URL: https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Submission: On April 24 via api from DE — Scanned from DE

Summary

This website contacted 12 IPs in 4 countries across 7 domains to perform 30 HTTP transactions. The main IP is 2606:4700:20::681a:a75, located in United States and belongs to CLOUDFLARENET, US. The main domain is thehackernews.com. The Cisco Umbrella rank of the primary domain is 130950.
TLS certificate: Issued by GTS CA 1P5 on April 13th 2024. Valid for: 3 months.
This is the only time thehackernews.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Apex Domain
Subdomains
Transfer
10 googleusercontent.com
blogger.googleusercontent.com — Cisco Umbrella Rank: 10504
319 KB
7 thehackernews.com
thehackernews.com — Cisco Umbrella Rank: 130950
103 KB
4 gstatic.com
fonts.gstatic.com
csi.gstatic.com
188 KB
4 google.com
www.google.com — Cisco Umbrella Rank: 2
fundingchoicesmessages.google.com — Cisco Umbrella Rank: 660
122 KB
3 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 104
212 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 33
6 KB
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 84
246 B
30 7
Domain Requested by
10 blogger.googleusercontent.com thehackernews.com
7 thehackernews.com thehackernews.com
3 fonts.gstatic.com thehackernews.com
3 fundingchoicesmessages.google.com pagead2.googlesyndication.com
3 pagead2.googlesyndication.com thehackernews.com
pagead2.googlesyndication.com
1 csi.gstatic.com pagead2.googlesyndication.com
1 fonts.googleapis.com
1 www.google.com thehackernews.com
1 stats.g.doubleclick.net thehackernews.com
30 9
Subject Issuer Validity Valid
thehackernews.com
GTS CA 1P5
2024-04-13 -
2024-07-13
3 months crt.sh
*.googleusercontent.com
GTS CA 1C3
2024-03-18 -
2024-06-10
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2024-03-18 -
2024-06-10
3 months crt.sh
*.google.com
GTS CA 1C3
2024-03-18 -
2024-06-10
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2024-03-18 -
2024-06-10
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2024-03-18 -
2024-06-10
3 months crt.sh

This page contains 1 frames:

Primary Page: https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Frame ID: 46C730752C738F521A4177014D0E47FF
Requests: 38 HTTP requests in this frame

Screenshot

Page Title

Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks

Detected technologies

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

30
Requests

100 %
HTTPS

64 %
IPv6

7
Domains

9
Subdomains

12
IPs

4
Countries

958 kB
Transfer

2037 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

30 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request russian-apt-deploys-new-kapeka-backdoor.html
thehackernews.com/2024/04/
129 KB
43 KB
Document
General
Full URL
https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:a75 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Google Frontend
Resource Hash
452a7afb1ecad4a9582043dbd9652d940f059b2ab5911e63711720bf27158997
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

age
15
alt-svc
h3=":443"; ma=86400
cache-control
public, s-maxage=604800, max-age=0
cf-cache-status
HIT
cf-ray
87960ec6dc6a9ba0-FRA
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Wed, 24 Apr 2024 12:22:14 GMT
expires
Wed, 24 Apr 2024 12:21:59 GMT
last-modified
Wed, 24 Apr 2024 09:37:00 GMT
referrer-policy
no-referrer-when-downgrade
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-forwarded-for
2a01:4a0:1338:92::4
x-frame-options
SAMEORIGIN
x-powered-by
Google Frontend
x-xss-protection
1; mode=block
wiz-d.png
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4V_rtsyoTcIWag__ZbJuRYfNn1kEbmq8cniOGYpWGYITK6e2LXuUn42OqIgGPtwGJq3Ey2-r8Mq5bwGC-a3LipHUjdZLJWiRfmRc_FJO5bQPM1izk_ADZbw9Ax8lcHV7kQvrMuav5kUdyEsJz...
20 KB
20 KB
Image
General
Full URL
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4V_rtsyoTcIWag__ZbJuRYfNn1kEbmq8cniOGYpWGYITK6e2LXuUn42OqIgGPtwGJq3Ey2-r8Mq5bwGC-a3LipHUjdZLJWiRfmRc_FJO5bQPM1izk_ADZbw9Ax8lcHV7kQvrMuav5kUdyEsJzllbczuuxBh4_QEVc9dyoyitd0GG4RIzeYv2vxwXpAa9A/s728-e365/wiz-d.png
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
b5776f5aec94cd06b18001e08048879d8253632f1b84f70314c29d9d59f37a1a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 12:22:15 GMT
x-content-type-options
nosniff
server
fife
etag
"vf12c"
vary
Origin
content-type
image/png
access-control-expose-headers
Content-Length
cache-control
public, max-age=7776000, no-transform
content-disposition
inline;filename="wiz-d.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20683
x-xss-protection
0
expires
Tue, 23 Jul 2024 12:22:15 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
149 KB
50 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-7983783048239650
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s22-in-f2.1e100.net
Software
cafe /
Resource Hash
0ff02151b4735fc60fc8738135aadf40b9d5f045d54155d9e165893592265d96
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Origin
https://thehackernews.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 12:22:15 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
51436
x-xss-protection
0
server
cafe
etag
8648286726716851736
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
link
<https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires
Wed, 24 Apr 2024 12:22:15 GMT
rocket-loader.min.js
thehackernews.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/
12 KB
4 KB
Script
General
Full URL
https://thehackernews.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:a75 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 12:22:14 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Fri, 19 Apr 2024 20:54:07 GMT
server
cloudflare
content-encoding
gzip
etag
W/"6622d9ef-302c"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
cache-control
max-age=172800, public
cf-ray
87960ec75ce59ba0-FRA
expires
Fri, 26 Apr 2024 12:22:14 GMT
truncated
/
5 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c6a9d65e5bd6eb2447ea57e398e1d30f3c6e2d022ecf195933d161ffed964690

