urlscan.io logo urlscan.io
SecurityTrails logo

www.itproportal.com Open in urlscan Pro
185.113.25.56  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/#:~:text=Agent%20Tesla%20i...
Effective URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Submission: On August 04 via manual from IN
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 19 IPs in 5 countries across 13 domains to perform 48 HTTP transactions. The main IP is 185.113.25.56, located in United Kingdom and belongs to FUTURE, GB. The main domain is www.itproportal.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on July 15th 2020. Valid for: 3 months.
This is the only time www.itproportal.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

1    185.113.25.56 (United Kingdom)

ASN20596 (FUTURE, GB)
PTR: vif07.web.future.net.uk
www.itproportal.com
9    185.113.25.54 (United Kingdom)

ASN20596 (FUTURE, GB)
PTR: vif09.web.future.net.uk
widgets.future-fie.co.uk
search-api.fie.future.net.uk
3    151.139.128.11 (Dallas, United States)

ASN20446 (HIGHWINDS3, US)
bordeaux.futurecdn.net
3    2600:9000:214f:2a00:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)
quantcast.mgr.consensu.org
7    67.26.83.252 (United States)

ASN3356 (LEVEL3, US)
vanilla.futurecdn.net
1    2606:4700::6812:e234 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.onesignal.com
8    2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    67.27.159.124 (United States)

ASN3356 (LEVEL3, US)
cdn.mos.cms.futurecdn.net
1    13.35.255.237 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-255-237.fra6.r.cloudfront.net
cdn.parsely.com
3    2.16.105.213 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-16-105-213.deploy.static.akamaitechnologies.com
sb.scorecardresearch.com
1    2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ampcid.google.com
1    2a00:1450:4001:81e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ampcid.google.de
2    2600:9000:214f:2600:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)
static.quantcast.mgr.consensu.org
1    3.222.190.40 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-222-190-40.compute-1.amazonaws.com
srv-2020-08-04-16.pixel.parsely.com
2    2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    2a00:1450:4001:817::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    2600:9000:2057:a200:1:af78:4c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
vendorlist.consensu.org
1    35.190.59.101 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 101.59.190.35.bc.googleusercontent.com
r.skimresources.com
1    99.86.7.41 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-7-41.fra6.r.cloudfront.net
audit.quantcast.mgr.consensu.org
Domain Requested by
8 www.google-analytics.com www.itproportal.com
www.google-analytics.com
7 vanilla.futurecdn.net www.itproportal.com
5 widgets.future-fie.co.uk www.itproportal.com
widgets.future-fie.co.uk
4 search-api.fie.future.net.uk www.itproportal.com
3 sb.scorecardresearch.com 1 redirects www.itproportal.com
3 quantcast.mgr.consensu.org www.itproportal.com
quantcast.mgr.consensu.org
3 bordeaux.futurecdn.net www.itproportal.com
bordeaux.futurecdn.net
2 www.google.de www.itproportal.com
2 www.google.com 2 redirects
2 stats.g.doubleclick.net 2 redirects
2 static.quantcast.mgr.consensu.org quantcast.mgr.consensu.org
2 cdn.mos.cms.futurecdn.net www.itproportal.com
1 audit.quantcast.mgr.consensu.org www.itproportal.com
1 r.skimresources.com www.itproportal.com
1 vendorlist.consensu.org www.itproportal.com
1 srv-2020-08-04-16.pixel.parsely.com www.itproportal.com
1 ampcid.google.de www.itproportal.com
1 ampcid.google.com www.itproportal.com
1 cdn.parsely.com www.itproportal.com
1 cdn.onesignal.com www.itproportal.com
1 www.itproportal.com
48 21
Subject Issuer Validity Valid
itproportal.com
Let's Encrypt Authority X3		 2020-07-15 -
2020-10-13		 3 months crt.sh
future-fie.co.uk
Let's Encrypt Authority X3		 2020-07-15 -
2020-10-13		 3 months crt.sh
bordeaux.futurecdn.net
Sectigo ECC Domain Validation Secure Server CA		 2020-07-16 -
2020-10-14		 3 months crt.sh
quantcast.mgr.consensu.org
Amazon		 2020-05-22 -
2021-06-22		 a year crt.sh
*.futurecdn.net
DigiCert SHA2 High Assurance Server CA		 2020-06-26 -
2022-07-11		 2 years crt.sh
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2020-04-06 -
2020-10-09		 6 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
*.parsely.com
Amazon		 2020-08-02 -
2021-09-02		 a year crt.sh
sb.scorecardresearch.com
DigiCert Secure Site ECC CA-1		 2020-07-17 -
2021-06-02		 a year crt.sh
*.google.com
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
*.pixel.parsely.com
Let's Encrypt Authority X3		 2020-07-30 -
2020-10-28		 3 months crt.sh
www.google.de
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
vendorlist.consensu.org
Amazon		 2020-02-07 -
2021-03-07		 a year crt.sh
search-api.fie.future.net.uk
Let's Encrypt Authority X3		 2020-07-15 -
2020-10-13		 3 months crt.sh
*.skimresources.com
DigiCert SHA2 Secure Server CA		 2018-09-13 -
2020-10-07		 2 years crt.sh

This page contains 2 frames:

Primary Page: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Frame ID: A6BB97524AE6ED023630EDCA12041D74
Requests: 54 HTTP requests in this frame

Frame: https://static.quantcast.mgr.consensu.org/v35/cmp-3pc-check.html
Frame ID: 5D5AA86375547BE149CE5E06478466B4
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

48
Requests

98 %
HTTPS

50 %
IPv6

13
Domains

21
Subdomains

19
IPs

5
Countries

1364 kB
Transfer

4137 kB
Size

8
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 31
  • https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j83&tid=UA-460866-1&cid=1880568186.1596557895&jid=1242844474&gjid=2098817618&_gid=1301084801.1596557895&_u=YGBAgEABBAQC~&z=1695155875 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-460866-1&cid=1880568186.1596557895&jid=1242844474&_v=j83&z=1695155875 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-460866-1&cid=1880568186.1596557895&jid=1242844474&_v=j83&z=1695155875&slf_rd=1&random=965790925
Request Chain 32
  • https://sb.scorecardresearch.com/b?c1=2&c2=10055482&cs_ucfr=&ns__t=1596557895499&ns_c=UTF-8&cv=3.5&c8=Agent%20Tesla%20malware%20receives%20module%20for%20stealing%20Wi-Fi%20passwords%20%7C%20ITProPortal&c7=https%3A%2F%2Fwww.itproportal.com%2Fnews%2Fagent-tesla-malware-receives-module-for-stealing-wi-fi-passwords%2F&c9= HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=2&c2=10055482&cs_ucfr=&ns__t=1596557895499&ns_c=UTF-8&cv=3.5&c8=Agent%20Tesla%20malware%20receives%20module%20for%20stealing%20Wi-Fi%20passwords%20%7C%20ITProPortal&c7=https%3A%2F%2Fwww.itproportal.com%2Fnews%2Fagent-tesla-malware-receives-module-for-stealing-wi-fi-passwords%2F&c9=&cs_ak_ss=1
Request Chain 53
  • https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j83&tid=UA-460866-1&cid=1880568186.1596557895&jid=1041115399&gjid=1472754594&_gid=1301084801.1596557895&_u=6GDAgEABBAQC~&z=947685027 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-460866-1&cid=1880568186.1596557895&jid=1041115399&_v=j83&z=947685027 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-460866-1&cid=1880568186.1596557895&jid=1041115399&_v=j83&z=947685027&slf_rd=1&random=1513671437

48 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set /
www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/ 		134 KB
38 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.113.25.56 , United Kingdom, ASN20596 (FUTURE, GB),
Reverse DNS
vif07.web.future.net.uk
Software
/
Resource Hash
dc0ccd5b637ac45de6d5f47cd1b4c53a890c7983d0d4f2aa72a3419cd7940115

Request headers

Host
www.itproportal.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 04 Aug 2020 00:04:05 GMT
Content-Type
text/html; charset=UTF-8
X-FTR-Request-ID
9ed97024-2477-412a-9b92-6aad452a16cc 00000000:2C0A_00000000:01BB_5F298A46_41E0D:380A
Last-Modified
Tue, 04 Aug 2020 00:04:05 GMT
X-TraceId
9213288d665a3dc4
Xkey
itproportal-platform-responsive itproportal-article-3KoVr6MwdLJ9u2WQRd2yx6 itproportal-articletype-news itproportal-articletemplate-standard itproportal-article-age-ancient itproportal-region-GB itproportal-language-en itproportal-author-ELZahWhJAXUYezKBy4bDTT itproportal-tag-wTKdvBtG2yArDUcuHELTHo itproportal-tag-RK8oZdBYoKzm64ss6LNQ54 itproportal-tag-pqmHfvk2QqX2GFH6sZF43 itproportal-tag-aHMwb8LEkodp8bM5dj4z9D itproportal-tag-v4V9DbfaErJtyE9mS7APq6 itproportal-version-26.23.3 itproportal-server-ftefrontprodred
X-FTR-Cache-Host
ftefrontprodred
Content-Encoding
gzip
Vary
Accept-Encoding
Age
58449
X-Country-Code
GB
X-FTR-Cache-Status
HIT
X-FTR-Expires
Thu, 06 Aug 2020 00:04:05 GMT
Expires
Tue, 04 Aug 2020 16:23:14 GMT
Cache-Control
max-age=300,public
Set-Cookie
FTR_Country_Code=FR; path=/; domain=www.itproportal.com
X-Country-Code-Real
FR
Accept-Ranges
bytes
Content-Length
37603
X-FTR-Balancer
fteproxyblue
X-FTR-Backend
www-live-sites-varnish-new
X-FTR-Backend-Server
ftevarnishprod-172-20-8-37
responsive.js
widgets.future-fie.co.uk/js/w/ 		105 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widgets.future-fie.co.uk/js/w/responsive.js
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
185.113.25.54 , United Kingdom, ASN20596 (FUTURE, GB),
Reverse DNS
vif09.web.future.net.uk
Software
/
Resource Hash
1c52dedf93e854e8e43a4a5ee332bcabfb6aae454bb013c4e6b401103740acf3

