www.threatminer.org Open in urlscan Pro
2606:4700:20::681a:feb Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Effective URL:
https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Submission: On July 19 via manual (July 19th 2023, 1:19:26 pm UTC) from US — Scanned from DE

Summary HTTP 132 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 27 IPs in 2 countries across 17 domains to perform 132 HTTP transactions. The main IP is 2606:4700:20::681a:feb, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.threatminer.org.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 28th 2023. Valid for: a year.

This is the only time www.threatminer.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:20:... 2606:4700:20::ac43:4b5e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
28	2606:4700:20:... 2606:4700:20::681a:feb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
18	146.75.120.157 146.75.120.157	54113 (FASTLY) (FASTLY)
1 1	2606:4700:10:... 2606:4700:10::6814:9710	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:10:... 2606:4700:10::ac43:73f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	172.66.41.9 172.66.41.9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
3	199.232.196.134 199.232.196.134	54113 (FASTLY) (FASTLY)
7	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
3	104.244.42.200 104.244.42.200	13414 (TWITTER) (TWITTER)
3	151.101.0.134 151.101.0.134	54113 (FASTLY) (FASTLY)
1	199.232.192.64 199.232.192.64	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
3	151.101.65.44 151.101.65.44	54113 (FASTLY) (FASTLY)
12	2600:9000:224... 2600:9000:2247:c800:6:8656:f5c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2011	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
2	99.84.88.83 99.84.88.83	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
3	199.232.196.64 199.232.196.64	54113 (FASTLY) (FASTLY)
132	27

1 2606:4700:20::ac43:4b5e (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

threatminer.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 2606:4700:20::681a:feb (United States)

ASN13335 (CLOUDFLARENET, US)

www.threatminer.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6814:9710 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

i.creativecommons.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:73f (United States)

ASN13335 (CLOUDFLARENET, US)

licensebuttons.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 172.66.41.9 (United States)

ASN13335 (CLOUDFLARENET, US)

resources.infolinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
router.infolinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rt3056.infolinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 199.232.196.134 (United States)

ASN54113 (FASTLY, US)

threatminer.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
referrer.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.244.42.200 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.0.134 (United States)

ASN54113 (FASTLY, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.192.64 (United States)

ASN54113 (FASTLY, US)

tempest.services.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

clients1.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.65.44 (United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2600:9000:2247:c800:6:8656:f5c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2011 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

csp.withgoogle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn2.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.84.88.83 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-88-83.muc50.r.cloudfront.net

cdn.viglink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 199.232.196.64 (United States)

ASN54113 (FASTLY, US)

links.services.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	threatminer.org 1 redirects threatminer.org www.threatminer.org	1 MB
21	twitter.com platform.twitter.com — Cisco Umbrella Rank: 904 syndication.twitter.com — Cisco Umbrella Rank: 1165	626 KB
14	google.com cse.google.com — Cisco Umbrella Rank: 3513 adservice.google.com — Cisco Umbrella Rank: 117 www.google.com — Cisco Umbrella Rank: 3 clients1.google.com — Cisco Umbrella Rank: 675	231 KB
12	disquscdn.com c.disquscdn.com — Cisco Umbrella Rank: 4950	314 KB
12	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 132 tpc.googlesyndication.com — Cisco Umbrella Rank: 153	211 KB
10	disqus.com threatminer.disqus.com disqus.com — Cisco Umbrella Rank: 1259 tempest.services.disqus.com — Cisco Umbrella Rank: 15808 referrer.disqus.com — Cisco Umbrella Rank: 7017 links.services.disqus.com — Cisco Umbrella Rank: 13612	124 KB
9	infolinks.com resources.infolinks.com — Cisco Umbrella Rank: 6709 router.infolinks.com — Cisco Umbrella Rank: 2761 rt3056.infolinks.com — Cisco Umbrella Rank: 66071	236 KB
7	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 54	12 KB
6	gstatic.com encrypted-tbn2.gstatic.com fonts.gstatic.com	93 KB
3	taboola.com cdn.taboola.com — Cisco Umbrella Rank: 848	225 KB
2	viglink.com cdn.viglink.com — Cisco Umbrella Rank: 9364	793 B
2	googleapis.com imasdk.googleapis.com — Cisco Umbrella Rank: 518 fonts.googleapis.com — Cisco Umbrella Rank: 74	121 KB
2	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1150	921 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 56	21 KB
1	withgoogle.com csp.withgoogle.com — Cisco Umbrella Rank: 858
1	licensebuttons.net licensebuttons.net — Cisco Umbrella Rank: 30924	739 B
1	creativecommons.org 1 redirects i.creativecommons.org — Cisco Umbrella Rank: 33504	240 B
132	17