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
68 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2de33ca2d2cfb7f437aa190ecdd4b3991ff2879604c0e24aaf02849ae1f360b3

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
294 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e665cc707d8e4644e9aec1bca418d595f28050b970bbf473df7e9915d1cc9faa

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
288 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dbf4fa73ce4f2bd113dde31b7f7eff7bfd3a1271f30ababad320f07033408f06

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
294 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a12746a7a598ebf6eaa721b60dc135ac57dc22b053a85284316cb85b8f4b10a6

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
294 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fed35af77c7998b274f7c2e65cc1cfa37bb2dd363d6bcd98546428ce134aa6bc

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
194 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f88754ecdaeedbf69845f3cb4015909beff31f92b173185c075ff8ab40ae3d02

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
normal.woff2
thehackernews.com/cf-fonts/s/roboto/5.0.11/latin/400/
15 KB
15 KB
Font
General
Full URL
https://thehackernews.com/cf-fonts/s/roboto/5.0.11/latin/400/normal.woff2
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:a75 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8ce893c505f39dd4648a663903cc54acb53706282331c26552ed55ccef0c127f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Origin
https://thehackernews.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 12:22:15 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
server
cloudflare
vary
Accept-Encoding
cache-control
public, max-age=31536000, immutable
cf-ray
87960ec78d1c9ba0-FRA
alt-svc
h3=":443"; ma=86400
content-length
15744
truncated
/
7 KB
7 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a71328300f380217ae0abf7f805052a10a0c196cb241eb97adf9b905e4a48c8a

