGFmp0qxpHI9MCZwY3BuPTAzY2NjYUNioaNyoaQ9JzNvqXN0ZXI9MTY1NDQ4NmE3MwI4MSZ1nWQ9U2VenW5xo1NQoGF5ZXI2MwyxNmt3Ywt1ZGI5JaB1YyVloD1bqHRjplUmQSUlRvUlRaNwpzVyoaJuoaQhY29gJTJGp2uupzgvo3QgoWFfq2FlZS1uozRlo2yxLWFjpHMgY3JyZGVhqGyuoHMgYzFhn2yhZl1cozZipz1uqGyiovUlRvZzoG9uqFN0YXR1pm1zYWkmZSZynWRmpD1jpzVvnWQ=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ea00:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:11 GMT
via: 1.1 632ee301c4920b52f2463aa9e978c57e.cloudfront.net (CloudFront)
server: nginx
age: 0
x-cache: Miss from cloudfront
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-store
x-amz-cf-pop: FRA50-C1
content-type: text/html; charset=UTF-8
x-amz-cf-id: qwHxVMn2jn0SaxmwqcY151i8hzMm7ycZxImo05OYqJpgCmFp2PNwTw==

OPTIONS
H2 200 v2
e.serverbid.com/api/ Frame 0
0 499ms
113ms Preflight 159.89.246.130

General

Check archive.org

Show headers Download Go to

Full URL: https://e.serverbid.com/api/v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 159.89.246.130 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://screenrant.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://screenrant.com
access-control-max-age: 10080
content-length: 0
date: Mon, 06 Jun 2022 03:46:14 GMT

OPTIONS
H2 200 v2
e.serverbid.com/api/ Frame 0
0 500ms
114ms Preflight 159.89.246.130

General

Check archive.org

Show headers Download Go to

Full URL: https://e.serverbid.com/api/v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 159.89.246.130 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://screenrant.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://screenrant.com
access-control-max-age: 10080
content-length: 0
date: Mon, 06 Jun 2022 03:46:14 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 78 B
408 B 304ms
154ms XHR
text/javascript 104.92.100.195

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?v=7.2&s=231477&fn=headertag.IndexExchangeHtb.adResponseCallback&sd=1&r=%7B%22id%22%3A%2287400515%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F%22%7D%2C%22imp%22%3A%5B%7B%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22sid%22%3A%2214%22%2C%22siteID%22%3A%22231490%22%7D%7D%5D%7D%2C%22id%22%3A%221%22%7D%2C%7B%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A600%2C%22ext%22%3A%7B%22sid%22%3A%2241%22%2C%22siteID%22%3A%22355815%22%7D%7D%5D%7D%2C%22id%22%3A%222%22%7D%2C%7B%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22sid%22%3A%224%22%2C%22siteID%22%3A%22231480%22%7D%7D%5D%7D%2C%22id%22%3A%223%22%7D%2C%7B%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22sid%22%3A%224%22%2C%22siteID%22%3A%22231480%22%7D%7D%5D%7D%2C%22id%22%3A%224%22%7D%2C%7B%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22sid%22%3A%2243%22%2C%22siteID%22%3A%22673761%22%7D%7D%5D%7D%2C%22id%22%3A%225%22%7D%2C%7B%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22sid%22%3A%223%22%2C%22siteID%22%3A%22231479%22%7D%7D%5D%7D%2C%22id%22%3A%226%22%7D%2C%7B%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22sid%22%3A%223%22%2C%22siteID%22%3A%22231479%22%7D%7D%5D%7D%2C%22id%22%3A%227%22%7D%2C%7B%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22sid%22%3A%2214%22%2C%22siteID%22%3A%22231490%22%7D%7D%5D%7D%2C%22id%22%3A%228%22%7D%5D%2C%22ext%22%3A%7B%22source%22%3A%22ixwrapper%22%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A1%2C%22us_privacy%22%3A%221---%22%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%2C%22at%22%3A1%7D
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184735-252190346293640.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.92.100.195 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: a565b1d8f9920cf9fdf6684654da4c6456ef184a086e9a0ffe8431da54403147

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:14 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[DE], RC:[BY], CN:[EU], CIP:[80.255.7.108], XFF:[]
server: Apache
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: https://screenrant.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 96
x-ak-client-geo: 12
expires: Mon, 06 Jun 2022 03:46:14 GMT

POST
H2 200 v2 Show response
e.serverbid.com/api/ 16 B
202 B 442ms
209ms XHR
application/json 159.89.246.130

General

Check archive.org

Show headers Download Go to

Full URL: https://e.serverbid.com/api/v2
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184735-252190346293640.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 159.89.246.130 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 903eb8f1cc364e01930ba03579f049a72794aa91d1a5842a2edb6365e436bb7c

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 06 Jun 2022 03:46:14 GMT
content-encoding: gzip
access-control-max-age: 10080
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://screenrant.com
access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept
content-length: 42

POST
H2 200 v2 Show response
e.serverbid.com/api/ 16 B
388 B 440ms
208ms XHR
application/json 159.89.246.130

General

Check archive.org

Show headers Download Go to

Full URL: https://e.serverbid.com/api/v2
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184735-252190346293640.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 159.89.246.130 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 903eb8f1cc364e01930ba03579f049a72794aa91d1a5842a2edb6365e436bb7c

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 06 Jun 2022 03:46:14 GMT
content-encoding: gzip
access-control-max-age: 10080
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://screenrant.com
access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept
content-length: 42

GET
H2 200 auction Show response
tlx.3lift.com/header/ 2 KB
2 KB 133ms
132ms XHR
application/json 18.184.69.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?inv_code=sr_d_atf_midarticle_rec_index&lib=ix&size=728x90&referrer=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&v=2.1.2&tmax=1000&gdpr=true&cmp_cs=&us_privacy=1---