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 04 Aug 2020 16:00:04 GMT
Content-Encoding
gzip
X-Hawk-Country
Xkey
asset-type-fie-widgets
Age
1090
X-Hawk-Area
FR
X-FTR-DC
IX
X-FTR-Realm
pip
X-FTR-Backend
fie-assets
X-FTR-Cache-Status
HIT
Content-Length
29739
X-FTR-Expires
Tue, 04 Aug 2020 16:30:04 GMT
X-FTR-Balancer
hawkproxyprodred
X-FTR-Request-ID
00000000:3FC8_00000000:01BB_5F298A47_94A19B4:7360
Last-Modified
Tue, 04 Aug 2020 12:43:22 GMT
X-Country-Code-Real
FR
ETag
"5f2957ea-1a548"
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
X-FTR-Backend-Server
fievarnishprodwhite
Cache-Control
max-age=3600
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Expires
Tue, 04 Aug 2020 17:00:04 GMT
bordeaux.js
bordeaux.futurecdn.net/ 		764 KB
215 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bordeaux.futurecdn.net/bordeaux.js
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx/1.19.0 /
Resource Hash
8399548fd2f7986cf6bb5cda7bd1e92caf8933bc02237acd2fc2c19f852708aa
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Origin
https://www.itproportal.com

Response headers

date
Tue, 04 Aug 2020 16:18:15 GMT
content-encoding
gzip
last-modified
Tue, 04 Aug 2020 10:29:38 GMT
server
nginx/1.19.0
status
200
etag
W/"5f293892-bf0f3"
strict-transport-security
max-age=15724800; includeSubDomains
x-hw
1596557895.cds024.pa1.hn,1596557895.cds015.pa1.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=738
accept-ranges
bytes
bordeaux-version
3.16.1
content-length
219781
choice.js
quantcast.mgr.consensu.org/choice/uer8ZPXHG8WDU/www.itproportal.com/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://quantcast.mgr.consensu.org/choice/uer8ZPXHG8WDU/www.itproportal.com/choice.js?timestamp=1596557894945
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:214f:2a00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c099ea37947d406152a044d717d6ed11150e67993698be99137aef120ca1ce3f

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 04 Aug 2020 16:18:14 GMT
content-encoding
gzip
etag
"f39290cff29959652712182a80783f42"
last-modified
Wed, 17 Jun 2020 15:07:49 GMT
server
AmazonS3
x-amz-cf-pop
FRA53-C1
x-amz-server-side-encryption
AES256
vary
Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
status
200
x-amz-cf-id
_AgonkKUCdzAsgcQZLi_44fa5PXNkyock9ufCDrFze8ak9xIKipoVQ==
via
1.1 f8895de4463e8d120a0f4b4a1f7703e4.cloudfront.net (CloudFront)
truncated
/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
Origin
https://www.itproportal.com

Response headers

Content-Type
application/font-woff2
vanFont-OpenSans-woff2.json
vanilla.futurecdn.net/itproportal/1/media/fonts/json/ 		68 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vanilla.futurecdn.net/itproportal/1/media/fonts/json/vanFont-OpenSans-woff2.json
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
67.26.83.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Footprint Distributor V6.1.1162 /
Resource Hash
93d4105c5a36b54933b7136bf6f408163c31f1c511f20078ee9931f9a9fece53

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 16 Jul 2020 07:40:29 GMT
Content-Encoding
gzip
Age
1672666
X-FTR-Backend-Server
ftefrontprod-172-20-9-86
X-FTR-DC
IX
X-FTR-Realm
pip
X-FTR-Backend
www-live-sites
Connection
keep-alive
Content-Length
51661
X-FTR-Balancer
webproxyprod01
X-FTR-Request-ID
00000000:B39C_00000000:0050_5F10046D_E1FB16:785C
Last-Modified
Tue, 14 Jul 2020 14:21:33 GMT
Server
Footprint Distributor V6.1.1162
ETag
W/"5f0dbf6d-10f87"
Access-Control-Allow-Methods
GET
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires
Sat, 15 Aug 2020 07:40:56 GMT
vanFont-itproportal-woff.json
vanilla.futurecdn.net/itproportal/1/media/fonts/json/ 		8 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vanilla.futurecdn.net/itproportal/1/media/fonts/json/vanFont-itproportal-woff.json
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
67.26.83.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Footprint Distributor V6.1.1162 /
Resource Hash
16eb877bab7403584c4e79d9c0ee9c6dd691a6feb5c8a7447fb7a54f2f801854

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 06 Jul 2020 09:52:05 GMT
Content-Encoding
gzip
Age
2528770
X-FTR-Backend-Server
ftefrontprodblue.core.future.net.uk
X-FTR-DC
IX
X-FTR-Realm
pip
X-FTR-Backend
www-live-sites
Connection
keep-alive
Content-Length
6214
X-FTR-Balancer
webproxyprod01
X-FTR-Request-ID
00000000:D9ED_00000000:0050_5F02F441_530C30:212B
Last-Modified
Thu, 02 Jul 2020 13:57:56 GMT
Server
Footprint Distributor V6.1.1162
ETag
W/"5efde7e4-200f"
Access-Control-Allow-Methods
GET
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
access-control-allow-credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires
Wed, 05 Aug 2020 09:52:11 GMT
OneSignalSDK.js
cdn.onesignal.com/sdks/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9721d6ecf4d83f45c66a9357bd437900b2175a5b847b653f0c25e927a510363f

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 04 Aug 2020 16:18:14 GMT
content-encoding
gzip
cf-cache-status
HIT
server
cloudflare
age
738
etag
W/"5e29e1ef1db623c260807ad45f3bc175"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=43200
cf-ray
5bd997dbaee90eab-FRA
cf-request-id
045bdd3d4400000eab1a175200000001
expires
Wed, 05 Aug 2020 04:18:14 GMT
itproportal.png
vanilla.futurecdn.net/itproportal/media/img/ 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://vanilla.futurecdn.net/itproportal/media/img/itproportal.png
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
67.26.83.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Footprint Distributor V6.1.1162 /
Resource Hash
e5993a2b8fe9b3b0f0f7fa4966981fa47fdb502fe5b52b62ec30c5c8e3ff27fb

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 25 Jul 2020 09:07:00 GMT
Age
889875
X-FTR-Backend-Server
ftefrontprodred.core.future.net.uk
X-FTR-DC
IX
X-FTR-Realm
pip
X-FTR-Backend
www-live-sites
Connection
keep-alive
Content-Length
9683
X-FTR-Balancer
webproxyprod01
X-FTR-Request-ID
00000000:C15C_00000000:0050_5F1BF634_C9E025:5BA7
Last-Modified
Fri, 24 Jul 2020 15:21:59 GMT
Server
Footprint Distributor V6.1.1162
ETag
"5f1afc97-25d3"
Access-Control-Allow-Methods
GET
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires
Mon, 24 Aug 2020 09:07:00 GMT
analytics.js
www.google-analytics.com/ 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 04 Jun 2020 23:38:14 GMT
server
Golfe2
age
6273
date
Tue, 04 Aug 2020 14:33:41 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18469
expires
Tue, 04 Aug 2020 16:33:41 GMT
aTRi4ZpndcrvX2fhnpJqqF-650-80.jpg
cdn.mos.cms.futurecdn.net/ 		24 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.mos.cms.futurecdn.net/aTRi4ZpndcrvX2fhnpJqqF-650-80.jpg
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
67.27.159.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software
nginx/1.19.0 /
Resource Hash
87a56ef01e4a78e73672b4e06c710b771bee7ae79d3c6590acdd8d603b8283d4