Request headers

Referer
Origin
https://thehackernews.com
Accept-Language
de-DE,de;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
application/font-woff
normal.woff2
thehackernews.com/cf-fonts/s/roboto/5.0.11/latin/500/
16 KB
16 KB
Font
General
Full URL
https://thehackernews.com/cf-fonts/s/roboto/5.0.11/latin/500/normal.woff2
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:a75 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7bc37c98295b08006e612be6c569f3cec05d794c9baa73e80c80c1a65c66432f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Origin
https://thehackernews.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 12:22:14 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
server
cloudflare
vary
Accept-Encoding
cache-control
public, max-age=31536000, immutable
cf-ray
87960ec78d1e9ba0-FRA
alt-svc
h3=":443"; ma=86400
content-length
15920
normal.woff2
thehackernews.com/cf-fonts/s/roboto/5.0.11/latin/900/
15 KB
15 KB
Font
General
Full URL
https://thehackernews.com/cf-fonts/s/roboto/5.0.11/latin/900/normal.woff2
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:a75 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
701f948695b86b2cc030e69f09aa0ff60eb9c0980dabcc997c35c42993bae2fd
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Origin
https://thehackernews.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 12:22:14 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
server
cloudflare
vary
Accept-Encoding
cache-control
public, max-age=31536000, immutable
cf-ray
87960ec78d1f9ba0-FRA
alt-svc
h3=":443"; ma=86400
content-length
15752
s.js
thehackernews.com/cdn-cgi/zaraz/
6 KB
4 KB
Script
General
Full URL
https://thehackernews.com/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyUnVzc2lhbiUyMEFQVCUyMERlcGxveXMlMjBOZXclMjAnS2FwZWthJyUyMEJhY2tkb29yJTIwaW4lMjBFYXN0ZXJuJTIwRXVyb3BlYW4lMjBBdHRhY2tzJTIyJTJDJTIyeCUyMiUzQTAuMDE4NTYzODg5OTY0NTg2NTc3JTJDJTIydyUyMiUzQTE2MDAlMkMlMjJoJTIyJTNBMTIwMCUyQyUyMmolMjIlM0ExMjAwJTJDJTIyZSUyMiUzQTE2MDAlMkMlMjJsJTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZ0aGVoYWNrZXJuZXdzLmNvbSUyRjIwMjQlMkYwNCUyRnJ1c3NpYW4tYXB0LWRlcGxveXMtbmV3LWthcGVrYS1iYWNrZG9vci5odG1sJTIyJTJDJTIyciUyMiUzQSUyMiUyMiUyQyUyMmslMjIlM0EyNCUyQyUyMm4lMjIlM0ElMjJVVEYtOCUyMiUyQyUyMm8lMjIlM0EtMTIwJTJDJTIycSUyMiUzQSU1QiU1RCU3RA==
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.72.95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
453ceae21ce8fdf04e9409ee2ea9311836c8a6f4b048aad1da633a15dcf05345
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://thehackernews.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 12:22:15 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
content-encoding
br
server
cloudflare
access-control-max-age
600
vary
Origin, Accept-Encoding
access-control-allow-methods
GET, HEAD, POST, OPTIONS
access-control-allow-origin
https://thehackernews.com
content-type
text/javascript; charset=utf-8
access-control-allow-credentials
true
x-robots-tag
none
access-control-allow-headers
Content-Type, Set-Cookie, Cache-Control
alt-svc
h3=":443"; ma=86400
cf-ray
87960ec7a8a14daf-FRA
collect
stats.g.doubleclick.net/g/
0
246 B
XHR
General
Full URL
https://stats.g.doubleclick.net/g/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=G-ZDZCZPGJ7N&cid=0603a9cf-b7bc-4ff1-a51f-f375789ca9a1&_u=KGDAAEADQAAAAC%7E&z=1853047724
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 24 Apr 2024 12:22:15 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://thehackernews.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/
42 B
0
Fetch
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&v=1&_v=j86&tid=G-ZDZCZPGJ7N&cid=0603a9cf-b7bc-4ff1-a51f-f375789ca9a1&_u=KGDAAEADQAAAAC%7E&z=1853047724&slf_rd=1
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyUnVzc2lhbiUyMEFQVCUyMERlcGxveXMlMjBOZXclMjAnS2FwZWthJyUyMEJhY2tkb29yJTIwaW4lMjBFYXN0ZXJuJTIwRXVyb3BlYW4lMjBBdHRhY2tzJTIyJTJDJTIyeCUyMiUzQTAuMDE4NTYzODg5OTY0NTg2NTc3JTJDJTIydyUyMiUzQTE2MDAlMkMlMjJoJTIyJTNBMTIwMCUyQyUyMmolMjIlM0ExMjAwJTJDJTIyZSUyMiUzQTE2MDAlMkMlMjJsJTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZ0aGVoYWNrZXJuZXdzLmNvbSUyRjIwMjQlMkYwNCUyRnJ1c3NpYW4tYXB0LWRlcGxveXMtbmV3LWthcGVrYS1iYWNrZG9vci5odG1sJTIyJTJDJTIyciUyMiUzQSUyMiUyMiUyQyUyMmslMjIlM0EyNCUyQyUyMm4lMjIlM0ElMjJVVEYtOCUyMiUyQyUyMm8lMjIlM0EtMTIwJTJDJTIycSUyMiUzQSU1QiU1RCU3RA==
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.196 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f4.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 24 Apr 2024 12:22:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
https://thehackernews.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202404180101/
412 KB
140 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202404180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7983783048239650&plah=thehackernews.com&aplac=true
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-7983783048239650
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s22-in-f2.1e100.net
Software
cafe /
Resource Hash