Requested by

Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184735-252190346293640.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.184.69.62 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-184-69-62.eu-central-1.compute.amazonaws.com

Software

Resource Hash

9dc51408f48d3b48cc173d0259e5e736886aa6822ca2fe919a6069c6d2780700

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:13 GMT
content-encoding: gzip
accept-ch: sec-ch-viewport-width,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-dpr,sec-ch-device-memory,sec-ch-save-data,sec-ch-ua-mobile,sec-ch-downlink,user-agent,sec-ch-ect,sec-ch-width,sec-ch-prefers-color-scheme,sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-arch,sec-ch-rtt,sec-ch-viewport-height,sec-ch-ua-platform
content-type: application/json; charset=utf-8
access-control-allow-origin: https://screenrant.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 1385
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H2 200 auction Show response
tlx.3lift.com/header/ 14 KB
5 KB 129ms
128ms XHR
application/json 18.184.69.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?inv_code=sr_d_rrail_rec_index&lib=ix&size=300x600&referrer=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&v=2.1.2&tmax=1000&gdpr=true&cmp_cs=&us_privacy=1---

Requested by

Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184735-252190346293640.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.184.69.62 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-184-69-62.eu-central-1.compute.amazonaws.com

Software

Resource Hash

ede61ef231e68c691902c7af20b365af3d387ec5cc3d29a18244ea804bcccd34

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:13 GMT
content-encoding: gzip
accept-ch: sec-ch-viewport-width,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-dpr,sec-ch-device-memory,sec-ch-save-data,sec-ch-ua-mobile,sec-ch-downlink,user-agent,sec-ch-ect,sec-ch-width,sec-ch-prefers-color-scheme,sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-arch,sec-ch-rtt,sec-ch-viewport-height,sec-ch-ua-platform
content-type: application/json; charset=utf-8
access-control-allow-origin: https://screenrant.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 5051
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
505 B 123ms
122ms XHR
application/json 18.184.69.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?inv_code=screenrant_general_hdx_header&lib=ix&size=300x250&referrer=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&v=2.1.2&tmax=1000&gdpr=true&cmp_cs=&us_privacy=1---

Requested by

Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184735-252190346293640.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.184.69.62 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-184-69-62.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:13 GMT
accept-ch: sec-ch-ua-arch,sec-ch-rtt,sec-ch-viewport-height,sec-ch-ua-platform,sec-ch-viewport-width,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-dpr,sec-ch-device-memory,sec-ch-save-data,sec-ch-ua-mobile,sec-ch-downlink,user-agent,sec-ch-ect,sec-ch-width,sec-ch-prefers-color-scheme,sec-ch-ua-bitness,sec-ch-ua
content-type: application/json; charset=utf-8
access-control-allow-origin: https://screenrant.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
505 B 85ms
84ms XHR
application/json 18.184.69.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184735-252190346293640.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.184.69.62 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-184-69-62.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:13 GMT
accept-ch: sec-ch-ect,user-agent,sec-ch-downlink,sec-ch-ua-mobile,sec-ch-save-data,sec-ch-device-memory,sec-ch-dpr,sec-ch-ua-full-version,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-viewport-width,sec-ch-ua-platform,sec-ch-viewport-height,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua,sec-ch-ua-bitness,sec-ch-prefers-color-scheme,sec-ch-width
content-type: application/json; charset=utf-8
access-control-allow-origin: https://screenrant.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H2 200 auction Show response
tlx.3lift.com/header/ 10 KB
6 KB 90ms
89ms XHR
application/json 18.184.69.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?inv_code=screenrant_general_hdx_header&lib=ix&size=728x90&referrer=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&v=2.1.2&tmax=1000&gdpr=true&cmp_cs=&us_privacy=1---

Requested by

Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184735-252190346293640.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.184.69.62 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-184-69-62.eu-central-1.compute.amazonaws.com

Software

Resource Hash

1be30b867aaa2059eda8253e9ef419f8af7f89a106bee1bf0099664255d701a5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:13 GMT
content-encoding: gzip
accept-ch: sec-ch-ua-arch,sec-ch-rtt,sec-ch-viewport-height,sec-ch-ua-platform,sec-ch-viewport-width,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-dpr,sec-ch-device-memory,sec-ch-save-data,sec-ch-ua-mobile,sec-ch-downlink,user-agent,sec-ch-ect,sec-ch-width,sec-ch-prefers-color-scheme,sec-ch-ua-bitness,sec-ch-ua
content-type: application/json; charset=utf-8
access-control-allow-origin: https://screenrant.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 5174
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H2 200 auction Show response
tlx.3lift.com/header/ 2 KB
2 KB 91ms
90ms XHR
application/json 18.184.69.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?inv_code=sr_d_btf_midarticle_rec_index&lib=ix&size=300x250&referrer=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&v=2.1.2&tmax=1000&gdpr=true&cmp_cs=&us_privacy=1---

Requested by

Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184735-252190346293640.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.184.69.62 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-184-69-62.eu-central-1.compute.amazonaws.com

Software

Resource Hash

9009c4b4af952bc092aeb66f72dbbbc7f27850c373a0ec5c86f27d900dad3a62

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:13 GMT
content-encoding: gzip
accept-ch: sec-ch-ua-platform-version,sec-ch-viewport-width,sec-ch-ua-platform,sec-ch-viewport-height,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua,sec-ch-ua-bitness,sec-ch-prefers-color-scheme,sec-ch-width,sec-ch-ect,user-agent,sec-ch-downlink,sec-ch-ua-mobile,sec-ch-save-data,sec-ch-device-memory,sec-ch-dpr,sec-ch-ua-full-version,sec-ch-ua-model
content-type: application/json; charset=utf-8
access-control-allow-origin: https://screenrant.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 1410
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H2 200 auction Show response
tlx.3lift.com/header/ 2 KB
2 KB 132ms
131ms XHR
application/json 18.184.69.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184735-252190346293640.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.184.69.62 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-184-69-62.eu-central-1.compute.amazonaws.com