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 14 Jul 2020 14:00:38 GMT
X-Backend
default
Age
1822657
X-FTR-DC
TC
X-FTR-Realm
pip
X-FTR-Backend
mos_kodiak
Connection
keep-alive
X-FTR-Cache-Status
MISS
Content-Length
24822
X-FTR-Balancer
bulkproxyprod01
X-FTR-Request-ID
00000000:E153_00000000:0050_5F0DBA86_6B17AB:6709
Server
nginx/1.19.0
X-Served-By
kodiak-mos-adapter-varnish-fdc57966-f7bhl
Content-Type
image/jpeg
X-FTR-Backend-Server
kube
Cache-Control
max-age=5184000
Accept-Ranges
bytes
Expires
Sat, 12 Sep 2020 14:00:38 GMT
missing-image.svg
vanilla.futurecdn.net/itproportal/media/img/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://vanilla.futurecdn.net/itproportal/media/img/missing-image.svg
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
67.26.83.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Footprint Distributor V6.1.1162 /
Resource Hash
c333253d35d9ea22c91a797c5ad5a77e17ee1575465e284ae2503cb345d5c5c5

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 30 Jul 2020 14:11:54 GMT
Age
439581
X-FTR-Backend-Server
ftefrontprodblue.core.future.net.uk
X-FTR-DC
IX
X-FTR-Realm
pip
X-FTR-Backend
www-live-sites
Connection
keep-alive
Content-Length
2354
X-FTR-Balancer
webproxyprod01
X-FTR-Request-ID
00000000:ED40_00000000:0050_5F22D52A_2CF5F8:03E3
Last-Modified
Wed, 29 Jul 2020 13:43:09 GMT
Server
Footprint Distributor V6.1.1162
ETag
"5f217ced-932"
access-control-allow-methods
GET
Content-Type
image/svg+xml
access-control-allow-origin
*
Cache-Control
max-age=2592000
access-control-allow-credentials
true
Accept-Ranges
bytes
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires
Thu, 03 Sep 2020 11:19:04 GMT
hawklinks.js
widgets.future-fie.co.uk/hl/ 		130 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widgets.future-fie.co.uk/hl/hawklinks.js
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
185.113.25.54 , United Kingdom, ASN20596 (FUTURE, GB),
Reverse DNS
vif09.web.future.net.uk
Software
/
Resource Hash
54c2947563ad41bdeb1adc07ef01dd911cc167647b3892205f11f34a233f2352

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 04 Aug 2020 16:10:44 GMT
Content-Encoding
gzip
X-Hawk-Country
Xkey
asset-type-fie-hawklinks
Age
450
X-Hawk-Area
FR
X-FTR-DC
IX
X-FTR-Realm
pip
X-FTR-Backend
fie-assets
X-FTR-Cache-Status
HIT
Content-Length
40557
X-FTR-Expires
Tue, 04 Aug 2020 16:40:44 GMT
X-FTR-Balancer
hawkproxyprodred
X-FTR-Request-ID
00000000:3FC6_00000000:01BB_5F298A47_3E4D3F6:735E
Last-Modified
Tue, 14 Jul 2020 14:19:22 GMT
X-Country-Code-Real
FR
ETag
"5f0dbeea-208c9"
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
X-FTR-Backend-Server
fievarnishprodwhite
Cache-Control
max-age=3600
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Expires
Tue, 04 Aug 2020 17:10:44 GMT
p.js
cdn.parsely.com/keys/itproportal.com/ 		48 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.parsely.com/keys/itproportal.com/p.js
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.35.255.237 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-255-237.fra6.r.cloudfront.net
Software
nginx /
Resource Hash
15858206307ad259523119476dc925f0f2404bb771cd54efe01de1c2a5989649

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
public
date
Tue, 04 Aug 2020 11:33:53 GMT
content-encoding
gzip
last-modified
Thu, 02 Apr 2020 00:30:30 GMT
server
nginx
age
17045
etag
"5e853226-c07e"
x-cache
Hit from cloudfront
content-type
application/x-javascript
status
200
cache-control
max-age=86400, public
x-amz-cf-pop
FRA6-C1
x-amz-cf-id
p1Xdj4z37o2wRpTqHtFchKpMMFYHHEG-ZXRsf69ekwn7E5yKvIIsRg==
via
1.1 3095e870e1a1a1b03178e40ab1872de5.cloudfront.net (CloudFront)
expires
Wed, 05 Aug 2020 11:33:53 GMT
beacon.js
sb.scorecardresearch.com/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.16.105.213 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-16-105-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 04 Aug 2020 16:18:15 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
private, no-transform, max-age=86400
Connection
keep-alive
Content-Length
884
Expires
Wed, 05 Aug 2020 16:18:15 GMT
main.min.js
vanilla.futurecdn.net/itproportal/196626/media/js/ 		964 KB
204 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vanilla.futurecdn.net/itproportal/196626/media/js/main.min.js
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
67.26.83.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Footprint Distributor V6.1.1162 /
Resource Hash
644ec5cfe0711114299adadd4612cdfcba492b051fb7568108c4d6c27b4e6895

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 31 Jul 2020 17:14:24 GMT
Content-Encoding
gzip
Age
342231
X-FTR-Backend-Server
ftefrontprod-172-20-9-85
X-FTR-DC
IX
X-FTR-Realm
pip
X-FTR-Backend
www-live-sites
Connection
keep-alive
Content-Length
207816
X-FTR-Balancer
webproxyprod01
X-FTR-Request-ID
00000000:5ABD_00000000:0050_5F245170_46B1CA:03E3
Last-Modified
Fri, 31 Jul 2020 16:44:26 GMT
Server
Footprint Distributor V6.1.1162
ETag
W/"5f244a6a-f0f10"
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires
Sun, 30 Aug 2020 17:28:16 GMT
publisher:getClientId
ampcid.google.com/v1/ 		74 B
546 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 04 Aug 2020 16:18:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server
ESF
status
200
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.itproportal.com
access-control-expose-headers
content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
vary
Origin, X-Origin, Referer
content-length
94
x-xss-protection
0
cmp.js
quantcast.mgr.consensu.org/ 		257 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://quantcast.mgr.consensu.org/cmp.js
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/uer8ZPXHG8WDU/www.itproportal.com/choice.js?timestamp=1596557894945
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:214f:2a00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8b80635d65f907b3eccd5b25b9ce269f3ea4ae3ff47ac34d59e533dc782aef80

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Tue, 04 Aug 2020 16:17:15 GMT
content-encoding
gzip
last-modified
Thu, 09 Jul 2020 22:07:20 GMT
server
AmazonS3
age
60
etag
"2199494e2561c37afe3b476b00aff1dd"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript;charset=UTF-8
status
200
x-amz-meta-qc-ineu
True
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
YIxL2tlJzer_tCUd8SMtqcW90taJH8iLq35z27E-uRy4Uvd-4CObMA==
via
1.1 f8895de4463e8d120a0f4b4a1f7703e4.cloudfront.net (CloudFront)
itproportal.min.css
vanilla.futurecdn.net/itproportal/196626/media/css/ 		348 KB
48 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://vanilla.futurecdn.net/itproportal/196626/media/css/itproportal.min.css
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
67.26.83.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Footprint Distributor V6.1.1162 /
Resource Hash
b2f798afb7a6251648b46c9e905b180fc5624fce97c855a39f0c67ef70a15685

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 31 Jul 2020 17:14:24 GMT
Content-Encoding
gzip
Age
342231
X-FTR-Backend-Server
ftefrontprod-172-20-9-86
X-FTR-DC
IX
X-FTR-Realm
pip
X-FTR-Backend
www-live-sites
Connection
keep-alive
Content-Length
48426
X-FTR-Balancer
webproxyprodred
X-FTR-Request-ID
00000000:DED7_00000000:0050_5F245170_EA15A0:7F20
Last-Modified
Fri, 31 Jul 2020 16:44:26 GMT
Server
Footprint Distributor V6.1.1162
ETag
W/"5f244a6a-571db"
Access-Control-Allow-Methods
GET
Content-Type
text/css
access-control-allow-origin
*
Cache-Control
max-age=2592000
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires
Sun, 30 Aug 2020 17:28:16 GMT
truncated
/ 		6 KB
6 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b54290f9d276e81c3ecb50eca0f8e86a9156a7309cb56662a830bc58db8b2c72

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
Origin
https://www.itproportal.com

Response headers

Content-Type
application/font-woff
publisher:getClientId
ampcid.google.de/v1/ 		3 B
276 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ampcid.google.de/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 04 Aug 2020 16:18:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server
ESF
status
200
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.itproportal.com
access-control-expose-headers
content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
vary
Origin, X-Origin, Referer
content-length
23
x-xss-protection
0
cmp-3pc-check.html
static.quantcast.mgr.consensu.org/v35/ Frame 5D5A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://static.quantcast.mgr.consensu.org/v35/cmp-3pc-check.html
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:214f:2600:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

:method
GET
:authority
static.quantcast.mgr.consensu.org
:scheme
https
:path
/v35/cmp-3pc-check.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/

Response headers

status
200
content-type
text/html
content-length
645
last-modified
Thu, 09 Jul 2020 22:07:14 GMT
x-amz-server-side-encryption
AES256
accept-ranges
bytes
server
AmazonS3
date
Tue, 04 Aug 2020 16:07:07 GMT
etag
"55b98270d639ef0c34781d9f03cce91f"
x-cache
Hit from cloudfront
via
1.1 16dc09493f48bbc1fd2cdd6e175a94f7.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
uG0we_Qa50Iv0V57Z08jJHDqN4m6AqzUUvRsosnd04n1T-YdM1yZRw==
age
669
truncated
/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
12b9d92963b594157b22adeebfbcf463b80c5d504f0fefe3bee1533e20a996c9