433e37b49560e2b7829faa23d7367cfb99868589ceb989b0faa8fdd561a4df69
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 12:22:15 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
142996
x-xss-protection
0
server
cafe
etag
13201814217703169914
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Wed, 24 Apr 2024 12:22:15 GMT
ca-pub-7983783048239650
fundingchoicesmessages.google.com/i/
182 KB
61 KB
Script
General
Full URL
https://fundingchoicesmessages.google.com/i/ca-pub-7983783048239650?ers=2
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202404180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7983783048239650&plah=thehackernews.com&aplac=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f7c50733936f14fbbb65afc2f9a32b61457db9b7c876aeb473501a8e6d58fe8d
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-IrOyQhdwJSj4YjJEr21ysw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 12:22:15 GMT
content-security-policy
script-src 'report-sample' 'nonce-IrOyQhdwJSj4YjJEr21ysw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjitDikmLw15BiOO90h-k6ENcyPGNqBWIDjedMFkAs8fUlkwYQxzyfzpoCxE7pM1iDgNinfgZrDBC33jzHOhWITy44z3oRiJP-nWctAmIhHo7vnxZvZBPY0PxtGhMAAkgrbA"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
rum_fy2021.js
pagead2.googlesyndication.com/pagead/js/r20240422/r20110914/
56 KB
22 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20240422/r20110914/rum_fy2021.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202404180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7983783048239650&plah=thehackernews.com&aplac=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s22-in-f2.1e100.net
Software
cafe /
Resource Hash
6f1a646a3ee890d55a146de603fca9936673ac408f21d072c470d06c9f9406b1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 00:55:48 GMT
content-encoding
br
x-content-type-options
nosniff
age
41187
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
22053
x-xss-protection
0
server
cafe
etag
4424044350148560758
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 08 May 2024 00:55:48 GMT
AGSKWxWEOvvOXFaDvtK4hNI7digBejF8sx8EeQbhvhcRqUto3WaZ3lGrphMgb92shaVB0c6ewTndSzE78p2w19J00UjP71zgHZ5CLDw3rWTs_RXZLPZv6GoF3DZrghCOKFdS1-Ofo50dUw==
fundingchoicesmessages.google.com/f/
405 KB
61 KB
Script
General
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxWEOvvOXFaDvtK4hNI7digBejF8sx8EeQbhvhcRqUto3WaZ3lGrphMgb92shaVB0c6ewTndSzE78p2w19J00UjP71zgHZ5CLDw3rWTs_RXZLPZv6GoF3DZrghCOKFdS1-Ofo50dUw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzEzOTYxMzM1LDcwNjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly90aGVoYWNrZXJuZXdzLmNvbS8yMDI0LzA0L3J1c3NpYW4tYXB0LWRlcGxveXMtbmV3LWthcGVrYS1iYWNrZG9vci5odG1sIixudWxsLFtbOCwiX0g1ZEFEdUtQdWciXSxbOSwiZGUiXSxbMTgsIltbWzBdXV0iXSxbMTksIjEiXSxbMTcsIlswXSJdXV0
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de._H5dADuKPug.es5.O/am=wA/d=1/rs=AJlcJMyhKbK0ctb-8cSLtKGRkBIveFcKvg/m=kernel_loader,loader_js_executable
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ab8547c3df4f86dba26693bf940af0d4cdfad3b5b045efa2da7fad215700f61f
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-OvKHzitvRZVZwy6ubgRFng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 12:22:15 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-OvKHzitvRZVZwy6ubgRFng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
reporting-endpoints
default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjitHikmJw1ZBiUAjbyXTe6Q7TdSCuZXjG1ArEBhrPmSyAWOLrSyYNII55Pp01BYid0mewBgGxT_0M1hggbr15jnUqEJ9ccJ71IhAn_TvPWgTEQjwc3z8t3sgmsOLf8zZmAHlsLOw"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
css
fonts.googleapis.com/
106 KB
6 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Archivo:400,500|Arimo:400,500|Bitter:400,500|EB+Garamond:400,500|Lato|Libre+Baskervill|Libre+Franklin:400,500|Lora:400,500|Google+Sans:regular,medium:400,500|Material+Icons|Google+Symbols|Merriweather|Montserrat:400,500|Mukta:400,500|Muli:400,500|Nunito:400,500|Open+Sans:400,500,600|Open+Sans+Condensed:400,600|Oswald:500|Playfair+Display:400,500|Poppins:400,500|Raleway:400,500|Roboto:400,500|Roboto+Condensed:400,500|Roboto+Slab:400,500|Slabo+27px|Source+Sans+Pro|Ubuntu:400,500|Volkhov&display=swap
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de._H5dADuKPug.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMwbhqhal-qviQsrcLpb8RFKi-ad0g/m=web_iab_tcf_v2_wall_executable
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
50234c17da00532efe5b3ac851c3caad75825978dd9e483179224217e886b952
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Wed, 24 Apr 2024 12:22:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 24 Apr 2024 12:22:16 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 24 Apr 2024 12:22:16 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/
15 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://thehackernews.com/
Origin
https://thehackernews.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 22 Apr 2024 19:32:19 GMT
x-content-type-options
nosniff
age
146997