Software

Resource Hash

781edb6cf09aa32adacb124cbfb6d0565958f7306a14f4d57b3b1b57c00dc29c

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:13 GMT
content-encoding: gzip
accept-ch: sec-ch-dpr,sec-ch-device-memory,sec-ch-save-data,sec-ch-ua-mobile,sec-ch-downlink,user-agent,sec-ch-ect,sec-ch-width,sec-ch-prefers-color-scheme,sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-arch,sec-ch-rtt,sec-ch-viewport-height,sec-ch-ua-platform,sec-ch-viewport-width,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://screenrant.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 1413
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H2 200 auction Show response
tlx.3lift.com/header/ 2 KB
2 KB 236ms
236ms XHR
application/json 18.184.69.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184735-252190346293640.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.184.69.62 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-184-69-62.eu-central-1.compute.amazonaws.com

Software

Resource Hash

2d177713c5f7170c383400672ec4154a0517ce1bad9b48beb2a8ccf1c0b9b7e5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 06 Jun 2022 03:46:14 GMT
content-encoding: gzip
accept-ch: sec-ch-viewport-width,sec-ch-ua-platform,sec-ch-viewport-height,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua,sec-ch-ua-bitness,sec-ch-prefers-color-scheme,sec-ch-width,sec-ch-ect,user-agent,sec-ch-downlink,sec-ch-ua-mobile,sec-ch-save-data,sec-ch-device-memory,sec-ch-dpr,sec-ch-ua-full-version,sec-ch-ua-model,sec-ch-ua-platform-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://screenrant.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 1390
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 56 KB
14 KB 192ms
192ms XHR
application/json 185.33.221.89
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184735-252190346293640.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.89 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

719.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

94c72384df824fa3157c5fe609dd819b2a27358b4212ca594fba6630003e00fb

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 06 Jun 2022 03:46:13 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 80.255.7.108; 80.255.7.108; 719.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 13b2770e-9953-466b-910c-46ead5e68c77
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://screenrant.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 45 KB
12 KB 242ms
144ms XHR
application/json 185.33.221.89
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184735-252190346293640.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.89 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

719.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

aafb77a1daf68d28e980b4b3ed19c12e675814eb165628bcb7dc4974e7b60011

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 06 Jun 2022 03:46:14 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 80.255.7.108; 80.255.7.108; 719.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: aaf4b597-e468-450e-88da-7b20a088b1ed
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://screenrant.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 443ms
297ms XHR
application/json 18.156.195.47

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9691cd017979a82a0baa7aeb85005b&pos=screenrant268desktopatf728x90&secure=1&gdpr=1&us_privacy=1---
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184735-252190346293640.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 -, , ASN (),
Reverse DNS
Software: ATS/9.1.0.46 /
Resource Hash: 75ab6b62cdc2a021dbfee337e3b964e11195a89091ea91eeae0a31eecd223130

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Mon, 06 Jun 2022 03:46:14 GMT
server: ATS/9.1.0.46
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://screenrant.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 254ms
109ms XHR
application/json 18.156.195.47

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9691cd017979a82a0baa7aeb85005b&pos=screenrant281desktopbtf300x600&secure=1&gdpr=1&us_privacy=1---
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184735-252190346293640.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 -, , ASN (),
Reverse DNS
Software: ATS/9.1.0.46 /
Resource Hash: 71579aa544a82f7af6a8263d945a3b176ed02309385c80eafdc7227574e781b1

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Mon, 06 Jun 2022 03:46:14 GMT
server: ATS/9.1.0.46
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://screenrant.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 257ms
112ms XHR
application/json 18.156.195.47

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9691cd017979a82a0baa7aeb85005b&pos=screenrant274desktopbtf300x250&secure=1&gdpr=1&us_privacy=1---
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184735-252190346293640.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 -, , ASN (),
Reverse DNS
Software: ATS/9.1.0.46 /
Resource Hash: d8da3ac6100c06c3daf7fe6cd8fb0188bfe3733520174d70cc648b1b6934d6a4

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Mon, 06 Jun 2022 03:46:14 GMT
server: ATS/9.1.0.46
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://screenrant.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 251ms
107ms XHR
application/json 18.156.195.47

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9691cd017979a82a0baa7aeb85005b&pos=screenrant274desktopbtf300x250&secure=1&gdpr=1&us_privacy=1---
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184735-252190346293640.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 -, , ASN (),
Reverse DNS
Software: ATS/9.1.0.46 /
Resource Hash: 25539169b9351af0676af0f824672ed3d432b138633adb2f40856b25422f5a85

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Mon, 06 Jun 2022 03:46:14 GMT
server: ATS/9.1.0.46
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://screenrant.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 249ms
105ms XHR
application/json 18.156.195.47

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9691cd017979a82a0baa7aeb85005b&pos=screenrant306desktopatf728x90&secure=1&gdpr=1&us_privacy=1---
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184735-252190346293640.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 -, , ASN (),
Reverse DNS
Software: ATS/9.1.0.46 /
Resource Hash: 9e163fa5175f2a93be4acd78a5e971dae5bfa46e420d843b7ca1c9e8bc0745e9

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Mon, 06 Jun 2022 03:46:14 GMT
server: ATS/9.1.0.46
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://screenrant.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 247ms
103ms XHR
application/json 18.156.195.47

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9691cd017979a82a0baa7aeb85005b&pos=screenrant271desktopbtf300x250&secure=1&gdpr=1&us_privacy=1---
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184735-252190346293640.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 -, , ASN (),
Reverse DNS
Software: ATS/9.1.0.46 /
Resource Hash: e1317583fa122d5a065863fc0960dd97cac5b32ee22ee2ff0a233162ebfd76a2