	Domain	Requested by
28	www.threatminer.org	www.threatminer.org
18	platform.twitter.com	www.threatminer.org platform.twitter.com syndication.twitter.com
12	c.disquscdn.com	disqus.com c.disquscdn.com threatminer.disqus.com
9	pagead2.googlesyndication.com	www.threatminer.org pagead2.googlesyndication.com tpc.googlesyndication.com
7	www.google.com	cse.google.com www.google.com www.threatminer.org tpc.googlesyndication.com
7	googleads.g.doubleclick.net	pagead2.googlesyndication.com
5	fonts.gstatic.com	fonts.googleapis.com
5	cse.google.com	www.threatminer.org www.google.com cse.google.com
4	resources.infolinks.com	www.threatminer.org resources.infolinks.com
3	links.services.disqus.com	c.disquscdn.com
3	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com
3	cdn.taboola.com	www.threatminer.org cdn.taboola.com
3	disqus.com	threatminer.disqus.com c.disquscdn.com
3	syndication.twitter.com	platform.twitter.com syndication.twitter.com
3	router.infolinks.com	resources.infolinks.com
2	cdn.viglink.com	www.threatminer.org
2	rt3056.infolinks.com	resources.infolinks.com
2	partner.googleadservices.com	pagead2.googlesyndication.com cse.google.com
2	referrer.disqus.com	www.threatminer.org
2	www.google-analytics.com	www.threatminer.org www.google-analytics.com
1	fonts.googleapis.com	client
1	encrypted-tbn2.gstatic.com	www.threatminer.org
1	csp.withgoogle.com	www.google.com
1	imasdk.googleapis.com	resources.infolinks.com
1	clients1.google.com	www.threatminer.org
1	adservice.google.com	pagead2.googlesyndication.com
1	tempest.services.disqus.com	threatminer.disqus.com
1	threatminer.disqus.com	www.threatminer.org
1	licensebuttons.net	www.threatminer.org
1	i.creativecommons.org	1 redirects
1	threatminer.org	1 redirects
132	31

This site contains links to these domains. Also see Links.

Domain
medium.com
twitter.com
github.com
www.linkedin.com
bazaar.abuse.ch
code.google.com
bcable.net
yaraify.abuse.ch
www.google.com
cse.google.com
creativecommons.org

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-28` - `2024-04-27`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
platform.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
*.disqus.com Sectigo RSA Domain Validation Secure Server CA	`2023-04-13` - `2024-04-20`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
syndication.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.services.disqus.com GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-11-04` - `2023-12-06`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2022-12-08` - `2023-12-31`	a year	crt.sh
a.disquscdn.com Amazon RSA 2048 M01	`2023-03-01` - `2023-10-29`	8 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
*.appspot.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
viglink.com Amazon RSA 2048 M01	`2023-02-24` - `2023-11-11`	9 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh

This page contains 16 frames:

Primary Page: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Frame ID: 6334ED2B0395FB9AA3C49D41EDF45F0D
Requests: 74 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230717/r20190131/zrt_lookup.html
Frame ID: 82CE53E8E73AFB1529AAE34DB6D5D3D2
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.threatminer.org
Frame ID: 631E402EA3BADEC22C516C59AB07DA98
Requests: 2 HTTP requests in this frame