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 22 Apr 2025 19:32:19 GMT
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/
47 KB
47 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://thehackernews.com/
Origin
https://thehackernews.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 19 Apr 2024 22:45:56 GMT
x-content-type-options
nosniff
age
394580
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48236
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:08:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 19 Apr 2025 22:45:56 GMT
flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v142/
125 KB
126 KB
Font
General
Full URL
https://fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
Requested by
Host: thehackernews.com
URL: https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://thehackernews.com/
Origin
https://thehackernews.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 22 Apr 2024 19:45:43 GMT
x-content-type-options
nosniff
age
146193
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
128352
x-xss-protection
0
last-modified
Mon, 08 Apr 2024 19:04:47 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 22 Apr 2025 19:45:43 GMT
AGSKWxXninvJHlBI3MAmw0xYKZf6QvlfgUoU1tbNbZmfj7klTPklNoRuFr0RkSh_9nHY97w-KgTNIZKTqZrJoWoo64koO3aHq7JxJoDCHQNDYMGL5wg2s136CsQTM2hEccHl26yoR5Aenw==
fundingchoicesmessages.google.com/el/
0
29 B
XHR
General
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxXninvJHlBI3MAmw0xYKZf6QvlfgUoU1tbNbZmfj7klTPklNoRuFr0RkSh_9nHY97w-KgTNIZKTqZrJoWoo64koO3aHq7JxJoDCHQNDYMGL5wg2s136CsQTM2hEccHl26yoR5Aenw==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de._H5dADuKPug.es5.O/am=wA/d=1/rs=AJlcJMyhKbK0ctb-8cSLtKGRkBIveFcKvg/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil07s07-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-FiM0Lr8YTi8Hldso_VbHAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 24 Apr 2024 12:22:16 GMT
content-security-policy
script-src 'report-sample' 'nonce-FiM0Lr8YTi8Hldso_VbHAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmJw15BiqGV4xtQKxE7pM1hDgFiIm-PHp8Ub2QQ-XDrFCwC-gAx8"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://thehackernews.com
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
russian-hackers.png
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXJGzxXWApk_OMb5lv6Kx_E9LQPIGCe9hetfdPIpuFr4AA3a2SYUVsQYUEVtcP1-RPih-LTnhPmWETK5-eQPVF4uda8F-ZL1P1M70YCxFAbH9bnwgXXw98AlKLOzAxjGNiR4SRc64BithE2X34...
108 KB
108 KB
Image
General
Full URL
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXJGzxXWApk_OMb5lv6Kx_E9LQPIGCe9hetfdPIpuFr4AA3a2SYUVsQYUEVtcP1-RPih-LTnhPmWETK5-eQPVF4uda8F-ZL1P1M70YCxFAbH9bnwgXXw98AlKLOzAxjGNiR4SRc64BithE2X349R3eUENFUEmi4gie3zH8aJenzueqVYM1fybkF6F5SNW5/s728-rw-e365/russian-hackers.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
949ea76285fb3119204a3e56803b6dcc83acefe9c7312181fa0224fb6477902d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 12:22:16 GMT
x-content-type-options
nosniff
server
fife
etag
"vd09"
vary
Origin
content-type
image/webp
access-control-expose-headers
Content-Length
cache-control
public, max-age=7776000, no-transform
content-disposition
inline;filename="russian-hackers.webp"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
110444
x-xss-protection
0
expires
Tue, 23 Jul 2024 12:22:16 GMT
wing-d.png
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuUUskkMH9dUT3LF77_Q_irGuaE4LGjp-Am2Ls_UzGJ5EBnZHfuFiSvKs4OPE5KmfedBHcuZZVHS4Bh48UJx8brpwtg6Vr2Gepbaw-lGMIm9HjUhyphenhyphen2W5DVm5-ymwPS691Ie32TrC...
74 KB
74 KB
Image
General
Full URL
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuUUskkMH9dUT3LF77_Q_irGuaE4LGjp-Am2Ls_UzGJ5EBnZHfuFiSvKs4OPE5KmfedBHcuZZVHS4Bh48UJx8brpwtg6Vr2Gepbaw-lGMIm9HjUhyphenhyphen2W5DVm5-ymwPS691Ie32TrCqFIv6SxNRA-jOKCKZrOB5dV7BfL0zVAhOO0neNkP9yv-XePBU1hN_0/s728-e365/wing-d.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
a3151858283535d24bdd9cbc652f6d0569a6ec5d562320d4aeedc311390da337
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 12:22:16 GMT
x-content-type-options
nosniff
server
fife
etag
"vf102"
vary
Origin
content-type
image/png
access-control-expose-headers
Content-Length
cache-control
public, max-age=7776000, no-transform
content-disposition
inline;filename="wing-d.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
75971
x-xss-protection
0
expires
Tue, 23 Jul 2024 12:22:16 GMT
backdoor.png
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghQvqX4lextHuitkPCGff-Ggz7P_yrjDu7rbEw8lQxTVhaZD3Z0xL7WFg2im1e65BXUWvjHYU6ieVyygdippKNbd-iBhfKgkDssAyAqdk4X2TWDsDgsq9FOjmQZIFPY2UuqR5nmMCTpzBwpJuH...
31 KB
31 KB
Image
General
Full URL
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghQvqX4lextHuitkPCGff-Ggz7P_yrjDu7rbEw8lQxTVhaZD3Z0xL7WFg2im1e65BXUWvjHYU6ieVyygdippKNbd-iBhfKgkDssAyAqdk4X2TWDsDgsq9FOjmQZIFPY2UuqR5nmMCTpzBwpJuHIvdWKAHKKaV6VRUuM_MqkAtkIDZJRALpwRfvIKV2xZqL/s728-rw-e365/backdoor.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
f4fd6b2a5582adfa9311b8bebda9f10479ce4e276c494a72050153ff66751340