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Mon, 06 Jun 2022 03:46:14 GMT
server: ATS/9.1.0.46
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://screenrant.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 259ms
115ms XHR
application/json 18.156.195.47

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9691cd017979a82a0baa7aeb85005b&pos=screenrant271desktopbtf300x250&secure=1&gdpr=1&us_privacy=1---
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184735-252190346293640.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 -, , ASN (),
Reverse DNS
Software: ATS/9.1.0.46 /
Resource Hash: 3f2d61be4db24413efdd0c22a668d8d50eb33fa2236581963f329333deee62a2

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Mon, 06 Jun 2022 03:46:14 GMT
server: ATS/9.1.0.46
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://screenrant.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
291 B 244ms
101ms XHR
application/json 18.156.195.47

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9691cd017979a82a0baa7aeb85005b&pos=screenrant268desktopatf728x90&secure=1&gdpr=1&us_privacy=1---
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184735-252190346293640.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 -, , ASN (),
Reverse DNS
Software: ATS/9.1.0.46 /
Resource Hash: 0289dafef680dc1d47d6278f42eb300b7535b731691d63c4192040e8a7e22ea2

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Mon, 06 Jun 2022 03:46:14 GMT
server: ATS/9.1.0.46
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://screenrant.com
access-control-allow-credentials: true
content-length: 62

POST
H/1.1 200
OK headerstats Show response
as-sec.casalemedia.com/ 0
427 B 201ms
58ms XHR
text/plain 104.102.29.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/headerstats?s=231477&u=https%3A%2F%2Fscreenrant.com%2Fsharkbot-malware-android-apps-credentials-banking-information%2F&v=3
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184735-252190346293640.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.102.29.65 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-102-29-65.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Mon, 06 Jun 2022 03:46:14 GMT
X-AK-INITIAL-GEO: CC:[DE], RC:[BY], CN:[EU], CIP:[80.255.7.108], XFF:[]
Server: Apache
Access-Control-Allow-Origin: https://screenrant.com
X-CS-CLIENT-GEO: 12
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
X-AK-CLIENT-GEO: 12
Expires: Mon, 06 Jun 2022 03:46:14 GMT