Frame: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0
Frame ID: 69583C98F2BFD6DC1B6BDF1F0B031E5E
Requests: 1 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=Unix.Trojan.Gafgyt-6981154-0&t_u=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&t_d=AV%3A%20Unix.Trojan.Gafgyt-6981154-0&t_t=AV%3A%20Unix.Trojan.Gafgyt-6981154-0&s_o=default
Frame ID: AD9466AADCC72B7E3176C33A550D93ED
Requests: 22 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=250&slotname=4491384285&adk=1382012186&adf=1527761000&pi=t.ma~as.4491384285&w=299&fwrn=4&fwrnh=100&lmt=1689772761&rafmt=3&format=299x250&url=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&fwr=0&fwrattr=true&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689772760911&bpp=3&bdt=657&idt=218&shv=r20230717&mjsv=m202307120102&ptt=9&saldr=aa&abxe=1&correlator=4766789635580&frm=20&pv=2&ga_vid=1257480026.1689772761&ga_sid=1689772761&ga_hid=895798325&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=229&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759837%2C44759926%2C31075850%2C31076133%2C31076162%2C44788441&oid=2&pvsid=4108000658783393&tmod=294078861&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=DFeU7Yd6FN&p=https%3A//www.threatminer.org&dtd=233
Frame ID: DDAA68DAE3477BA1A6BC112E9FD0BC3C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=600&slotname=6407101181&adk=2989800909&adf=2245449527&pi=t.ma~as.6407101181&w=299&fwrn=4&fwrnh=100&lmt=1689772761&rafmt=1&format=299x600&url=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689772760914&bpp=1&bdt=660&idt=234&shv=r20230717&mjsv=m202307120102&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250&correlator=4766789635580&frm=20&pv=1&ga_vid=1257480026.1689772761&ga_sid=1689772761&ga_hid=895798325&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=507&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759837%2C44759926%2C31075850%2C31076133%2C31076162%2C44788441&oid=2&pvsid=4108000658783393&tmod=294078861&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=ePOrzwgnpP&p=https%3A//www.threatminer.org&dtd=237
Frame ID: B600CD9855B502069E5DEEA828782D1E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=1381165906&adk=2644663765&adf=151644923&pi=t.ma~as.1381165906&w=1182&fwrn=4&lmt=1689772761&rafmt=11&format=1182x200&url=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689772760915&bpp=1&bdt=661&idt=239&shv=r20230717&mjsv=m202307120102&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600&correlator=4766789635580&frm=20&pv=1&ga_vid=1257480026.1689772761&ga_sid=1689772761&ga_hid=895798325&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759837%2C44759926%2C31075850%2C31076133%2C31076162%2C44788441&oid=2&pvsid=4108000658783393&tmod=294078861&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=9Q25uxYIp8&p=https%3A//www.threatminer.org&dtd=242
Frame ID: 6045BA9F0652F890FB631923497067C5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=6125219520&adk=3585176026&adf=748155151&pi=t.ma~as.6125219520&w=1200&fwrn=4&lmt=1689772761&rafmt=11&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689772760916&bpp=1&bdt=663&idt=244&shv=r20230717&mjsv=m202307120102&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200&correlator=4766789635580&frm=20&pv=1&ga_vid=1257480026.1689772761&ga_sid=1689772761&ga_hid=895798325&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=495&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759837%2C44759926%2C31075850%2C31076133%2C31076162%2C44788441&oid=2&pvsid=4108000658783393&tmod=294078861&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=GfwlS3Wnln&p=https%3A//www.threatminer.org&dtd=248
Frame ID: 86D19AB682F99ADF7186735DC8AF7A5B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=7757849485&adk=3516063199&adf=1896753424&pi=t.ma~as.7757849485&w=1200&fwrn=4&lmt=1689772761&rafmt=11&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689772760916&bpp=1&bdt=662&idt=251&shv=r20230717&mjsv=m202307120102&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200&correlator=4766789635580&frm=20&pv=1&ga_vid=1257480026.1689772761&ga_sid=1689772761&ga_hid=895798325&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=943&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759837%2C44759926%2C31075850%2C31076133%2C31076162%2C44788441&oid=2&pvsid=4108000658783393&tmod=294078861&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=l7kZO9Y22K&p=https%3A//www.threatminer.org&dtd=254
Frame ID: 3DA61488099BF78A14C32E8178284834
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&adk=1812271804&adf=3025194257&lmt=1689772761&plat=1%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&ea=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689772760946&bpp=2&bdt=692&idt=227&shv=r20230717&mjsv=m202307120102&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200&nras=1&correlator=4766789635580&frm=20&pv=1&ga_vid=1257480026.1689772761&ga_sid=1689772761&ga_hid=895798325&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759837%2C44759926%2C31075850%2C31076133%2C31076162%2C44788441&oid=2&pvsid=4108000658783393&tmod=294078861&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=6&uci=a!6&fsb=1&dtd=235
Frame ID: E2A381953B1CBE8099532171C46BC190
Requests: 1 HTTP requests in this frame

Frame: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Frame ID: D89A3E4F58CAAE57625A0C353469EBF2
Requests: 3 HTTP requests in this frame

Frame: https://syndication.twitter.com/srv/timeline-profile/screen-name/ThreatMiner?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=500px&origin=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&sessionId=a75d18132c6795fda7448bac2f4de85eacd4fdea&showHeader=true&showReplies=false&theme=light&transparent=false&widgetsVersion=aaf4084522e3a%3A1674595607486
Frame ID: 6065C4477E75844981290F3E7D1E322D
Requests: 17 HTTP requests in this frame

Frame: https://cse.google.com/cse_v2/ads?adsafe=high&pcsa=true&cx=414385693720d4156&fexp=20606&client=google-coop&q=Unix.Trojan.Gafgyt-6981154-0&r=m&hl=de&type=0&oe=UTF-8&ie=UTF-8&format=p4&ad=p4&nocache=9641689772761630&num=0&output=uds_ads_only&source=gcsc&v=3&bsl=10&pac=0&u_his=2&u_tz=0&dt=1689772761631&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=1712&frm=0&cl=547804711&uio=-&jsid=csa&jsv=547804711&rurl=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&adbw=master-1%3A271
Frame ID: D3B2BDCB6C7F8940EE1EC17595C949FE
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 4669502C24149A34418E48D98DB39B7E
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: B6A439AD74B8165C8D5C972C268C5014
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

AV: Unix.Trojan.Gafgyt-6981154-0 | ThreatMiner.orgsuchensuchen

Page URL History Show full URLs

http://threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0 HTTP 301
https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0 Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

RequireJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

require.*\.js

DataTables (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

dataTables.*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

132
Requests

99 %
HTTPS

68 %
IPv6

17
Domains

31
Subdomains

27
IPs

2
Countries

3308 kB
Transfer

9836 kB
Size

10
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://medium.com/@threatminer
Title: Blog