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 12:22:16 GMT
x-content-type-options
nosniff
server
fife
etag
"vd07"
vary
Origin
content-type
image/webp
access-control-expose-headers
Content-Length
cache-control
public, max-age=7776000, no-transform
content-disposition
inline;filename="backdoor.webp"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31558
x-xss-protection
0
expires
Tue, 23 Jul 2024 12:22:16 GMT
radar-1.jpg
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwLSg3McKU9HD3ftsnvtsmwP2XWdLSIyXXnWrq0XdfvEZd19NBZn8F80oDrSxkcQSjI5DWMPjSdodJr-YLIsMhVD8-fWn_U9PqXH0L7ihsZxs6RenbYSers13EZhfkMjgXZNL-sdm-SjpkWUbl...
36 KB
36 KB
Image
General
Full URL
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwLSg3McKU9HD3ftsnvtsmwP2XWdLSIyXXnWrq0XdfvEZd19NBZn8F80oDrSxkcQSjI5DWMPjSdodJr-YLIsMhVD8-fWn_U9PqXH0L7ihsZxs6RenbYSers13EZhfkMjgXZNL-sdm-SjpkWUblI-f9qraZJ2NuL7Y1sqwRcE_yn7HjOyu_Flk2zAGPD9yB/s300-e365/radar-1.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
c55c7656d027e4c899194bb802efa5af7f2f42ced19dbb2d8b18ec33a9d6076c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 12:22:16 GMT
x-content-type-options
nosniff
server
fife
etag
"vf0e9"
vary
Origin
content-type
image/jpeg
access-control-expose-headers
Content-Length
cache-control
public, max-age=7776000, no-transform
content-disposition
inline;filename="radar-1.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
36908
x-xss-protection
0
expires
Tue, 23 Jul 2024 12:22:16 GMT
vanta.jpg
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBCUxuNDmQrdOepBnKoib5-36PwpaV54hmsVOCAkB9gNZA_7gv2EcA-ZqDMaI41aWd0x-pMizLbN0kRzQ6ZnUWGdg6YbIpBOQLbraRfxkef9qSrHD5-G1sq0BZ2dnW3C19utRur-gJ6jVxtuUL...
20 KB
20 KB
Image
General
Full URL
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBCUxuNDmQrdOepBnKoib5-36PwpaV54hmsVOCAkB9gNZA_7gv2EcA-ZqDMaI41aWd0x-pMizLbN0kRzQ6ZnUWGdg6YbIpBOQLbraRfxkef9qSrHD5-G1sq0BZ2dnW3C19utRur-gJ6jVxtuULP52qQE3xic4J0RGL4BZo2xwmQGNuK8m9EuhvJTKMtjgg/s300-e365/vanta.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
641e4ff3ae0de71ae083822fe451be09f8a89a60dec6a3613be315a1bb2f4498
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 12:22:16 GMT
x-content-type-options
nosniff
server
fife
etag
"vf08a"
vary
Origin
content-type
image/jpeg
access-control-expose-headers
Content-Length
cache-control
public, max-age=7776000, no-transform
content-disposition
inline;filename="vanta.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19998
x-xss-protection
0
expires
Tue, 23 Jul 2024 12:22:16 GMT
rewind.png
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbMQD7oLKLA9mdYiBTsiVK09s-GEbDwrvBCN9EpEBp1vOds4C0Cs8pvdh2YMh2TKAMV3k-KaGsB0i44dI8X-aEa_GEhj411mRTA6ezfoqqDceAVXUp0pfv-suJLKtIDYCotr94eM9P5ae8DuYp...
7 KB
7 KB
Image
General
Full URL
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbMQD7oLKLA9mdYiBTsiVK09s-GEbDwrvBCN9EpEBp1vOds4C0Cs8pvdh2YMh2TKAMV3k-KaGsB0i44dI8X-aEa_GEhj411mRTA6ezfoqqDceAVXUp0pfv-suJLKtIDYCotr94eM9P5ae8DuYpOVLL8DFpBy1-tgp4k5082aIHZtydn8IdK4-k5gNUDmaP/s300-e365/rewind.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
3bb8337674f33b5cbdb8eac86828e87ac515393cddf58275298621b1668abc6f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 12:22:16 GMT
x-content-type-options
nosniff
server
fife
etag
"vf08c"
vary
Origin
content-type
image/png
access-control-expose-headers
Content-Length
cache-control
public, max-age=7776000, no-transform
content-disposition
inline;filename="rewind.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7340
x-xss-protection
0
expires
Tue, 23 Jul 2024 12:22:16 GMT
ransomware.jpg
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiE-hJDJwP_dVC57N76HSLNJGv2b_M_MjfOPOjGwSfhaheM4V1KnAyeYJ3UmrfA-nGCtxGv-KCXACr9chDx96Slc7dMW8-I9NDOqSNdjhtjcinks7s9efiC-u9Ke8CpMv-0WHOLv4OnUhRFI729...
4 KB
4 KB
Image
General
Full URL
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiE-hJDJwP_dVC57N76HSLNJGv2b_M_MjfOPOjGwSfhaheM4V1KnAyeYJ3UmrfA-nGCtxGv-KCXACr9chDx96Slc7dMW8-I9NDOqSNdjhtjcinks7s9efiC-u9Ke8CpMv-0WHOLv4OnUhRFI729-bYzUQ9XVbZvxS5iv2VLo1QAdwOzWh0XtNBi5PFdKIs/w72-h72-p-k-no-nu/ransomware.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
1ce5ddb770a7ba57e1b59a7f82cd09af7f0e30e9efa2d1ee47c7bf98506dd92e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 12:22:16 GMT
x-content-type-options
nosniff
server
fife
etag
"v1291"
vary
Origin
content-type
image/jpeg
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
content-disposition
inline;filename="ransomware.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4149
x-xss-protection
0
expires
Thu, 25 Apr 2024 12:22:16 GMT
as.png
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2g2Bf8zJRCIdl6KQP8OZ5cQIFErkLBk8KlSuUeaGi4wRn8TqQNpv-HCJE6eTvNO72s3hNSc5JycD3s9zs2iENstrhVNDEMagaUEC4G_cC9Uy5DdKw2uO5WcJuxbwU-a8M2AjFNYbzhgfYQVN4...
11 KB
11 KB
Image
General
Full URL
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2g2Bf8zJRCIdl6KQP8OZ5cQIFErkLBk8KlSuUeaGi4wRn8TqQNpv-HCJE6eTvNO72s3hNSc5JycD3s9zs2iENstrhVNDEMagaUEC4G_cC9Uy5DdKw2uO5WcJuxbwU-a8M2AjFNYbzhgfYQVN4bI3QZUomMmtnHnUCFnevLakct164k9SYGkOdPEIjfDY/w72-h72-p-k-no-nu/as.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