Verdicts & Comments Add Verdict or Comment

174 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

44 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
screenrant.com/	1969-12-31 23:59:59	Name: viewType Value: direct
.screenrant.com/	1970-01-20 12:20:23	Name: usprivacy Value: 1---
.ad.gt/	1970-01-20 03:36:13	Name: au_idmatch Value: eyJhcG4iOiAxNjU0NDg3MTYzNjg1LCAidHRkIjogMTY1NDQ4NzE2MzY4NSwgInB1YiI6IDE2NTQ0ODcxNjM2ODUsICJhZHgiOiAxNjU0NDg3MTYzNjg1LCAiZ29vIjogMTY1NDQ4NzE2MzY4NSwgIm1lZGlhbWF0aCI6IDE2NTQ0ODcxNjM2ODUsICJ1bnJ1bHkiOiAxNjU0NDg3MTYzNjg1LCAib3BlbngiOiAxNjU0NDg3MTYzNjg1LCAicnViIjogMTY1NDQ4NzE2MzY4NSwgImFkbyI6IDE2NTQ0ODcxNjM2ODUsICJiZWVzIjogMTY1NDQ4NzE2MzY4NSwgInNtYXJ0IjogMTY1NDQ4NzE2MzY4NSwgImltcHIiOiAxNjU0NDg3MTYzNjg1LCAic29uIjogMTY1NDQ4NzE2MzY4NSwgInRhYm9vbGEiOiAxNjU0NDg3MTYzNjg1LCAicHBudCI6IDE2NTQ0ODcxNjM2ODV9
.screenrant.com/	1970-01-20 05:44:23	Name: _fbp Value: fb.1.1654487164231.1187602872
.screenrant.com/	1970-01-20 12:20:23	Name: _au_1d Value: AU1D-0100-001654487164-X4IFXS76-OF8K
.screenrant.com/	1970-01-20 03:34:50	Name: AMP_TOKEN Value: %24NOT_FOUND
.screenrant.com/	1970-01-20 21:05:59	Name: _ga Value: GA1.2.2067551132.1654487164
.screenrant.com/	1970-01-20 03:36:13	Name: _gid Value: GA1.2.1657221140.1654487164
.screenrant.com/	1970-01-20 03:34:47	Name: _gat Value: 1
.yahoo.com/	1970-01-20 12:20:44	Name: A3 Value: d=AQABBHx4nWICEBQhB6MXhvD7PZQrIeD3iqoFEgEBAQHJnmKnYgAAAAAA_eMAAA&S=AQAAAtRRbjn9Z3nOqQqeHN-wCn0
.adnxs.com/	1970-01-20 05:44:23	Name: uuid2 Value: 3971180447162116942
.casalemedia.com/	1970-01-20 12:20:23	Name: CMID Value: Yp14fAc.l8-kJI4BXdpa1AAA
.casalemedia.com/	1970-01-20 05:44:23	Name: CMPS Value: 3267
.analytics.yahoo.com/	1970-01-20 12:20:23	Name: IDSYNC Value: 198j~25ar
screenrant.com/	1970-01-20 03:36:13	Name: _lr_geo_location Value: DE
.narrativ.com/	1970-01-20 16:43:54	Name: uid_bam Value: 1776492065989364759
.casalemedia.com/	1970-01-20 05:44:23	Name: CMPRO Value: 1119
.media.net/	1970-01-20 12:20:23	Name: data-pri Value: 629d787b41c87~~34
.spotxchange.com/	1970-01-20 12:20:23	Name: audience Value: 30d63879-e54b-11ec-8974-129210fe0006
.tremorhub.com/	1970-01-20 12:20:44	Name: tvid Value: ddb261b0913445c59c67aac62ffdb028
.creativecdn.com/	1970-01-20 12:20:23	Name: u Value: a2Ng8HM13xJCohjYcZTZ
.creativecdn.com/	1970-01-20 12:20:23	Name: ts Value: 1654487165
.screenrant.com/	1970-01-21 05:51:35	Name: _awl Value: 2.1654487165.0.5-a63deb7e1e133c2242eaec33b5bb480c-6763652d6575726f70652d7765737431-0
.360yield.com/	1970-01-20 05:44:23	Name: tuuid Value: 136811dd-f799-4d55-9cb4-ad33baa947c7
.360yield.com/	1970-01-20 05:44:23	Name: tuuid_lu Value: 1654487165
.adscale.de/	1970-01-20 12:17:03	Name: uu Value: 90965c3d5e514211bb86bfceb3905458
.mbid.marfeelrev.com/	1970-01-20 05:44:23	Name: uids Value: eyJ1aWRzIjp7fSwidGVtcFVJRHMiOnsiYWRueHMiOnsidWlkIjoiMzk3MTE4MDQ0NzE2MjExNjk0MiIsImV4cGlyZXMiOiIyMDIyLTA2LTIwVDAzOjQ2OjA1LjQ5MVoifSwiaW1wcm92ZWRpZ2l0YWwiOnsidWlkIjoiMTM2ODExZGQtZjc5OS00ZDU1LTljYjQtYWQzM2JhYTk0N2M3IiwiZXhwaXJlcyI6IjIwMjItMDYtMjBUMDM6NDY6MDUuMzk0WiJ9fSwiYmRheSI6IjIwMjItMDYtMDZUMDM6NDY6MDQuOTRaIn0=
.ibillboard.com/	1970-01-20 12:20:23	Name: ibbid Value: BBID-01-03292011658303345-16622424
.console.adtarget.com.tr/	1970-01-20 05:04:03	Name: a502624 Value: ${USER_ID}
.casalemedia.com/	1970-01-20 03:36:13	Name: CMST Value: Yp14fGKdeH0A
.console.adtarget.com.tr/	1970-01-20 05:04:03	Name: a307080 Value: a2Ng8HM13xJCohjYcZTZ
.console.adtarget.com.tr/	1970-01-20 05:04:03	Name: a544989 Value: ${USER_ID}
.console.adtarget.com.tr/	1970-01-20 05:04:03	Name: vmuid Value: b01b6e63a8849925
.console.adtarget.com.tr/	1970-01-20 05:04:03	Name: a307565 Value: 90965c3d5e514211bb86bfceb3905458
.adform.net/	1970-01-20 04:17:59	Name: C Value: 1
.adform.net/	1970-01-20 05:01:11	Name: uid Value: 8361669292563733058
.criteo.com/	1970-01-20 12:56:23	Name: uid Value: 3404d6f6-3226-4511-94fc-0ef6e516c5f4
.mathtag.com/	1970-01-20 13:00:42	Name: uuid Value: 02fe629d-787f-4200-b567-9fe0cd08841e
.doubleclick.net/	1970-01-20 12:56:23	Name: IDE Value: AHWqTUnpvemnyqkqaVGArzufH5zuH4P18LiABDUT7lAzbysjBWE4p46h5Z640usLyj8
.adscale.de/	1970-01-20 12:17:03	Name: cct Value: 1654487168246
.m6r.eu/	1970-01-20 03:34:50	Name: test Value: true
.m6r.eu/	1970-01-20 05:44:23	Name: cct Value: 1654487168707
.m6r.eu/	1970-01-20 05:44:23	Name: id Value: 704e91fbb9133e6337f5ec8bc52357ae
.ih.adscale.de/	1970-01-20 12:17:03	Name: tu Value: 4#3109703171#48~704e91fbb9133e6337f5ec8bc52357ae~459579~0~0#101~BBID-01-03292011658303345-16622424~459579~0~0#38~CAESECjRV0Q1Wq-bvr1J9GwmURo~459579~0~0#39~02fe629d-787f-4200-b567-9fe0cd08841e~459579~0~0#40~3404d6f6-3226-4511-94fc-0ef6e516c5f4~459579~0~0#42~8361669292563733058~459579~0~0#108~eb50629d-787f-4500-a574-e07ea982d81b~459579~0~0#63~Yp14fAc.l8-kJI4BXdpa1AAA&1119~459579~0~0