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
Origin
https://www.itproportal.com

Response headers

Content-Type
application/font-woff2
truncated
/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
83113ce831f3f1ec8841232d895e17f722444b1939f5230891f7ff17a7c53618

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
Origin
https://www.itproportal.com

Response headers

Content-Type
application/font-woff2
truncated
/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6ed0702c109875dca01cfa51b44aa5c9da3f51892f8e9ba54e523d772ca20afb

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
Origin
https://www.itproportal.com

Response headers

Content-Type
application/font-woff2
truncated
/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7a223174668e40dccd38462d34304503b75e31e700bff92b7e9e8fdda3274670

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
Origin
https://www.itproportal.com

Response headers

Content-Type
application/font-woff2
e4b403fb-86c4-4eb0-a603-58f3a5f3c241
https://www.itproportal.com/ 		14 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.itproportal.com/e4b403fb-86c4-4eb0-a603-58f3a5f3c241
Requested by
Host: bordeaux.futurecdn.net
URL: https://bordeaux.futurecdn.net/bordeaux.js
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
815c6d7144c29e295e7494dae017529dd9ec9fb01d91a3bb1771c5445624d362

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length
14736
desktop-article-layout-responsive.c15a1fad58e4c0722612.js
bordeaux.futurecdn.net/ 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bordeaux.futurecdn.net/desktop-article-layout-responsive.c15a1fad58e4c0722612.js
Requested by
Host: bordeaux.futurecdn.net
URL: https://bordeaux.futurecdn.net/bordeaux.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx/1.19.0 /
Resource Hash
9a052c6643983b907f9cfa72964233eec250fc8931a7515019b548bd0fa53a47
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 04 Aug 2020 16:18:15 GMT
content-encoding
gzip
last-modified
Tue, 04 Aug 2020 10:29:38 GMT
server
nginx/1.19.0
status
200
etag
W/"5f293892-1b41"
strict-transport-security
max-age=15724800; includeSubDomains
x-hw
1596557895.cds041.pa1.hn,1596557895.cds013.pa1.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=68745
accept-ranges
bytes
bordeaux-version
3.16.1
content-length
1872
n-format-format-responsive.c15a1fad58e4c0722612.js
bordeaux.futurecdn.net/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bordeaux.futurecdn.net/n-format-format-responsive.c15a1fad58e4c0722612.js
Requested by
Host: bordeaux.futurecdn.net
URL: https://bordeaux.futurecdn.net/bordeaux.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx/1.19.0 /
Resource Hash
2700bf1468e7d171f1043abc415dc9aad2f8ff3caf652832db59707274afb8a2
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 04 Aug 2020 16:18:15 GMT
content-encoding
gzip
last-modified
Tue, 04 Aug 2020 10:29:38 GMT
server
nginx/1.19.0
status
200
etag
W/"5f293892-2de0"
strict-transport-security
max-age=15724800; includeSubDomains
x-hw
1596557895.cds041.pa1.hn,1596557895.cds018.pa1.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=68684
accept-ranges
bytes
bordeaux-version
3.16.1
content-length
3861
cmpui-popup.js
static.quantcast.mgr.consensu.org/v35/ 		259 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.quantcast.mgr.consensu.org/v35/cmpui-popup.js
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:214f:2600:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
257217d0c5472fde2e3fdd08cb839e220a9b2d9dbd44ac33078b671edabb84af

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 04 Aug 2020 16:05:01 GMT
content-encoding
gzip
last-modified
Thu, 09 Jul 2020 22:07:14 GMT
server
AmazonS3
age
795
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript;charset=UTF-8
status
200
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
qxnys7vGc5qR_SVjkVj1tmK5k-0ixHuZ4ZL_3h5-sliU6zzSgc1XxQ==
via
1.1 16dc09493f48bbc1fd2cdd6e175a94f7.cloudfront.net (CloudFront)
/
srv-2020-08-04-16.pixel.parsely.com/plogger/ 		43 B
229 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://srv-2020-08-04-16.pixel.parsely.com/plogger/?rand=1596557895366&plid=22306151&idsite=itproportal.com&url=https%3A%2F%2Fwww.itproportal.com%2Fnews%2Fagent-tesla-malware-receives-module-for-stealing-wi-fi-passwords%2F&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%7D&sid=1&surl=https%3A%2F%2Fwww.itproportal.com%2Fnews%2Fagent-tesla-malware-receives-module-for-stealing-wi-fi-passwords%2F&sref=&sts=1596557895362&slts=0&title=Agent+Tesla+malware+receives+module+for+stealing+Wi-Fi+passwords+%7C+ITProPortal&date=Tue+Aug+04+2020+18%3A18%3A15+GMT%2B0200+(Central+European+Summer+Time)&action=pageview&pvid=14035048&u=pid%3D96ef9c072ad52e2e9a2f1a0b59e645d4
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.190.40 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-190-40.compute-1.amazonaws.com
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 04 Aug 2020 16:18:15 GMT
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
collect
www.google-analytics.com/ 		35 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j83&a=507930183&t=pageview&_s=1&dl=https%3A%2F%2Fwww.itproportal.com%2Fnews%2Fagent-tesla-malware-receives-module-for-stealing-wi-fi-passwords%2F&ul=en-us&de=UTF-8&dt=Agent%20Tesla%20malware%20receives%20module%20for%20stealing%20Wi-Fi%20passwords%20%7C%20ITProPortal&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgEABBAQC~&jid=1242844474&gjid=2098817618&cid=1880568186.1596557895&tid=UA-460866-1&_gid=1301084801.1596557895&cd57=vanilla-beta&cd40=Malware&cd41=Wi-Fi%7CPassword%7CMalwarebytes%7CUser_computing%7CComputer&cd42=Malwarebytes&cd43=Software&cd45=Malware&cd46=agent_tesla&cd47=Agent_Tesla_malware_receives_module_for_stealing_Wi-Fi_passwords&cd50=5&cd51=false&cd58=agent_tesla%7Cmalware%7Cwi-fi%7Cpassword&cd74=&cd13=false&cd10=EN-GB&cd1=news&cd2=security&cd4=Tech_IT_ProPortal%2F&cd5=3KoVr6MwdLJ9u2WQRd2yx6&cd6=%7Cagent_tesla%7Cmalware%7Cwi-fi%7Cpassword%7Cserversidehawk&cd7=sead_fadilpa%C5%A1i%C4%87&cd8=17-04-2020&cd9=1&cd27=196626&cd95=news&cd106=0&cd126=en&cd127=GB%7CUS%7CAU%7CSG&cd128=17-04-2020&cd31=9.3&cd30=4g&z=1506478051
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jul 2020 22:56:09 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
580926
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j83&tid=UA-460866-1&cid=1880568186.1596557895&jid=1242844474&gjid=2098817618&_gid=1301084801.1596557895&_u=YGBAgEABBAQC~&z=1695155875
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-460866-1&cid=1880568186.1596557895&jid=1242844474&_v=j83&z=1695155875
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-460866-1&cid=1880568186.1596557895&jid=1242844474&_v=j83&z=1695155875&slf_rd=1&random=965790925
42 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-460866-1&cid=1880568186.1596557895&jid=1242844474&_v=j83&z=1695155875&slf_rd=1&random=965790925
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 04 Aug 2020 16:18:15 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 04 Aug 2020 16:18:15 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
text/html; charset=UTF-8
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-460866-1&cid=1880568186.1596557895&jid=1242844474&_v=j83&z=1695155875&slf_rd=1&random=965790925
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
b2
sb.scorecardresearch.com/
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=2&c2=10055482&cs_ucfr=&ns__t=1596557895499&ns_c=UTF-8&cv=3.5&c8=Agent%20Tesla%20malware%20receives%20module%20for%20stealing%20Wi-Fi%20passwords%20%7C%20ITProP...
  • https://sb.scorecardresearch.com/b2?c1=2&c2=10055482&cs_ucfr=&ns__t=1596557895499&ns_c=UTF-8&cv=3.5&c8=Agent%20Tesla%20malware%20receives%20module%20for%20stealing%20Wi-Fi%20passwords%20%7C%20ITPro...
0
399 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b2?c1=2&c2=10055482&cs_ucfr=&ns__t=1596557895499&ns_c=UTF-8&cv=3.5&c8=Agent%20Tesla%20malware%20receives%20module%20for%20stealing%20Wi-Fi%20passwords%20%7C%20ITProPortal&c7=https%3A%2F%2Fwww.itproportal.com%2Fnews%2Fagent-tesla-malware-receives-module-for-stealing-wi-fi-passwords%2F&c9=&cs_ak_ss=1
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.16.105.213 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-16-105-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 04 Aug 2020 16:18:15 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://sb.scorecardresearch.com/b2?c1=2&c2=10055482&cs_ucfr=&ns__t=1596557895499&ns_c=UTF-8&cv=3.5&c8=Agent%20Tesla%20malware%20receives%20module%20for%20stealing%20Wi-Fi%20passwords%20%7C%20ITProPortal&c7=https%3A%2F%2Fwww.itproportal.com%2Fnews%2Fagent-tesla-malware-receives-module-for-stealing-wi-fi-passwords%2F&c9=&cs_ak_ss=1
Pragma
no-cache
Date
Tue, 04 Aug 2020 16:18:15 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT
vendorlist.json
vendorlist.consensu.org/ 		99 KB
18 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vendorlist.consensu.org/vendorlist.json
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2057:a200:1:af78:4c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
62b07f5b473f87a3ebe9738f063584774f835dcf8b0c423cab5f8515c93553f5