Search URL Search Domain Scan URL

URL: https://twitter.com/ThreatMiner
Title: Tweets by ThreatMiner

Search URL Search Domain Scan URL

URL: http://github.com/threatminer
Title: ThreatMiner Github Github.com/threatminer

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/threatminer/
Title: Follow Threatminer on LinkedIn Linkedin.com/company/threatminer/

Search URL Search Domain Scan URL

URL: https://bazaar.abuse.ch/sample/b918c493a3d3444ab0a2cef929c0e64d6fac292348cd6554920e91f7661e3712/
Title: MalwareBazaar | SHA256 ...

Search URL Search Domain Scan URL

URL: http://code.google.com/apis/ajaxsearch/faq.html
Title: bei Google ausgewählt - 7/2023

Search URL Search Domain Scan URL

URL: https://bazaar.abuse.ch/sample/a7e49a4a64d5384daea0f3cecbe109fedc8c8f03336688fe0dcbf87c7ddfc226/
Title: MalwareBazaar | SHA256 ...

Search URL Search Domain Scan URL

URL: https://bazaar.abuse.ch/sample/cb56d30869585ae0951c322a5fc6b747dede60e49e647744ed5eff66e87f3379/
Title: MalwareBazaar | SHA256 ...

Search URL Search Domain Scan URL

URL: https://bazaar.abuse.ch/sample/12c2acc79ed66d11d6b7635ef8f26a977ef62d02185aa8090d9c65ee5ca3f624/
Title: MalwareBazaar | SHA256 ...

Search URL Search Domain Scan URL

URL: https://bazaar.abuse.ch/sample/b295c5f4601711e060c6b46a076a5cbb986e25176d5ab6b7a5c25b413e7087d7/
Title: MalwareBazaar | SHA256 ...

Search URL Search Domain Scan URL

URL: https://bcable.net/analysis-ukr-indicators.html
Title: Ukrainian Honeypot ::002:: Threat Indicators // Beacon ... - Brad Cable

Search URL Search Domain Scan URL

URL: https://yaraify.abuse.ch/search/clamav/Win.Trojan.Agent-6798925-0/
Title: Search - YARAify

Search URL Search Domain Scan URL

URL: https://www.google.com/search?client=ms-google-coop&q=Unix.Trojan.Gafgyt-6981154-0&cx=414385693720d4156
Title: suchenAuf Google nach "Unix.Trojan.Gafgyt-6981154-0" suchen

Search URL Search Domain Scan URL

URL: https://cse.google.com/?ref=b&hl=de

Search URL Search Domain Scan URL

URL: http://creativecommons.org/licenses/by/4.0/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0 HTTP 301
https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 25

https://i.creativecommons.org/l/by/4.0/80x15.png HTTP 301
https://licensebuttons.net/l/by/4.0/80x15.png

132 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request av.php Show response
www.threatminer.org/
Redirect Chain

http://threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0

19 KB
6 KB

430ms
328ms

Document
text/html

2606:4700:20::681a:feb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: daad09180ffa835d33653fd242f2079af5795d651427c455576ec33416c965bc

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status: DYNAMIC
cf-ray: 7e934165986f39d4-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 19 Jul 2023 13:19:20 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xIxAtKPEMhMK6RTGsGAGFOZwF7mq5gZ8HLSKlgP0S6YK0aZ%2B5w9bISXtPJhtGM8piPFBJ8lUtNpm4ZnLsXdkU90vh8mG2sWAuWqdYTWKnZ7el%2BNktpA1CQa6wJtZ1FC7KX4yUXbq7yY22MCuzRG%2BMA4%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

CF-Cache-Status: DYNAMIC
CF-RAY: 7e9341647b1d4db4-FRA
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Date: Wed, 19 Jul 2023 13:19:19 GMT
Location: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2B5o3dLMj3%2FW4L%2BlnUf5TaW7sQAPJkRgonzYqCUSgddnQMvz8WhMvp8WflDqWLeNINFQFqP%2Ft6UX8xc7VnEtZ8%2BZf%2BHln0Vk3jp5uZhnRBiU4nTAjBGO2vg8szKHHCPTEt3u310LyMv89P%2FPig%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked

GET
H2 200 bootstrap.min.css
www.threatminer.org/bower_components/bootstrap/dist/css/ 115 KB
20 KB 108ms
105ms Stylesheet
text/css 2606:4700:20::681a:feb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/bootstrap/dist/css/bootstrap.min.css
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Apr 2015 05:02:54 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"1ca39-51434f58bfb80-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1DDz8wiBg%2FK7wPdjMuEWaXWx8D1B%2FmxO0kFH0hmZl2fyoCyM0BLN27vhUqBZl%2BzB4ae3Vtu47GiHRUjX9TSmHEcg2lRTiSsgHAG3c6Ied39OWBNrIpixgBtUqLivhan%2B9TYrY%2FoQWCKZj%2FrV7ji%2FzCk%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=86400
cf-ray: 7e934167bb1a39d4-FRA