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://screenrant.com/sharkbot-malware-android-apps-credentials-banking-information/ Message: Refused to execute script from 'https://api.viglink.com/api/sync.js?key=df10cab76273c1045e8e961336f37c82&ccpaConsent=1---' because its MIME type ('image/gif') is not executable.
network	error	URL: https://api.rlcdn.com/api/identity?pid=2&rt=envelope Message: Failed to load resource: the server responded with a status of 451 ()
other	error	URL: chrome-error://chromewebdata/ Message: Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.
other	error	URL: chrome-error://chromewebdata/ Message: Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.
other	error	URL: chrome-error://chromewebdata/ Message: Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src * data: 'unsafe-eval' 'unsafe-inline' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.ad.gt
a.teads.tv
ad.360yield.com
ads.pubmatic.com
aloofvest.com
ampcid.google.com
ampcid.google.de
ap.lijit.com
api.narrativ.com
api.rlcdn.com
api.viglink.com
as-sec.casalemedia.com
at.teads.tv
ats.rlcdn.com
bbnaut.ibillboard.com
c.amazon-adsystem.com
c2shb.ssp.yahoo.com
cdn.id5-sync.com
cdn.viglink.com
cm.adform.net
cm.g.doubleclick.net
connect.facebook.net
creativecdn.com
cs.media.net
csync.loopme.me
dis.criteo.com
e.serverbid.com
eb2.3lift.com
events.release.narrativ.com
fonts.googleapis.com
fonts.gstatic.com
geo.privacymanager.io
hbopenbid.pubmatic.com
htlb.casalemedia.com
ib.adnxs.com
id.halo.ad.gt
ih.adscale.de
image6.pubmatic.com
images.getadmiral.com
js-sec.indexww.com
js.adscale.de
live.primis.tech
match.adsrvr.org
mb9eo.publishers.tremorhub.com
mbid.marfeelrev.com
p.ad.gt
pixel.rubiconproject.com
pixels.ad.gt
rtb.openx.net
s.console.adtarget.com.tr
scarfsmash.com
screenrant.com
search.spotxchange.com
secure.adnxs.com
secure.cdn.fastclick.net
securepubads.g.doubleclick.net
seg.ad.gt
ssum-sec.casalemedia.com
ssum.casalemedia.com
static.adsafeprotected.com
static.narrativ.com
static0.srcdn.com
static2.srcdn.com
static3.srcdn.com
stats.g.doubleclick.net
sync.console.adtarget.com.tr
sync.mathtag.com
sync.search.spotxchange.com
tag.1rx.io
tagan.adlightning.com
tlx.3lift.com
track.adform.net
tracking-a.dsp.m6r.eu
tracking.m6r.eu
u.openx.net
unpkg.com
ups.analytics.yahoo.com
video.primis.tech
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
103.229.205.243
104.102.28.254
104.102.29.65
104.36.113.23
104.89.28.165
104.89.31.187
104.92.100.195
108.138.4.10
13.248.245.213
142.250.185.226
143.204.98.49
148.251.135.181
15.197.193.217
159.89.246.130
178.250.0.163
18.156.0.31
18.156.195.47
18.184.69.62
18.198.98.208
18.203.97.155
18.209.251.242
18.65.39.61
18.66.122.10
184.87.212.24
185.184.8.90
185.33.221.89
185.33.221.90
185.94.180.124
185.94.180.125
204.237.133.116
213.19.147.43
216.52.2.19
216.58.212.162
23.227.139.243
23.227.146.18
23.35.229.56
23.88.75.187
2600:1f18:612b:4264:5a8d:94bc:2cf9:40df
2600:9000:2156:3600:8:48e:53c0:93a1
2600:9000:2156:7c00:f:4f64:8940:93a1
2600:9000:2156:ea00:1a:5235:f980:93a1
2600:9000:2156:ec00:1:6448:6d00:93a1
2606:4700:10::6816:2f51
2606:4700:10::ac43:25aa
2606:4700:3034::6815:4466
2606:4700::6810:7aaf
2606:4700::6810:a30d
2a00:1450:4001:800::2003
2a00:1450:4001:801::200e
2a00:1450:4001:802::2008
2a00:1450:4001:80b::200e
2a00:1450:4001:810::2003
2a00:1450:4001:827::200a
2a00:1450:4001:827::200e
2a00:1450:4001:829::2004
2a00:1450:4001:831::2002
2a00:1450:400c:c0d::9b
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
3.124.13.195
34.120.133.55
34.192.73.199
34.202.200.131
34.214.253.85
34.215.170.216
34.250.21.211
35.186.249.84
35.190.74.49
35.227.252.103
35.244.159.8
37.157.2.239
44.239.82.163
46.105.202.126
52.12.61.6
52.12.72.198
54.93.141.89
62.209.227.210
65.9.63.30
69.173.144.138
0289dafef680dc1d47d6278f42eb300b7535b731691d63c4192040e8a7e22ea2
038817395a0cb1971b5fcc8692109728e062490a435da27adac9702f0bf52f76
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
07f8fe57519d07fa235e70f14ecf4d280f994539ed285a9b9c24ac94acc752c9
0854ea2969c3bb3991b339091ef994c16adee7a56a424063d54dd9e258e04eac
0dabde244ca54751439b42b2bc6754887cf48d7d13835c2ed1fa37b253a4731a
1050117d227427739a7eab9087460aab08cde768ff982be42968074c804d1a99
1053cb045635da4470fdcee7e886e05f862d8e71ed782e8d3d7d7c0fde874bdd
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
13021e44e2f1d0c146464bd34139dca45c54e761d9806087ce3762117a79a200
13dc18598f971d1d020bfddd38898f0dd1fa1ce194ae2582c2b069d8ac39a2bc
154212eb976f7df7c79f5844fcb356740bcb6c51edacb2e8515108e2d7effa67
17666b4dddb53f0264ed5e27c891a182d940852447aca743f66dee60b9d0382b