15bc8789d40e516fd50e767f1585ded9e29708f0e742b4114a9139cef8e1a386
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 12:22:16 GMT
x-content-type-options
nosniff
server
fife
etag
"v1258"
vary
Origin
content-type
image/png
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
content-disposition
inline;filename="as.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11101
x-xss-protection
0
expires
Thu, 25 Apr 2024 12:22:16 GMT
rootkit.png
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisO0rAZ34PYmseKtEE9ec5ecQeyqRe5hvp-MnOE5tiLeHTcfv9f65OzwGgvU01HsHuMdWtD6XOCGaf3tvLlQpqLrmOv2HyxRsJOZ02S1PMnE1ItS3GuOpc9R1g20o0k1R5zIJD9zusimwxXscz...
7 KB
7 KB
Image
General
Full URL
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisO0rAZ34PYmseKtEE9ec5ecQeyqRe5hvp-MnOE5tiLeHTcfv9f65OzwGgvU01HsHuMdWtD6XOCGaf3tvLlQpqLrmOv2HyxRsJOZ02S1PMnE1ItS3GuOpc9R1g20o0k1R5zIJD9zusimwxXscz8sjDEZNVVwUYK3kxVR2vcvuCYB8RJUeg7yUy8AD5yode/w72-h72-p-k-no-nu/rootkit.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
dc19c8e8783d656d4c3a30e09998cd0d2660c68ec2eb162c6eeadc41cfa677b1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 12:22:16 GMT
x-content-type-options
nosniff
server
fife
etag
"vd3b"
vary
Origin
content-type
image/png
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
content-disposition
inline;filename="rootkit.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6981
x-xss-protection
0
expires
Thu, 25 Apr 2024 12:22:16 GMT
favicon.ico
thehackernews.com/downloads/
15 KB
6 KB
Other
General
Full URL
https://thehackernews.com/downloads/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.72.95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a627106f1b911a74c67418d16363901bdcf8ba6c6fca691ae3512d886902cd1
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 12:22:16 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Tue, 26 Sep 2023 16:18:12 GMT
server
cloudflare
age
118330
vary
User-Agent, Accept-Encoding
content-type
image/x-icon
content-encoding
br
cache-control
max-age=2592000, public, must-revalidate
x-turbo-charged-by
LiteSpeed
cf-ray
87960ed12c274daf-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 23 May 2024 03:27:30 GMT
csi
csi.gstatic.com/
0
234 B
Ping
General
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=1~lvdsbqh3&c=2036962542661320&e=44759875%2C44759926%2C44759842%2C31061691%2C31061693&ctx=1&met.3=782.ay~1001.ax_1__1~164.az_1~165.aw_4~166.am_e~1032.iw~326.jr_1~832.js~868.js~216.iv_x~215.iv_x~843.iv_y~112.l1_1~113.1ca_1&met.7=CBsQCMABz-C1igw~CBsQBhgBIKsBKKsBMMQEOJkDwAGXnOWqCw~CAEQChgBIKsBKKsBMPsCONABQKwBSKwBUKwBWPsBYKwBaPsBcM8CeJiUA4AB7JEDiAH_pQmwAQG4AQPAAd6Ov5sB~CBsQCiCrATguwAHDlIGvBw~CBsQAiC2AThmwAHjmOqUDQ~CBsQAiC3AThdwAG7pbvFDw~CBsQAiC3AThfwAHJ9p2RCQ~CBsQCiDiATg8wAGRk_ngBA~CCgQDRgBIJ8CKJ8CMK8DOJABwAHT56PKBQ~CAMQChgBIIkDKIkDMJ8FOJYCUIkDWNoDYIkDaNoDcMsEeMDfCIABlN0IiAH04BmwAQG4AQPAAa_D16cN~CBwQChgBIMcFKMcFMPMFOCtoyAVw8AV40a4BgAGlrAGIAbjBA7ABAbgBA8AB47HMuwY~CEAQChgBIMYFKMYFMLAHOOoBUMcFWKAGYO4FaKAGcOkGeK3gA4ABgd4DiAHXrAuwAQG4AQPAAbLajMkM~CD8QChgBIMkHKMkHMO0IOKQBaMkHcNAIeMrnA4ABnuUDiAHmphmwAQG4AQPAAY7E5dMF~CBIQBxgBIPwIKPwIMJQKOJgBUP0IWNMJYKMJaNMJcIkKePAtgAHEK4gB_c4GqgGHBAoPQXJjaGl2bzo0MDAsNTAwCg1Bcmltbzo0MDAsNTAwCg5CaXR0ZXI6NDAwLDUwMAoTRUIrR2FyYW1vbmQ6NDAwLDUwMAoETGF0bwoQTGlicmUrQmFza2VydmlsbAoWTGlicmUrRnJhbmtsaW46NDAwLDUwMAoMTG9yYTo0MDAsNTAwCiJHb29nbGUrU2FuczpyZWd1bGFyLG1lZGl1bTo0MDAsNTAwCg5NYXRlcmlhbCtJY29ucwoOR29vZ2xlK1N5bWJvbHMKDE1lcnJpd2VhdGhlcgoSTW9udHNlcnJhdDo0MDAsNTAwCg1NdWt0YTo0MDAsNTAwCgxNdWxpOjQwMCw1MDAKDk51bml0bzo0MDAsNTAwChVPcGVuK1NhbnM6NDAwLDUwMCw2MDAKG09wZW4rU2FucytDb25kZW5zZWQ6NDAwLDYwMAoKT3N3YWxkOjUwMAoYUGxheWZhaXIrRGlzcGxheTo0MDAsNTAwCg9Qb3BwaW5zOjQwMCw1MDAKD1JhbGV3YXk6NDAwLDUwMAoOUm9ib3RvOjQwMCw1MDAKGFJvYm90bytDb25kZW5zZWQ6NDAwLDUwMAoTUm9ib3RvK1NsYWI6NDAwLDUwMAoKU2xhYm8rMjdweAoPU291cmNlK1NhbnMrUHJvCg5VYnVudHU6NDAwLDUwMAoHVm9sa2hvdrABAbgBA8AB1se7yAo~CBMQAhgBIIIJKIIJMJgKOJYBUJAJWOYJYLcJaOYJcJQKeJx6gAHwd4gB8HeqAQwKBnJvYm90bxASGAKwAQG4AQPAAbi_9ucK~CD8QDRgBIJYJKJYJMKAKOIoBwAGtoq36CQ~CBMQAhgBIJEJKJEJMJINOIEEaOYJcMAMeJj7AoAB7PgCiAHs-AKqAQ4KCG9wZW5zYW5zECgYArABAbgBA8ABkK-U0g8~CBsQCDjJDcABz-C1igw~CBMQAhgBIJEJKJEJML4NOK0EaOYJcJgKeIztB4AB4OoHiAHg6geqARQKDW1hdGVyaWFsaWNvbnMQjgEYArABAbgBA8ABmqG8zQo~CBsg0A04b8ABzOGZ7Qc~CBsQBhgBIM8NKM8NMJMQOMQCwAGjlr3EAw~CBsQBhgBIM8NKM8NMJgQOMgCwAGYivP4Bg~CBsQBhgBINANKNANMJoQOMoCwAHD-I72Dg~CBsQBhgBIM8NKM8NMLAQOOACwAHb6J2LCg~CBsQBhgBINANKNANMLgQOOkCwAG3_sqPDA~CBsQBhgBINANKNANMLkQOOoCwAHYtqDjAg~CBsQBhgBINANKNANMLwQOOwCwAGwhK3WAQ~CBsQBhgBINANKNANML0QOO4CwAH84KjpDA~CBsQBhgBINANKNANMMEQOPECwAH9ibWZCA&met.1=1.lvdsbpw2~6.1~7.7~8.7~9.7~10.2j~11.1a~12.2j~13.4f~14.4k~15.4h~16.50~17.69~18.6a~19.1c3~20.1c3~21.1ca~22.65~23.65
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20240422/r20110914/rum_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4019:801::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 24 Apr 2024 12:22:18 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