GET
H2 200 metisMenu.min.css
www.threatminer.org/bower_components/metisMenu/dist/ 781 B
649 B 75ms
73ms Stylesheet
text/css 2606:4700:20::681a:feb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/metisMenu/dist/metisMenu.min.css
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e0dc574fb2b266dba913861d60b0c69d1e41f0fd095a3341a45f26401cd8b6b3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Apr 2015 05:02:54 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"30d-51434f58bfb80-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vYnudQ0byMLqEfvW5J2R%2BBLYMIFGHiBc9vTgps7t4zKaAI4LifC0WUY6klxlnnT1xcNX11z3fqqkxuaOGvnesk5V7dpgqrXJ5mnFIEhxHbwBFoZisJxZvwVRv2pjKVK5iuM0GOhVDx4ldPMboNxwTkc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=86400
cf-ray: 7e934167bb1b39d4-FRA

GET
H2 200 dataTables.bootstrap.css
www.threatminer.org/bower_components/datatables-plugins/integration/bootstrap/3/ 6 KB
2 KB 68ms
66ms Stylesheet
text/css 2606:4700:20::681a:feb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables-plugins/integration/bootstrap/3/dataTables.bootstrap.css
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fac55d188233bffb66023997fcdf69c38df2f62ee4654ad62c61a85b6e81d705

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:20 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 21 Apr 2015 05:02:54 GMT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=7616
etag: W/"1dc0-51434f58bfb80-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4KRpVektMY7Ei3iiBF700%2BxKDI9w4WvJZIdgPz%2B4RsZWGIWAYTAfqo3wa%2BQNhWvfUCe7lkQxoamcJR0jQAmHT7ISVy%2BZng3GABc%2BmadlcoxgWAsQ5X1DlVymeIufRhvHvOS2ObBVi0klR67uxbDoQwo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=86400
cf-ray: 7e934167bb1c39d4-FRA

GET
H2 200 dataTables.responsive.css
www.threatminer.org/bower_components/datatables-responsive/css/ 3 KB
915 B 67ms
65ms Stylesheet
text/css 2606:4700:20::681a:feb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables-responsive/css/dataTables.responsive.css
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c692f0d15d92d902c12d745947ba1f892a76bbf3f74c6f3a9f590afd0653ee04

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:20 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 21 Apr 2015 05:02:54 GMT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=3051
etag: W/"beb-51434f58bfb80-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lwmExizeuDK%2FLfPIgdOzXi3hN5T1JTRJIJiKR4Av%2BYQgwDybIdR9KWv6zA89wq6VMa08GJiUAUdVaUVUCrAwVwzcMB1qPCbuRbjNgI%2FisEX2KQrCFO8ko45BFrgZ15qaQekFCSkyXP7cYACCmAynXI0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=86400
cf-ray: 7e934167bb1d39d4-FRA

GET
H2 200 buttons.dataTables.min.css
www.threatminer.org/bower_components/datatables-plugins/buttons/media/css/ 8 KB
2 KB 66ms
64ms Stylesheet
text/css 2606:4700:20::681a:feb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables-plugins/buttons/media/css/buttons.dataTables.min.css
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c7d55fb721c0a1bb591d30b6e06f7781fbd13ab200a8aef0fa8df62e455bc0b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 01 May 2017 13:08:48 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"1f58-54e761fab9800-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jD4RyR0gMyhEd1wZD4N1xBkcYEZ9hQc65j2KmVVJlcvrRknhP34Ss7rM4Cry1T2K%2Bj4TZ0ZSSbgtRHat8x9kIU3XmyMpgKDBwiOziYqXWi2M3rzvGiEpCDQAy0NrXQHjjane3s24E8NFgNuTir%2F22wg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=86400
cf-ray: 7e934167bb2139d4-FRA

GET
H2 200 buttons.bootstrap.min.css
www.threatminer.org/bower_components/datatables-plugins/buttons/media/css/ 2 KB
749 B 68ms
67ms Stylesheet
text/css 2606:4700:20::681a:feb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables-plugins/buttons/media/css/buttons.bootstrap.min.css
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9926a0d226b45faff8db829a1c445f33efa6522e213fafed1000365d5abf73df

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 01 May 2017 13:02:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"626-54e760a737700-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bOKzCXBkZT8gVrp%2BeABC5oOGLHE96xnwpup0nuqyXXO4BtkXRFRA%2Bbi2GDlOokjYJ9C7KHZzooX56bQY8UOovdxaCwnVfqtOuiADcq%2FDUMBS7%2FHmke8PrNTpdnDmHKddU9Wxj9wo%2F36WN7zyXqrRNKg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=86400
cf-ray: 7e934167bb2239d4-FRA