1be30b867aaa2059eda8253e9ef419f8af7f89a106bee1bf0099664255d701a5
1eabadac42cf734244db7ffc1ccbe12580ef8574ca267ca2f106439d9eb6169e
2179307b3f0f1a14584e3c3bca37baaccdf0f4dd469483df5404c32bb59ef9f6
25031a9668a00a33aed54a5d7d92ce239f78b097a212c27c24fd5937e09e4633
25539169b9351af0676af0f824672ed3d432b138633adb2f40856b25422f5a85
2880fbb26ad5becd41ec25a5c37da351ac77225bbf30d5a9ab8accf5728591cf
28da1c861d903f7c583beeb324e2a1f6237bed86b3ad1231c149f7583200ce11
29ba76e50edca0dfeec3d26af642957eddf33817ca79256efe611922808d6641
2ad3e1ebf36f4d5375c097486e514befc0294cf035eb492965b32a3274e6fed0
2b5a06f8ed70991d7d7d152a8e5602fbe23cc2a6e94faeb19947ef867d0e951c
2d177713c5f7170c383400672ec4154a0517ce1bad9b48beb2a8ccf1c0b9b7e5
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f65b37814d674a38e2813bcb3fd9590d449087dfb30420deec70327fef7d1cc
33dfa806e2056c81aab1b2e46ba016313f5189d10e0b7c9a3e355b59bfada530
3516496d97f72bf509cf5d6902b5deebf53355ccb21127dc777d265cd96ca2d8
3b3ed4b191fdd529075b8e099f5daefd684e80acd4c9514a70b6ad746e949544
3f2d61be4db24413efdd0c22a668d8d50eb33fa2236581963f329333deee62a2
42080e8886b0375095dd9682c2c52392d77bcf2bd60f731adb4e942901381d52
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
443f923efa3236e548fef972cf8a8c68a819aa75af2ffd71cc68aa1e6d70035c
45767d3452a56be0180eed18ff44acd5e688dc5bbde2b77e1da29b326a180416
496a37acf00c2645d0aa20ce8b47649ab1a69c25405581e633863562ea84cb3a
4a9a6afeba8624295a87efaf0d3c76fa7a55271f310adffcfa683bccacc0fc5d
4b05d7f4339a505c65d2fcb1b21addd2a13a0c155ddf7ca766d1e7203b2b6cae
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
502ef097688d09580b38dcf3b5fe5b3f0edbf20eae84778a863e382c78c68ec8
503269dded73bca0163e5bf87351301696ff6b0f04e704354bcfe01fdeb7c3c1
515138cedf6ac4776653a8d117e4207be46fe50ce39b96cdbcf16ab99330ab02
52106a836385c1a28e56b524cb3a414e27d3d79864edf54b8de903dc6fe36867
52cdf93f534fa5624b941a56b164c1f8f94c4e2aa5155324f97dd15969f30e5b
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55590528f3843330e079ab923a28a2e8f95b47c9b38d413b98b019b244f6c9cc
5905fde036a5a7b3bc26d73a9c421c8796b0b02a85bf68c221d10f732b5b3474
59b37178f42e08d027c66d1a397822fd92f3ed94354e032bf93fc2ce7e2afd77
5b7c474f3282ff9cb5cdc13d6982a706b012f674a4ff33a8febbda9f13df43de
5bb08412d18881e3fc69fdb44226bfc6f66a77d45dfff3f10b98a100c09bc970
5fbf7f15d57880307b2e2522d549ae36a40cc53432866e16ad47a1b5beedf82e
616f41fbbcf44ba72bb9c97132871526164c81d78f56a15e04ece1a44eb5606a
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17
68dd49d9550aa445274496ef6e63ee82c80b1758f5a075570f3368ef0cc9e8e5
6dcb0c0071641df39ead02cf283ce592b99250a391b2ba69785e007150e2fc84
6e75948ee66bf6e7da9235ee5cecbda03fa7f592a3f08193757202be43d6cb38
6fd8aeb3e7a2f92a13af1180be7f8a43a615b9d8fdc114a80d7d5b144ef510bd
704ddb07cbacf102e9c2ce1ce43a3a0306704c149a6cf00fd6bd6a1fa98eb781
71579aa544a82f7af6a8263d945a3b176ed02309385c80eafdc7227574e781b1
71584995d2225408d58e5966f23b68264153f4a15f6b39f705821915bb6c235a
73073ed7160406dcfbe826dcabd7ec807cf2aa72afe0303424f518767120cf2e
75ab6b62cdc2a021dbfee337e3b964e11195a89091ea91eeae0a31eecd223130
76cf5d67b154644e0926c299dc6f871bee270d04abeadff81ba60821850dac54
77a3c182a3a1a4a092a2fcc719138a4526d40351d4e5553c6bedbe9d30dbc680
781edb6cf09aa32adacb124cbfb6d0565958f7306a14f4d57b3b1b57c00dc29c
7b6a77d9b4812f2cb80e6b9be02ac8c383911b010c4c95b8ec053fb62910e413
7cdbcbd9038cdf89efa9a53d9eeaf89a2fc0629baa2c32268a7b0eda97849d06
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7f5ecd17f7771e4d95d503848174b60b664c8d91f9acb4ca63581938c193fa1d
827b04a20e0b466a9f9517cf52a03793378a102898adfdebf881838ed6b129af
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
855ba8cc257021e83f4809afc70504fca25cb87dd3984868c6602b6351c316e4
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8b51fff4ef0d655c6f08650b81a835b8521a4179b08118d34c2938f2a1fb6c00
8d3eb2caccafb998548a9c5795a2e870ecc7d0c8fa3d6fee9e0cf9dd79801c04
8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7
9009c4b4af952bc092aeb66f72dbbbc7f27850c373a0ec5c86f27d900dad3a62
903eb8f1cc364e01930ba03579f049a72794aa91d1a5842a2edb6365e436bb7c
91f746d77981bec47cafc5a1f89b602f812f6b012ccea776024b8d410cdc6eb2
9476350068dbd8b61373906f6d9dba49ed31ed5d64d6ee2d48da082c44a447dc
94c72384df824fa3157c5fe609dd819b2a27358b4212ca594fba6630003e00fb
965cd705447b25221feb2fbc6f25a00b4e881fcd354c9b97c94cf750dc833f00
97165975f4509ddf4ed5f3cd4eef9a5dbdf9b0adef4f751c86c1978e32193075
974dc9c26127eb2cda9916d37a1403314652ee8d5fdb5386e55c85b74e2744ed
991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10