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 30 Jul 2020 17:43:32 GMT
content-encoding
gzip
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
age
426884
x-cache
Hit from cloudfront
status
200
access-control-allow-origin
*
last-modified
Thu, 30 Jul 2020 16:00:38 GMT
server
AmazonS3
access-control-max-age
604800
access-control-allow-methods
GET
x-amz-version-id
reOIFJV51MP7DSnJY4Drcaf.WGBefbQC
via
1.1 7ff386cc5735ee5d428e6d9e2fdc8b2c.cloudfront.net (CloudFront)
cache-control
max-age=604800
x-amz-cf-pop
FRA6-C1
content-type
application/json; charset=utf-8
x-amz-cf-id
f1LlGIjyyLaXVkmfkaNxq1kqq20bNMyP_qA6vj6Q7KBn7vBrwUGBOQ==
8f6960327756f48463157a29c624e341-1024-80.png
cdn.mos.cms.futurecdn.net/ 		301 KB
302 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.mos.cms.futurecdn.net/8f6960327756f48463157a29c624e341-1024-80.png
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
67.27.159.124 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software
openresty/1.15.8.1 /
Resource Hash
60c241d785fbcd5f46e055447e69a9708dce28727effd43c0b1683f1d2bd410c

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 25 Jun 2020 12:04:59 GMT
X-Backend
default
Age
3471196
X-FTR-DC
IX
X-FTR-Realm
pip
X-FTR-Backend
mos_kodiak
Connection
keep-alive
X-FTR-Cache-Status
MISS
Content-Length
308243
X-FTR-Balancer
bulkproxyprodred
X-FTR-Request-ID
00000000:EDE9_00000000:0050_5EF492EA_AD86B3:5209
Server
openresty/1.15.8.1
X-Served-By
kodiak-mos-adapter-varnish-fdc57966-f7bhl
Content-Type
image/png
X-FTR-Backend-Server
kube
Cache-Control
max-age=5184000
Accept-Ranges
bytes
Expires
Mon, 24 Aug 2020 12:06:44 GMT
merchant-domains.php
search-api.fie.future.net.uk/ 		185 KB
40 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://search-api.fie.future.net.uk/merchant-domains.php?site=ITPROPORTAL
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
185.113.25.54 , United Kingdom, ASN20596 (FUTURE, GB),
Reverse DNS
vif09.web.future.net.uk
Software
/
Resource Hash
4b6ec0c59a6cb2f98c11183d7bfab661c9b3ae41ad62cbe5a8f16ab7eec68322

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 04 Aug 2020 16:05:11 GMT
Content-Encoding
gzip
X-Hawk-Country
Age
784
X-Hawk-Area
FR
X-FTR-DC
IX
X-FTR-Realm
pip
X-FTR-Backend
fie-api
X-FTR-Cache-Status
HIT
Content-Length
40535
X-FTR-Expires
Tue, 04 Aug 2020 16:35:11 GMT
X-FTR-Balancer
hawkproxyprodred
X-FTR-Request-ID
00000000:3FE6_00000000:01BB_5F298A47_3E4D43C:735E
X-Country-Code-Real
FR
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/json; charset=utf-8;
X-FTR-Backend-Server
fievarnishprodwhite
Cache-Control
max-age=300,public
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Hawk-Country,X-Hawk-Area
Expires
Tue, 04 Aug 2020 16:23:15 GMT
collect
www.google-analytics.com/ 		35 B
100 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j83&a=507930183&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.itproportal.com%2Fnews%2Fagent-tesla-malware-receives-module-for-stealing-wi-fi-passwords%2F&ul=en-us&de=UTF-8&dt=Agent%20Tesla%20malware%20receives%20module%20for%20stealing%20Wi-Fi%20passwords%20%7C%20ITProPortal&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Navigation&ea=Scroll&el=Scroll%20Depth%20Quartile%2025%25&_u=aGBAgEABBAQC~&jid=&gjid=&cid=1880568186.1596557895&tid=UA-460866-1&_gid=1301084801.1596557895&cd57=vanilla-beta&cd40=Malware&cd41=Wi-Fi%7CPassword%7CMalwarebytes%7CUser_computing%7CComputer&cd42=Malwarebytes&cd43=Software&cd45=Malware&cd46=agent_tesla&cd47=Agent_Tesla_malware_receives_module_for_stealing_Wi-Fi_passwords&cd50=5&cd51=false&cd58=agent_tesla%7Cmalware%7Cwi-fi%7Cpassword&cd74=&cd10=EN-GB&cd1=news&cd5=3KoVr6MwdLJ9u2WQRd2yx6&cd6=%7Cagent_tesla%7Cmalware%7Cwi-fi%7Cpassword%7Cserversidehawk&cd39=%2Fnews%2Fagent-tesla-malware-receives-module-for-stealing-wi-fi-passwords%2F&cm27=1422&cm28=356&cm1=663&cm29=13&z=2023770283
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jul 2020 22:56:09 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
580926
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
100 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j83&a=507930183&t=event&ni=1&_s=3&dl=https%3A%2F%2Fwww.itproportal.com%2Fnews%2Fagent-tesla-malware-receives-module-for-stealing-wi-fi-passwords%2F&ul=en-us&de=UTF-8&dt=Agent%20Tesla%20malware%20receives%20module%20for%20stealing%20Wi-Fi%20passwords%20%7C%20ITProPortal&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Navigation&ea=Scroll&el=Scroll%20Depth%20Quartile%2050%25&_u=aGBAgEABBAQC~&jid=&gjid=&cid=1880568186.1596557895&tid=UA-460866-1&_gid=1301084801.1596557895&cd57=vanilla-beta&cd40=Malware&cd41=Wi-Fi%7CPassword%7CMalwarebytes%7CUser_computing%7CComputer&cd42=Malwarebytes&cd43=Software&cd45=Malware&cd46=agent_tesla&cd47=Agent_Tesla_malware_receives_module_for_stealing_Wi-Fi_passwords&cd50=5&cd51=false&cd58=agent_tesla%7Cmalware%7Cwi-fi%7Cpassword&cd74=&cd10=EN-GB&cd1=news&cd5=3KoVr6MwdLJ9u2WQRd2yx6&cd6=%7Cagent_tesla%7Cmalware%7Cwi-fi%7Cpassword%7Cserversidehawk&cd39=%2Fnews%2Fagent-tesla-malware-receives-module-for-stealing-wi-fi-passwords%2F&cm27=1422&cm28=711&cm1=667&cm29=13&z=782564249
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jul 2020 22:56:09 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
580926
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
100 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j83&a=507930183&t=event&ni=1&_s=4&dl=https%3A%2F%2Fwww.itproportal.com%2Fnews%2Fagent-tesla-malware-receives-module-for-stealing-wi-fi-passwords%2F&ul=en-us&de=UTF-8&dt=Agent%20Tesla%20malware%20receives%20module%20for%20stealing%20Wi-Fi%20passwords%20%7C%20ITProPortal&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Navigation&ea=Scroll&el=Scroll%20Depth%20Quartile%2075%25&_u=aGBAgEABBAQC~&jid=&gjid=&cid=1880568186.1596557895&tid=UA-460866-1&_gid=1301084801.1596557895&cd57=vanilla-beta&cd40=Malware&cd41=Wi-Fi%7CPassword%7CMalwarebytes%7CUser_computing%7CComputer&cd42=Malwarebytes&cd43=Software&cd45=Malware&cd46=agent_tesla&cd47=Agent_Tesla_malware_receives_module_for_stealing_Wi-Fi_passwords&cd50=5&cd51=false&cd58=agent_tesla%7Cmalware%7Cwi-fi%7Cpassword&cd74=&cd10=EN-GB&cd1=news&cd5=3KoVr6MwdLJ9u2WQRd2yx6&cd6=%7Cagent_tesla%7Cmalware%7Cwi-fi%7Cpassword%7Cserversidehawk&cd39=%2Fnews%2Fagent-tesla-malware-receives-module-for-stealing-wi-fi-passwords%2F&cm27=1422&cm28=1067&cm1=669&cm29=13&z=2036843455
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jul 2020 22:56:09 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
580926
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
100 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j83&a=507930183&t=event&ni=1&_s=5&dl=https%3A%2F%2Fwww.itproportal.com%2Fnews%2Fagent-tesla-malware-receives-module-for-stealing-wi-fi-passwords%2F&ul=en-us&de=UTF-8&dt=Agent%20Tesla%20malware%20receives%20module%20for%20stealing%20Wi-Fi%20passwords%20%7C%20ITProPortal&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Navigation&ea=Scroll&el=Scroll%20Depth%20Quartile%20100%25&_u=aGBAgEABBAQC~&jid=&gjid=&cid=1880568186.1596557895&tid=UA-460866-1&_gid=1301084801.1596557895&cd57=vanilla-beta&cd40=Malware&cd41=Wi-Fi%7CPassword%7CMalwarebytes%7CUser_computing%7CComputer&cd42=Malwarebytes&cd43=Software&cd45=Malware&cd46=agent_tesla&cd47=Agent_Tesla_malware_receives_module_for_stealing_Wi-Fi_passwords&cd50=5&cd51=false&cd58=agent_tesla%7Cmalware%7Cwi-fi%7Cpassword&cd74=&cd10=EN-GB&cd1=news&cd5=3KoVr6MwdLJ9u2WQRd2yx6&cd6=%7Cagent_tesla%7Cmalware%7Cwi-fi%7Cpassword%7Cserversidehawk&cd39=%2Fnews%2Fagent-tesla-malware-receives-module-for-stealing-wi-fi-passwords%2F&cm27=1422&cm28=1422&cm1=670&cm29=13&z=300837461
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jul 2020 22:56:09 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
580926
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
pubvendors.json
quantcast.mgr.consensu.org/choice/uer8ZPXHG8WDU/www.itproportal.com/.well-known/ 		6 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://quantcast.mgr.consensu.org/choice/uer8ZPXHG8WDU/www.itproportal.com/.well-known/pubvendors.json?timestamp=1596557895075
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:214f:2a00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bbfbc18a21e02051c4dddae953f81aa2f1fb81dc7bd5a58019ef70992d9fa60d