GET
H2 200 sb-admin-2.css
www.threatminer.org/dist/css/ 4 KB
2 KB 69ms
67ms Stylesheet
text/css 2606:4700:20::681a:feb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/dist/css/sb-admin-2.css
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 50d6e541020cbfdddf888aa2c42ad1c8d2296f9045709983354441032e2eb55d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:20 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Sat, 02 Jan 2021 17:59:17 GMT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=5638
etag: W/"1606-5b7ee9d93cc8e-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AzTOV69%2BQ3x6oGeQsS52uVgwmuNYRjvxTfkWpNRHS8l0uAiOWrnvetpNLpwF%2Bv7%2FcAMsqMuV6LxdAd8waMliRX5XXc%2F46K%2F63nJazqdr2HK%2FVXu9qvL7dLbd35NS9Y4wgBuDdj73seT7xPWpCWFN6Hg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=86400
cf-ray: 7e934167bb2339d4-FRA

GET
H2 200 font-awesome.min.css
www.threatminer.org/bower_components/font-awesome/css/ 21 KB
5 KB 79ms
78ms Stylesheet
text/css 2606:4700:20::681a:feb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/font-awesome/css/font-awesome.min.css
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0fb1bbca73646e8e2b93c82e8d8b219647b13d4b440c48e338290b9a685b8de1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Apr 2015 05:02:54 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"55e0-51434f58bfb80-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c%2BJmQoMALC%2FL9j9nvKhdSaGbMPy7B%2FJRoOgYqaEmVtF4rzaw6zqhLbqtaCZW3uMRwevtnX2q3%2FXZkBxCKmTq2zVqxWUIM66Laad6slBqVyhfwScoZCJxbfu9nRmmbSOtWHQOV1uqwgK0sramoNdGWcU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=86400
cf-ray: 7e934167bb2439d4-FRA

GET
H2 200 social-share-kit.css
www.threatminer.org/dist/css/ 12 KB
3 KB 105ms
104ms Stylesheet
text/css 2606:4700:20::681a:feb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/dist/css/social-share-kit.css
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 60adb5d029ec8a5d4613d7d57ff8a799c43caae1d1d1c2e5c230d65850fd5273

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:20 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Fri, 16 Dec 2016 10:13:34 GMT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=12273
etag: W/"2ff1-543c3d291af80-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rabt%2FaJd%2Fb6ce8D5E3SNMdkWIZJh9tz6Ax8xNiZhiy01MimaWP2CsVxVrhUhU4%2BWXEkeA1gwLXgoSradpHnAlrkO%2FtVAo1WAeHTwbRnJv%2F7%2BTirL3keokomXHV5ncEdgNOdflDfoqHfwavKZIFJbjiY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=86400
cf-ray: 7e934167bb2639d4-FRA

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 146 KB
50 KB 201ms
100ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6528ecf4e47a3ee53caea545f0a8ecd5cc7bddbd7712c11710f7bbe622a00e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50818
x-xss-protection: 0
server: cafe
etag: 14063277823146636181
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 19 Jul 2023 13:19:20 GMT

GET
H2 200 widgets.js Show response
platform.twitter.com/ 91 KB
27 KB 149ms
39ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:20 GMT
content-encoding: gzip
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 27630
x-served-by: cache-iad-kiad7000096-IAD, cache-fra-etou8220046-FRA
last-modified: Tue, 24 Jan 2023 21:41:51 GMT
etag: "9e99725b7a4cd730a934afba2a438bb5+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1800
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 ajax-loader.gif
www.threatminer.org/images/ 3 KB
3 KB 87ms
75ms Image
image/gif 2606:4700:20::681a:feb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.threatminer.org/images/ajax-loader.gif
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 934abde684325043e16edeffd73752cd5f0ab00b5723d8e47a618ce3f16a3799

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:20 GMT
cf-cache-status: HIT
cf-bgj: imgq:100,h2pri
last-modified: Sat, 17 Oct 2015 00:26:24 GMT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=2608
etag: "a30-52241f64ccc00"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=29Lso%2FjAdDH%2Fz2VbA%2BO743F%2FbxTnnfYy0Qkkv1xJ6Mo3DQWYD%2BmCMHwYmWCl2aLkjD2%2BjJaEbGk8S7hVNXV340YMlefI9wOQQJ0%2BT%2BXBCDpbX4%2B%2BvleVJ3ALUpWL0aJuVUjTHunZt3LBpt14t9%2BCkPM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=86400
accept-ranges: bytes
cf-ray: 7e9341696d7c39d4-FRA
content-length: 2599