9967c4965a3c1f61bafa53d642c7fa743c9f2dea0e1207b0ff9aaddbd8a29f24
9ba97369bdedabba40fbe402042b5aec66b9bf40d34423980d3bd5f866dfce0e
9bc16da6242423453287d1d88a7a5cbacf5fc3e87cd405f9cae6309b73159877
9c62df3df6d4f3b6847a67ac25a7b67f0bcffad2ef370caca888f6cfb88ec98e
9cb70d57963bcf4e703e87c1350d59382ab2cc49dfddfd730c0094c98a3b773f
9d9621179e43127a9fd488cd7ce45396370b279d65f052b576d95489380b77a8
9dc51408f48d3b48cc173d0259e5e736886aa6822ca2fe919a6069c6d2780700
9e163fa5175f2a93be4acd78a5e971dae5bfa46e420d843b7ca1c9e8bc0745e9
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1ae17abf7d81068b9f8548675673ffae3ca59c50a511a782c03adf176583d6e
a20010b26bce05ea3cfc83cf3a162b7c16b5d2fa2bcf2253b0394b0eb322347a
a3336e3373c170b40764f5a62d121335bec4243b0034e561937194dfe2e413fd
a385633f1e2fe45e65c2bc3b322d776c9bab1c9687998f764c0c83f79e2963e2
a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952
a565b1d8f9920cf9fdf6684654da4c6456ef184a086e9a0ffe8431da54403147
a8f8fd440f8cfa99b7982a0b6421aa6166827f1076307747a62def70c431759d
aa318ad60a4086b7b754b6543052ca0bffe3cefc58577feac2052c2f0f1609be
aafb77a1daf68d28e980b4b3ed19c12e675814eb165628bcb7dc4974e7b60011
ac4020b0bd2177e6f6102c8b44c52a44ea0eb7d7601255c5cb6a234ca0ec51e7
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3e57eb372e8b405c816875571e184854b2846261c7477c6c9bdb7782faa1a30
b5a2c7e4f57f102b95f4dae4128a145cdfadc6e326185bb4f3b6909415ed7509
b6d018729b6cc00b3732df6a76d2d350e205062eac8b2e6ac254db938eeab31b
b97c99a69a6275c8f90703cd4c0864089a74fd08383a1cc75a8a4d0c2cb60cce
ba39b58431e3386adf4a0b13467d95ddf28088e55fc51573eb2feac8e89d46c3
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c16fe63d5e6c3d1acc9b2aedec440d98db4ebd7ea1bdfe9f26aab74e7be91a7e
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf
c306e0eb185c26a5e849c2ae76abe8f1b9213d37cc6d652be1f302ad202ebe52
c3085bb97e7787bc30dcffce5e3d1677710d66cfbf1d203cb57549f8fc322cf5
c3966fad1c54aa07641f049e66a8697297ab6d9643d4200f3e47f7ac638caba5
c613b581afcfcdb9f77a3e96fcba86f145228d61ff8dec3b889b823f89fb538e
c82fab08e93db8934a27f5b26ddf48c8a013a92a21ea15b7fa8b675b0d866040
c97fc82429a0a8c24a88c64213782da0c325bebc3fc3293235c5c5bd79cb0aa0
ca38ab561201a1a68867f61d4fb3df9682756c8927fe80f047624e7ef662f0f3
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cc0443b74fe4ae9a0ec1f6415633664be6bc924b746fa736f5cd13b33eedbcaa
cd45e607d9e2e4bd54f3c4f6270cabc326d8631bb38010fdbcd15be5018f66b4
cfa51911106a64d4b274ec739c28fb2c5b0d2aacbac11b8b49c4b06174199c71
d4ed5bd20c3036042165e91001bd91497551164b0e34c76cb8a6eb15c33f3c15
d8da3ac6100c06c3daf7fe6cd8fb0188bfe3733520174d70cc648b1b6934d6a4
da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c
db832fc70ce4ebdd701cff7078db3592642c38136733deda409ed5513d711d74
dd3aa99057ebe4341d47bb0164e4e95c87f24c3a389f1c7d1f09c180ccd9f9c5
e01fb865710979ec02000f9f0b8bbdd3a8daf748e95e22ed298f64ed766ae4ea
e1317583fa122d5a065863fc0960dd97cac5b32ee22ee2ff0a233162ebfd76a2
e2e410eda44b3090b41feb8e2919c644c410d270a97ee5b9fa5db953fc64ba60
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4f9e4d5d1563bb3a9a34d8c4edaa11e18cb21cbac6a1f8e596cb0b111d4e4ab
e773d33c4261d262bd0d614bfc80c5e007512e222b89e871913ca717d08ab665
e7b0a8fe40952cadeb7bbaed6efc7f6539dd867bb027dab543767f71d3774bd3
e7fe490839fba49ee38d30ec62ccf4ad6f0be68d8c47a51b1acd008b220effd5
e963e7196beb9123059ec3534b042ebcd1ef0a470fa568bfbebfeab2f33c4fda
ea77d70739ed678e86c3d934e7051c228ff1738bf9bcbd009f276430eba99f1b
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ede61ef231e68c691902c7af20b365af3d387ec5cc3d29a18244ea804bcccd34
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f136be1c736721a3a258ffed1d6870f3b87cf1266c7ac43cc61250ed117637a1
f7a0dbff813bc7c5605b8a86f87c6aaf78793b501ad00953f5fe4fc3beee65e5
f7c1f0669433ac14a315d9c6f87bde0528a5268b9d7cd12b759112846984e9d2
f7f3794df7ed786c86dde78f81c48bb895f08ff6cf1f55c054f7d3a2282493da
fb0d90f0dfba2ebd75a75952cd638ad515663fbbcf9691c6326b8410e1b550c7
ffc4b44e1b7402c08e5f2f702ca535e7e7083a684cda203dfdcb734cd5761aa6

screenrant.com Open in urlscan Pro 34.202.200.131 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

206 Requests

90 %HTTPS

28 %IPv6

55 Domains

85 Subdomains

68 IPs

10 Countries

4879 kBTransfer

8749 kBSize

44 Cookies

11 Outgoing links

Redirected requests

206 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

screenrant.com Open in urlscan Pro
34.202.200.131 Public Scan

Screenshot
Live screenshot

Full Image

206
Requests

90 %
HTTPS

28 %
IPv6

55
Domains

85
Subdomains

68
IPs

10
Countries

4879 kB
Transfer

8749 kB
Size

44
Cookies

206 HTTP transactions
0 data transactions