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 04 Aug 2020 16:18:17 GMT
content-encoding
gzip
vary
Accept-Encoding,Origin
x-amz-cf-pop
FRA53-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
status
200
access-control-allow-origin
https://www.itproportal.com
last-modified
Fri, 27 Mar 2020 14:01:01 GMT
server
AmazonS3
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/json;charset=UTF-8
via
1.1 850ccace60916919bf31313cb9176e01.cloudfront.net (CloudFront)
access-control-allow-credentials
true
x-amz-cf-id
K7TrC6Nz4NB5lzceYjm_f0dQOIOogKOsVmyppYYfEYs3BIzjG_we6A==
translations.php
search-api.fie.future.net.uk/ 		29 KB
10 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://search-api.fie.future.net.uk/translations.php?language=en-FR
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
185.113.25.54 , United Kingdom, ASN20596 (FUTURE, GB),
Reverse DNS
vif09.web.future.net.uk
Software
/
Resource Hash
d63c6950beeca282911c61ae355e150d1211799c4caceb716deb4fc87c71d93c

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 04 Aug 2020 16:10:54 GMT
Content-Encoding
gzip
X-Hawk-Country
Age
441
X-Hawk-Area
FR
X-FTR-DC
IX
X-FTR-Realm
pip
X-FTR-Backend
fie-api
X-FTR-Cache-Status
HIT
Content-Length
9679
X-FTR-Expires
Tue, 04 Aug 2020 16:40:54 GMT
X-FTR-Balancer
hawkproxyprodred
X-FTR-Request-ID
00000000:3FE6_00000000:01BB_5F298A47_3E4D441:735E
X-Country-Code-Real
FR
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/json; charset=utf-8;
X-FTR-Backend-Server
fievarnishprodred
Cache-Control
max-age=300,public
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Hawk-Country,X-Hawk-Area
Expires
Tue, 04 Aug 2020 16:23:15 GMT
hawk.min.css
widgets.future-fie.co.uk/css/14.20.5-14dc6ce5dabb714a4eea02e23419502074d71bc5/ 		19 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://widgets.future-fie.co.uk/css/14.20.5-14dc6ce5dabb714a4eea02e23419502074d71bc5/hawk.min.css
Requested by
Host: widgets.future-fie.co.uk
URL: https://widgets.future-fie.co.uk/js/w/responsive.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
185.113.25.54 , United Kingdom, ASN20596 (FUTURE, GB),
Reverse DNS
vif09.web.future.net.uk
Software
/
Resource Hash
705e12185826ff5c7f200660d97a87c6f9af1ab6d4c8242c5ecaa4294a2a0810

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 04 Aug 2020 16:12:01 GMT
Content-Encoding
gzip
X-Hawk-Country
Xkey
asset-type-fie-widgets
Age
374
X-Hawk-Area
FR
X-FTR-DC
IX
X-FTR-Realm
pip
X-FTR-Backend
fie-assets
X-FTR-Cache-Status
HIT
Content-Length
2256
X-FTR-Expires
Tue, 04 Aug 2020 16:42:01 GMT
X-FTR-Balancer
hawkproxyprodred
X-FTR-Request-ID
00000000:3FC8_00000000:01BB_5F298A47_94A19BE:7360
Last-Modified
Tue, 04 Aug 2020 12:43:22 GMT
X-Country-Code-Real
FR
ETag
"5f2957ea-4a58"
Vary
Accept-Encoding
Content-Type
text/css
X-FTR-Backend-Server
fievarnishprodred
Cache-Control
max-age=3600
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Expires
Tue, 04 Aug 2020 17:12:01 GMT
hawk.js
widgets.future-fie.co.uk/js/w/1c7f74177c20e1fefc82/ 		229 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widgets.future-fie.co.uk/js/w/1c7f74177c20e1fefc82/hawk.js
Requested by
Host: widgets.future-fie.co.uk
URL: https://widgets.future-fie.co.uk/js/w/responsive.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
185.113.25.54 , United Kingdom, ASN20596 (FUTURE, GB),
Reverse DNS
vif09.web.future.net.uk
Software
/
Resource Hash
4cd82e5e94d13c9251ebe49c1e32b923944fb89c0a794cf61e0761434c347cec

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 04 Aug 2020 16:12:01 GMT
Content-Encoding
gzip
X-Hawk-Country
Xkey
asset-type-fie-widgets
Age
374
X-Hawk-Area
FR
X-FTR-DC
IX
X-FTR-Realm
pip
X-FTR-Backend
fie-assets
X-FTR-Cache-Status
HIT
Content-Length
73615
X-FTR-Expires
Tue, 04 Aug 2020 16:42:01 GMT
X-FTR-Balancer
hawkproxyprodred
X-FTR-Request-ID
00000000:3FC6_00000000:01BB_5F298A47_3E4D3FA:735E
Last-Modified
Tue, 04 Aug 2020 12:43:22 GMT
X-Country-Code-Real
FR
ETag
"5f2957ea-3949d"
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
X-FTR-Backend-Server
fievarnishprodred
Cache-Control
max-age=3600
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Expires
Tue, 04 Aug 2020 17:12:01 GMT
itproportal.min.css
widgets.future-fie.co.uk/css/ 		3 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://widgets.future-fie.co.uk/css/itproportal.min.css
Requested by
Host: widgets.future-fie.co.uk
URL: https://widgets.future-fie.co.uk/js/w/responsive.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
185.113.25.54 , United Kingdom, ASN20596 (FUTURE, GB),
Reverse DNS
vif09.web.future.net.uk
Software
/
Resource Hash
a56f4e6e1eb3fc85b35f6dd8d598c05600c3225f471f8855fbc83bf76d89c524

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 04 Aug 2020 16:05:11 GMT
Content-Encoding
gzip
X-Hawk-Country
Xkey
asset-type-fie-widgets
Age
783
X-Hawk-Area
FR
X-FTR-DC
IX
X-FTR-Realm
pip
X-FTR-Backend
fie-assets
X-FTR-Cache-Status
HIT
Content-Length
1316
X-FTR-Expires
Tue, 04 Aug 2020 16:35:11 GMT
X-FTR-Balancer
hawkproxyprodred
X-FTR-Request-ID
00000000:3FC8_00000000:01BB_5F298A47_94A1A32:7360
Last-Modified
Tue, 04 Aug 2020 12:43:22 GMT
X-Country-Code-Real
FR
ETag
"5f2957ea-d9a"
Vary
Accept-Encoding
Content-Type
text/css
X-FTR-Backend-Server
fievarnishprodred
Cache-Control
max-age=3600
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Expires
Tue, 04 Aug 2020 17:05:11 GMT
/
r.skimresources.com/api/ 		149 B
408 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://r.skimresources.com/api/?persistence=1&xguid=01BT2SNRZKMTD96W8181AS0KKC&data={%22pubcode%22:%2292X1583683%22,%22domains%22:[%22itproportal.com%22,%22facebook.com%22,%22twitter.com%22,%22futureplc.com%22,%22send%22,%22pinterest.com%22,%22%22,%22redirectingat.com%22,%22bleepingcomputer.com%22],%22page%22:%22https%3A%2F%2Fwww.itproportal.com%2Fnews%2Fagent-tesla-malware-receives-module-for-stealing-wi-fi-passwords%2F%22}&checksum=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.59.101 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
101.59.190.35.bc.googleusercontent.com
Software
openresty/1.11.2.5 /
Resource Hash
4e2f403184fbd8d4f68ed9cda59897fbc3022916e25d826b555fb190c520087f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 04 Aug 2020 16:18:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
openresty/1.11.2.5
status
200
vary
Accept-Encoding
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
https://www.itproportal.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000
content-type
application/json
alt-svc
clear
via
1.1 google
widget.php
search-api.fie.future.net.uk/ 		249 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://search-api.fie.future.net.uk/widget.php?site=ITPROPORTAL&article_type=news&article_category=retail&model_name=Malware&deals_per_model=1&multi=1&related_models=1&rows=4&filter_product_types=deals
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
185.113.25.54 , United Kingdom, ASN20596 (FUTURE, GB),
Reverse DNS
vif09.web.future.net.uk
Software
/
Resource Hash
87d230f7c01fbd87b9cf2d808106704ab33953c7e01142d0fb5fdf81b7236e0d