GET
H2 200 jquery-1.12.4.min.js Show response
www.threatminer.org/bower_components/jquery/dist/ 95 KB
34 KB 78ms
78ms Script
application/javascript 2606:4700:20::681a:feb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/jquery/dist/jquery-1.12.4.min.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 01 May 2017 12:15:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"17b8b-54e7561880e80-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SMffY5pLP1UtNh%2B5%2FtI8Gs37qP4bKTsig4Iwm8775sYdhy%2BKiSg9Tx8ehrIJArbBEAaS2XLqcB4KEVr87at6D9CsP%2F7PM82uCG0Elaepi%2FS%2BVar2ajMwL9In2Yhnl4ges2%2BrkYAxD6cMslmyrc3hgC0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
cf-ray: 7e9341686c0939d4-FRA

GET
H2 200 bootstrap.min.js Show response
www.threatminer.org/bower_components/bootstrap/dist/js/ 35 KB
10 KB 83ms
83ms Script
application/javascript 2606:4700:20::681a:feb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/bootstrap/dist/js/bootstrap.min.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Apr 2015 05:02:54 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"8c6f-51434f58bfb80-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6tTTbsDx5pslApCBiAXykbhhShHV2VuFxF5XhQIh9XgTKLlmn%2FeP3n40krwqxdsS%2FINxVyA7pXyISjyt3O43Dl0n75D8tI6qGuq8DR3RViwJ06ZzTcjtNfkSnDYr1zhCiQp%2FcE8FM7VYZcdBn4toQY0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
cf-ray: 7e9341686c1a39d4-FRA

GET
H2 200 metisMenu.min.js Show response
www.threatminer.org/bower_components/metisMenu/dist/ 2 KB
1 KB 72ms
64ms Script
application/javascript 2606:4700:20::681a:feb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/metisMenu/dist/metisMenu.min.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3ab0a74bbd399efdf7c9c9bffb689f0a755fc7131d5af04c8393d45f5163a69b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Apr 2015 05:02:54 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"757-51434f58bfb80-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t97%2BiDSkN4QoUMW4O3LDfR7ZllCxaYCU9FdOk%2FwSUnwxni82bJqocdTHh72jUs4Qsu5%2BKd%2BTU5UqLPb%2BtO%2FfoMOaQEo7v6XnybpSxEcaE3I85lOQqb0dSu8wZi%2FUYGXz6swPE2hMBgCIWDAve7nmXHw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
cf-ray: 7e9341695d5d39d4-FRA

GET
H2 200 jquery.dataTables.min.js Show response
www.threatminer.org/bower_components/datatables/media/js/ 81 KB
29 KB 91ms
76ms Script
application/javascript 2606:4700:20::681a:feb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables/media/js/jquery.dataTables.min.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f4d3b47b47a8a31163dad5d7fb15e27a0056d07b0c34c6089fd9225664e847c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 01 May 2017 12:24:55 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"14544-54e7582bb33c0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=94544Z058vFG%2BYPSQTEUzXHUu7Xpsvmcfi9z1bTlPyuASLTYWrSulMiFcBP%2Bhobh5BcykaJaCozTgQcug5k99B2SNTutDdAL5k7ps6XLyDGl4bAwy2Na506E6goFtnhy%2FUvKWEt6L%2FqG7hQjHbUn484%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
cf-ray: 7e9341696d6e39d4-FRA

GET
H2 200 dataTables.bootstrap.min.js Show response
www.threatminer.org/bower_components/datatables-plugins/integration/bootstrap/3/ 2 KB
1 KB 126ms
111ms Script
application/javascript 2606:4700:20::681a:feb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables-plugins/integration/bootstrap/3/dataTables.bootstrap.min.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a905062b971bfb70ba70dda1a454d9cb7f7389be7ff515f6eb9009c8e697a34b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Apr 2015 05:02:54 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"796-51434f58bfb80-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2d5o%2BtK3PPnw2NpSNIpXu2gwF9qZGqqxOWFEQ6%2F5yyfsHzUlvIUovdE1z4G3aaOv0oJpq28Yxaklo6oeiXS8rAzSyyiwAnUFcyw0QFFreB1hXquHtn%2FrGJti1U37Ului69kVLsTpJ5maGIvadmBCGQ8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
cf-ray: 7e9341696d7039d4-FRA

GET
H2 200 dataTables.buttons.min.js Show response
www.threatminer.org/bower_components/datatables-plugins/buttons/media/js/ 16 KB
6 KB 84ms
68ms Script
application/javascript 2606:4700:20::681a:feb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables-plugins/buttons/media/js/dataTables.buttons.min.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8aeaf60f6f34ced8ed9c83b249bdfc8544cc8f318294074898e6ced1d04e678c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 01 May 2017 12:34:43 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"4088-54e75a5c75ec0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lT7zcO2xdgazi%2BCy85ZRUw34IOV6aa5o8ytBG%2B%2B4XDldu7Wh%2BCmnk60hoFL6q0Zr1sSahc7ZFAwyuDxk915K0ivIUl2%2FHBIvnbUR8qQ%2B2GI3HLPTsLEpzM0G9measIMd5lEB2%2Bwp6QlVdXt7GVSsVio%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
cf-ray: 7e9341696d7139d4-FRA