56 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| zarazData object| zaraz string| share_url string| share_title function| dRB object| __cfQR object| dataLayer object| x object| google_js_reporting_queue number| google_srt object| google_persistent_state_async object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_tag_data object| google_reactive_ads_global_state object| adsbygoogle object| google_sa_queue function| google_process_slots object| google_ama_state number| google_rum_task_id_counter function| google_spfd number| google_unique_id object| google_sv_map string| google_user_agent_client_hint function| google_sa_impl object| googlefc boolean| adsbygoogle_ama_fc_has_run object| google_rum_config object| _google_rum_ns_ object| default_ContributorServingResponseClientJs object| _F_toggles object| __googlefc string| __fcInvoked string| __fcexpdef string| N2QyN2EyNjllNDVjYjkxNWxvYWRlcl9qcw== string| N2QyN2EyNjllNDVjYjkxNWNhY2hlZF9qcw== object| __fcInternalApiManager boolean| __fcInternalApiPostMessageReady object| __tcfapiEventListeners function| __tcfapi object| __tcfapiManager boolean| __tcfapiPostMessageReady boolean| __cfRLUnblockHandlers function| loadScriptAsync function| runAfterPageLoad object| texts number| randomIndex object| buttons undefined| google_rum_values

1 Cookies

Domain/Path Name / Value
.thehackernews.com/ Name: cfz_google-analytics_v4
Value: %7B%22yZRc_engagementDuration%22%3A%7B%22v%22%3A%220%22%2C%22e%22%3A1745497334999%7D%2C%22yZRc_engagementStart%22%3A%7B%22v%22%3A%221713961334999%22%2C%22e%22%3A1745497334999%7D%2C%22yZRc_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1745497334999%7D%2C%22yZRc_ga4sid%22%3A%7B%22v%22%3A%221032357173%22%2C%22e%22%3A1713963134999%7D%2C%22yZRc_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1745497334999%7D%2C%22yZRc_ga4%22%3A%7B%22v%22%3A%220603a9cf-b7bc-4ff1-a51f-f375789ca9a1%22%2C%22e%22%3A1745497334999%7D%2C%22yZRc__z_ga_audiences%22%3A%7B%22v%22%3A%220603a9cf-b7bc-4ff1-a51f-f375789ca9a1%22%2C%22e%22%3A1745497334999%7D%2C%22yZRc_let%22%3A%7B%22v%22%3A%221713961334999%22%2C%22e%22%3A1745497334999%7D%7D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blogger.googleusercontent.com
csi.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
pagead2.googlesyndication.com
stats.g.doubleclick.net
thehackernews.com
www.google.com
142.250.185.196
172.217.18.2
172.67.72.95
216.58.206.46
2606:4700:20::681a:a75
2a00:1450:4001:800::2003
2a00:1450:4001:810::2001
2a00:1450:4001:811::200a
2a00:1450:4001:813::200e
2a00:1450:400c:c07::9b
2a00:1450:4019:801::2003
0ff02151b4735fc60fc8738135aadf40b9d5f045d54155d9e165893592265d96
15bc8789d40e516fd50e767f1585ded9e29708f0e742b4114a9139cef8e1a386
1ce5ddb770a7ba57e1b59a7f82cd09af7f0e30e9efa2d1ee47c7bf98506dd92e
2a627106f1b911a74c67418d16363901bdcf8ba6c6fca691ae3512d886902cd1
2de33ca2d2cfb7f437aa190ecdd4b3991ff2879604c0e24aaf02849ae1f360b3
3bb8337674f33b5cbdb8eac86828e87ac515393cddf58275298621b1668abc6f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
433e37b49560e2b7829faa23d7367cfb99868589ceb989b0faa8fdd561a4df69
452a7afb1ecad4a9582043dbd9652d940f059b2ab5911e63711720bf27158997
453ceae21ce8fdf04e9409ee2ea9311836c8a6f4b048aad1da633a15dcf05345
50234c17da00532efe5b3ac851c3caad75825978dd9e483179224217e886b952
641e4ff3ae0de71ae083822fe451be09f8a89a60dec6a3613be315a1bb2f4498
6f1a646a3ee890d55a146de603fca9936673ac408f21d072c470d06c9f9406b1
701f948695b86b2cc030e69f09aa0ff60eb9c0980dabcc997c35c42993bae2fd
7bc37c98295b08006e612be6c569f3cec05d794c9baa73e80c80c1a65c66432f
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
8ce893c505f39dd4648a663903cc54acb53706282331c26552ed55ccef0c127f
949ea76285fb3119204a3e56803b6dcc83acefe9c7312181fa0224fb6477902d
a12746a7a598ebf6eaa721b60dc135ac57dc22b053a85284316cb85b8f4b10a6
a3151858283535d24bdd9cbc652f6d0569a6ec5d562320d4aeedc311390da337
a71328300f380217ae0abf7f805052a10a0c196cb241eb97adf9b905e4a48c8a
ab8547c3df4f86dba26693bf940af0d4cdfad3b5b045efa2da7fad215700f61f
b5776f5aec94cd06b18001e08048879d8253632f1b84f70314c29d9d59f37a1a
c55c7656d027e4c899194bb802efa5af7f2f42ced19dbb2d8b18ec33a9d6076c
c6a9d65e5bd6eb2447ea57e398e1d30f3c6e2d022ecf195933d161ffed964690
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
dbf4fa73ce4f2bd113dde31b7f7eff7bfd3a1271f30ababad320f07033408f06
dc19c8e8783d656d4c3a30e09998cd0d2660c68ec2eb162c6eeadc41cfa677b1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e665cc707d8e4644e9aec1bca418d595f28050b970bbf473df7e9915d1cc9faa
f4fd6b2a5582adfa9311b8bebda9f10479ce4e276c494a72050153ff66751340
f7c50733936f14fbbb65afc2f9a32b61457db9b7c876aeb473501a8e6d58fe8d
f88754ecdaeedbf69845f3cb4015909beff31f92b173185c075ff8ab40ae3d02
fed35af77c7998b274f7c2e65cc1cfa37bb2dd363d6bcd98546428ce134aa6bc