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 04 Aug 2020 16:18:16 GMT
Content-Encoding
gzip
X-Hawk-Country
Age
0
X-Hawk-Area
FR
X-FTR-DC
IX
X-FTR-Realm
pip
X-FTR-Backend
fie-api
X-FTR-Cache-Status
MISS
Content-Length
179
X-FTR-Expires
Tue, 04 Aug 2020 16:48:16 GMT
X-FTR-Balancer
hawkproxyprodred
X-FTR-Request-ID
00000000:3FE6_00000000:01BB_5F298A47_3E4D447:735E
X-Country-Code-Real
FR
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/json; charset=utf-8;
X-FTR-Backend-Server
fievarnishprodwhite
Cache-Control
max-age=300,public
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Hawk-Country,X-Hawk-Area
Expires
Tue, 04 Aug 2020 16:23:16 GMT
seasonal.php
search-api.fie.future.net.uk/ 		72 B
914 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://search-api.fie.future.net.uk/seasonal.php?site=ITPROPORTAL&article_type=news&article_category=retail
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
185.113.25.54 , United Kingdom, ASN20596 (FUTURE, GB),
Reverse DNS
vif09.web.future.net.uk
Software
/
Resource Hash
976ed1fd6d68d993e4716268f5a2e78e1cea3e4cd35fcbda8348823737c422cf

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 04 Aug 2020 15:44:04 GMT
Content-Encoding
gzip
X-Hawk-Country
Age
2051
X-Hawk-Area
FR
X-FTR-DC
IX
X-FTR-Realm
pip
X-FTR-Backend
fie-api
X-FTR-Cache-Status
HIT
Content-Length
83
X-FTR-Balancer
hawkproxyprodred
X-FTR-Request-ID
00000000:3FE6_00000000:01BB_5F298A48_3E4D464:735E
X-Country-Code-Real
FR
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/json; charset=utf-8;
X-FTR-Backend-Server
fievarnishprodred
Cache-Control
max-age=300,public
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Hawk-Country,X-Hawk-Area
Expires
Tue, 04 Aug 2020 16:23:16 GMT
collect
www.google-analytics.com/r/ 		35 B
130 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/r/collect
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 04 Aug 2020 16:18:16 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
image/gif
access-control-allow-origin
https://www.itproportal.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
itpp_logo.svg
vanilla.futurecdn.net/itproportal/media/img/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://vanilla.futurecdn.net/itproportal/media/img/itpp_logo.svg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
67.26.83.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Footprint Distributor V6.1.1162 /
Resource Hash
6f5381f4e70abf6be8a25d07971f5c2eeb9706444913fb592294d27196f2ac06

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 17 Jul 2020 15:09:39 GMT
Content-Encoding
gzip
Age
1559317
X-FTR-Backend-Server
ftefrontprodred.core.future.net.uk
X-FTR-DC
IX
X-FTR-Realm
pip
X-FTR-Backend
www-live-sites
Connection
keep-alive
Content-Length
1432
X-FTR-Balancer
webproxyprodred
X-FTR-Request-ID
00000000:D899_00000000:0050_5F11BF30_1B7B18:7F20
Last-Modified
Thu, 16 Jul 2020 15:44:39 GMT
Server
Footprint Distributor V6.1.1162
ETag
W/"5f1075e7-b6c"
Access-Control-Allow-Methods
GET
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires
Sun, 16 Aug 2020 15:10:03 GMT
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b640b9af1e6fa5c035c168701d2c1f5a02f371352cca208fefded3ddea443b6a

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
/
audit.quantcast.mgr.consensu.org/ 		80 B
485 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://audit.quantcast.mgr.consensu.org/?log=;1596557896482;ITProPortal;https%3A%2F%2Fwww.itproportal.com%2Fnews%2Fagent-tesla-malware-receives-module-for-stealing-wi-fi-passwords%2F;;;;;p,off,false,uer8ZPXHG8WDU,1,en,35,213,true,true,false;displayConsentUi:mandatory,;GDPR-trh4zuqsqi5skrnqihp1
Requested by
Host: www.itproportal.com
URL: https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.86.7.41 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-7-41.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 04 Aug 2020 10:39:38 GMT
via
1.1 b8e900270aa30d899882e71796feca9c.cloudfront.net (CloudFront)
vary
Origin
age
20319
x-cache
Hit from cloudfront
status
200
content-length
80
last-modified
Mon, 11 Jun 2018 22:07:34 GMT
server
AmazonS3
etag
"0614149d8033903db5de46d6c184bbfd"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
text/html
access-control-allow-origin
*
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
x-amz-cf-id
Aup8nzo6Ptwq1fHnI9ayBIiLU5dSEQiAlPNvlplAYHl3WlqAxk2Tww==
collect
www.google-analytics.com/ 		35 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j83&a=507930183&t=event&ni=1&_s=6&dl=https%3A%2F%2Fwww.itproportal.com%2Fnews%2Fagent-tesla-malware-receives-module-for-stealing-wi-fi-passwords%2F&ul=en-us&de=UTF-8&dt=Agent%20Tesla%20malware%20receives%20module%20for%20stealing%20Wi-Fi%20passwords%20%7C%20ITProPortal&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Performance%20Metrics&ea=TTI&el=1236&ev=1236&_u=6GDAgEABBAQC~&jid=1041115399&gjid=1472754594&cid=1880568186.1596557895&tid=UA-460866-1&_gid=1301084801.1596557895&cd57=vanilla-beta&cd40=Malware&cd41=Wi-Fi%7CPassword%7CMalwarebytes%7CUser_computing%7CComputer&cd42=Malwarebytes&cd43=Software&cd45=Malware&cd46=agent_tesla&cd47=Agent_Tesla_malware_receives_module_for_stealing_Wi-Fi_passwords&cd50=5&cd51=false&cd58=agent_tesla%7Cmalware%7Cwi-fi%7Cpassword&cd74=&cd13=false&cd10=GB&cd5=3KoVr6MwdLJ9u2WQRd2yx6&cm1=7239&cm29=389&z=1098106701
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jul 2020 22:56:09 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
580933
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j83&tid=UA-460866-1&cid=1880568186.1596557895&jid=1041115399&gjid=1472754594&_gid=1301084801.1596557895&_u=6GDAgEABBAQC~&z=947685027
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-460866-1&cid=1880568186.1596557895&jid=1041115399&_v=j83&z=947685027
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-460866-1&cid=1880568186.1596557895&jid=1041115399&_v=j83&z=947685027&slf_rd=1&random=1513671437
42 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-460866-1&cid=1880568186.1596557895&jid=1041115399&_v=j83&z=947685027&slf_rd=1&random=1513671437
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 04 Aug 2020 16:18:22 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 04 Aug 2020 16:18:22 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
text/html; charset=UTF-8
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-460866-1&cid=1880568186.1596557895&jid=1041115399&_v=j83&z=947685027&slf_rd=1&random=1513671437
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

126 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| startFramesMeasurement undefined| xhr object| vanilla object| VAN object| __tti string| hostname object| hostGroups object| urlSearchParams string| FORCED_DOMAIN_QUERY_PARAM function| cmpStubFunction function| checkIfCmpIsReady number| cmpInterval boolean| askForConsent boolean| waitForConsent function| __cmp object| ccpaAppliesPromise function| FEPProcess function| FEPSanitise function| resolveFEP object| processFEP object| reliableDOMContentLoaded object| reliablePageLoad object| reliableConsentGiven object| wadoinawdoijzxioznelknsdf string| hawk_css_endpoint object| adParameters boolean| gaCookieSet function| handleHeaderError object| bordeaux function| vanFontLoader object| OpenSans_vanFontLoader object| itproportal_vanFontLoader object| FEP_object function| getConnectionDimensions function| missingImage string| ga_code object| analytics_ga_data string| version string| GoogleAnalyticsObject function| ga object| FEP boolean| trailingSlash object| onesignalConfig boolean| isIE function| amIIE object| taboola_lists function| taboola_is_device object| _taboola function| loadHawklinks object| Falcon object| vanL10N object| _comscore object| dfp_config object| vanillaComponents object| require object| ffte object| xkeys object| templateVariables string| ftr_request_id object| google_tag_data object| gaplugins object| OneSignal object| __core-js_shared__ object| core function| __uspapi object| bordeauxJsonp object| __SENTRY__ object| _adsShimCommunication object| purchs2sutils object| purchs2s object| fastdom object| tmntag function| _ boolean| gdprUser string| PURCHS2S_VERSION function| uuidv4 string| defuuid object| baseObj function| tmntag_ready function| tmntag_render function| tmntag_triggerEvent function| purchs2s_checkCommands boolean| iasOptimiseEnabled function| setImmediate function| clearImmediate function| init_background_skin object| feat function| slotifyDebug boolean| headerExecuted string| indexExchangeDeviceType object| bordeauxAds object| bdx boolean| disablePurchS2SDFPRefresh boolean| indexExchangeEnabled boolean| amazonA9Enabled boolean| rampS2SEnabled function| debugAds object| internalDebugAds object| regeneratorRuntime object| PARSELY object| hawkWebpackJsonP object| hawk function| respimage object| respimgCFG object| webpackJsonp object| __translator boolean| leadGenMVP function| stickyFooterInit function| updateShareCountWithFacebookShareCount function| updateShareCountWithTwitterTweetCount function| updateShareCountWithPinterestPinCount object| lazyLoadInstance object| gaGlobal object| gaData function| udm_ object| ns_p object| COMSCORE function| renderSponsoredPost function| zkckcosdoiaioawqnmzsdqw object| asdinwawisuihzejsahzl function| hiriyyyteetaqgthyu object| pppasoeommmsmzrvbr object| dfp object| Cyclejs function| __cmpui object| hawklinks

8 Cookies

Domain/Path Name / Value
.itproportal.com/ Name: _ga
Value: GA1.2.1880568186.1596557895
.itproportal.com/ Name: _gid
Value: GA1.2.1301084801.1596557895
.itproportal.com/ Name: _parsely_visitor
Value: {%22id%22:%22pid=96ef9c072ad52e2e9a2f1a0b59e645d4%22%2C%22session_count%22:1%2C%22last_session_ts%22:1596557895362}
.itproportal.com/ Name: AMP_TOKEN
Value: %24NOT_FOUND
.itproportal.com/ Name: _parsely_session
Value: {%22sid%22:1%2C%22surl%22:%22https://www.itproportal.com/news/agent-tesla-malware-receives-module-for-stealing-wi-fi-passwords/%22%2C%22sref%22:%22%22%2C%22sts%22:1596557895362%2C%22slts%22:0}
.itproportal.com/ Name: _gat
Value: 1
www.itproportal.com/ Name: _cmpQcif3pcsupported
Value: 1
.www.itproportal.com/ Name: FTR_Country_Code
Value: FR

8 Console Messages

Source Level URL
Text
console-api log URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js(Line 1)
Message:
OneSignal: Using fallback ES5 Stub for backwards compatibility.
console-api log URL: https://bordeaux.futurecdn.net/bordeaux.js(Line 16)
Message:
DOMContentLoaded at 352
console-api warning URL: https://bordeaux.futurecdn.net/bordeaux.js(Line 16)
Message:
init has already been called and should only be run one time.
console-api log URL: https://bordeaux.futurecdn.net/bordeaux.js(Line 16)
Message:
Lead Gen MVP: false
console-api log URL: https://bordeaux.futurecdn.net/bordeaux.js(Line 16)
Message:
No archive filter present
console-api log URL: https://bordeaux.futurecdn.net/bordeaux.js(Line 16)
Message:
no primary nav
console-api warning URL: https://bordeaux.futurecdn.net/bordeaux.js(Line 16)
Message:
Unable to get NonIab Vendor list.
console-api log URL: https://bordeaux.futurecdn.net/bordeaux.js(Line 16)
Message:
PageLoad at 860

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ampcid.google.com
ampcid.google.de
audit.quantcast.mgr.consensu.org
bordeaux.futurecdn.net
cdn.mos.cms.futurecdn.net
cdn.onesignal.com
cdn.parsely.com
quantcast.mgr.consensu.org
r.skimresources.com
sb.scorecardresearch.com
search-api.fie.future.net.uk
srv-2020-08-04-16.pixel.parsely.com
static.quantcast.mgr.consensu.org
stats.g.doubleclick.net
vanilla.futurecdn.net
vendorlist.consensu.org
widgets.future-fie.co.uk
www.google-analytics.com
www.google.com
www.google.de
www.itproportal.com
13.35.255.237
151.139.128.11
185.113.25.54
185.113.25.56
2.16.105.213
2600:9000:2057:a200:1:af78:4c0:93a1
2600:9000:214f:2600:9:46dc:4700:93a1
2600:9000:214f:2a00:9:46dc:4700:93a1
2606:4700::6812:e234
2a00:1450:4001:801::2003
2a00:1450:4001:806::200e
2a00:1450:4001:808::200e
2a00:1450:4001:817::2004
2a00:1450:4001:81e::200e
2a00:1450:400c:c00::9b
3.222.190.40
35.190.59.101
67.26.83.252
67.27.159.124
99.86.7.41
12b9d92963b594157b22adeebfbcf463b80c5d504f0fefe3bee1533e20a996c9
15858206307ad259523119476dc925f0f2404bb771cd54efe01de1c2a5989649
16eb877bab7403584c4e79d9c0ee9c6dd691a6feb5c8a7447fb7a54f2f801854
1c52dedf93e854e8e43a4a5ee332bcabfb6aae454bb013c4e6b401103740acf3
257217d0c5472fde2e3fdd08cb839e220a9b2d9dbd44ac33078b671edabb84af
2700bf1468e7d171f1043abc415dc9aad2f8ff3caf652832db59707274afb8a2
2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb
4b6ec0c59a6cb2f98c11183d7bfab661c9b3ae41ad62cbe5a8f16ab7eec68322
4cd82e5e94d13c9251ebe49c1e32b923944fb89c0a794cf61e0761434c347cec
4e2f403184fbd8d4f68ed9cda59897fbc3022916e25d826b555fb190c520087f
54c2947563ad41bdeb1adc07ef01dd911cc167647b3892205f11f34a233f2352
60c241d785fbcd5f46e055447e69a9708dce28727effd43c0b1683f1d2bd410c
62b07f5b473f87a3ebe9738f063584774f835dcf8b0c423cab5f8515c93553f5
644ec5cfe0711114299adadd4612cdfcba492b051fb7568108c4d6c27b4e6895
6ed0702c109875dca01cfa51b44aa5c9da3f51892f8e9ba54e523d772ca20afb
6f5381f4e70abf6be8a25d07971f5c2eeb9706444913fb592294d27196f2ac06
705e12185826ff5c7f200660d97a87c6f9af1ab6d4c8242c5ecaa4294a2a0810
7a223174668e40dccd38462d34304503b75e31e700bff92b7e9e8fdda3274670
815c6d7144c29e295e7494dae017529dd9ec9fb01d91a3bb1771c5445624d362
83113ce831f3f1ec8841232d895e17f722444b1939f5230891f7ff17a7c53618
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8399548fd2f7986cf6bb5cda7bd1e92caf8933bc02237acd2fc2c19f852708aa
87a56ef01e4a78e73672b4e06c710b771bee7ae79d3c6590acdd8d603b8283d4
87d230f7c01fbd87b9cf2d808106704ab33953c7e01142d0fb5fdf81b7236e0d
8b80635d65f907b3eccd5b25b9ce269f3ea4ae3ff47ac34d59e533dc782aef80
93d4105c5a36b54933b7136bf6f408163c31f1c511f20078ee9931f9a9fece53
9721d6ecf4d83f45c66a9357bd437900b2175a5b847b653f0c25e927a510363f
976ed1fd6d68d993e4716268f5a2e78e1cea3e4cd35fcbda8348823737c422cf
991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10
9a052c6643983b907f9cfa72964233eec250fc8931a7515019b548bd0fa53a47
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a56f4e6e1eb3fc85b35f6dd8d598c05600c3225f471f8855fbc83bf76d89c524
b2f798afb7a6251648b46c9e905b180fc5624fce97c855a39f0c67ef70a15685
b54290f9d276e81c3ecb50eca0f8e86a9156a7309cb56662a830bc58db8b2c72
b640b9af1e6fa5c035c168701d2c1f5a02f371352cca208fefded3ddea443b6a
bbfbc18a21e02051c4dddae953f81aa2f1fb81dc7bd5a58019ef70992d9fa60d
c099ea37947d406152a044d717d6ed11150e67993698be99137aef120ca1ce3f
c333253d35d9ea22c91a797c5ad5a77e17ee1575465e284ae2503cb345d5c5c5
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d63c6950beeca282911c61ae355e150d1211799c4caceb716deb4fc87c71d93c
dc0ccd5b637ac45de6d5f47cd1b4c53a890c7983d0d4f2aa72a3419cd7940115
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5993a2b8fe9b3b0f0f7fa4966981fa47fdb502fe5b52b62ec30c5c8e3ff27fb
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955