GET
H2 200 pdfmake.min.js Show response
www.threatminer.org/bower_components/datatables-plugins/pdfmake/media/js/ 1 MB
391 KB 126ms
110ms Script
application/javascript 2606:4700:20::681a:feb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables-plugins/pdfmake/media/js/pdfmake.min.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf919e6fbfbf62a4f8cfaab4cf5c5f80e7c10be2bc9f7e4c70142175c0b49b4f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 01 May 2017 11:37:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"106721-54e74d7b9bc80-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5PMdWNDNzrodPSQtqrg3uoRr3d5q0yKHjLDps3U4%2FR4MEOuCG3f5grrXBxyYHpBIShVGDS0LFyxMUocTq2K7seusuHIOJKaDyLEYi6B4Bj%2BA2t7%2Bw4BM4XaeyH7ImbvE2k5K876UFmLCJvrTBgr4wcA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
cf-ray: 7e9341696d7339d4-FRA

GET
H2 200 jszip.min.js Show response
www.threatminer.org/bower_components/datatables-plugins/jszip/media/js/ 100 KB
31 KB 124ms
108ms Script
application/javascript 2606:4700:20::681a:feb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables-plugins/jszip/media/js/jszip.min.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 45b3ffadbc785de6091fa798527891eb7264e4d115e3c1a37acb60e3d70d4966

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 01 May 2017 11:36:59 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"18e33-54e74d74eecc0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BfDMHKa7o5V55HuISK%2Fyelh61U%2BUx8bXOQjuKhtvtqKj5zcLogQbQyPO5fIK6fKVINX6DzCB0nHB57xlx8hKXXgBCi5L7DGTchgViunA8UskHzzcQmsIkThBB8y2kOXsmJYNeXgWgHFBTEjsaI%2BaY9o%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
cf-ray: 7e9341696d7439d4-FRA

GET
H2 200 vfs_fonts.js Show response
www.threatminer.org/bower_components/datatables-plugins/vfs_fonts/media/js/ 933 KB
454 KB 124ms
109ms Script
application/javascript 2606:4700:20::681a:feb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables-plugins/vfs_fonts/media/js/vfs_fonts.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ecee1d502f45731162f99f4d6aa07c0315a26a8382c1b1bc3c9958ab3ff04000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:20 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Mon, 01 May 2017 11:37:11 GMT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=955603
etag: W/"e94d3-54e74d80607c0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oKKupjFYZPT1h2LiUDeRea8UcKX5eYrKCpKxjQ1yNOrgIg1ILMtctx6H%2FdDrH2eosIKsoCWqy71niTDKsGPXRhuqrdUD4Q98O6Wz4iJ9N2nQCRq%2F%2B%2F11TWRLplYKhsIGPoQ9UtbNarFsVFRg5P29qno%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
cf-ray: 7e9341696d7539d4-FRA

GET
H2 200 buttons.html5.min.js Show response
www.threatminer.org/bower_components/datatables-plugins/buttons/media/js/ 23 KB
6 KB 125ms
110ms Script
application/javascript 2606:4700:20::681a:feb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables-plugins/buttons/media/js/buttons.html5.min.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 07a081c6a38ab09a0163aecaaf77713ffae6e09d06ba1a112efef22e01857ddc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 01 May 2017 11:37:16 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"5b7a-54e74d8525300-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IkE%2F3LqyTpxk9IGMANMEjdmHFe2dwaGfNRCnQsaycG6Lq3gH0T7T1wcRgalra29XMWV3W9GT9gAJOqaGGPSxNVzOFjLS27jrAoklI%2BxuaxxdwquElZeUaibsSzJxZLVm5u1YduPN%2FcVjq1fayio42MY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
cf-ray: 7e9341696d7639d4-FRA

GET
H2 200 sb-admin-2.js Show response
www.threatminer.org/dist/js/ 756 B
705 B 86ms
71ms Script
application/javascript 2606:4700:20::681a:feb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/dist/js/sb-admin-2.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed99491fe47b5733d1ad2fbf90f5d9066d049a530d1b92ebe47be5e0c527a32e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:20 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Sat, 25 May 2019 17:16:01 GMT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=1181
etag: W/"49d-589b97821f640-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mxA%2BvDuI9Eja%2BpoMOVN7R9JIzV7Nqxj6c9XutBCvjJk7Mv4bytpVdXqXlEXaKA8yc%2Byko71MbA0fDrtZbpaPY8X8T0kvGd1S5tLhrIr%2B0bF3pHKLfVOgsxY9s2sGs5tnyizK6aaIMZ4Kx95cMC0aKHg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
cf-ray: 7e9341696d7839d4-FRA

GET
H2 200 tm_utility.js Show response
www.threatminer.org/dist/js/ 8 KB
2 KB 147ms
132ms Script
application/javascript 2606:4700:20::681a:feb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/dist/js/tm_utility.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e725928ffb665a91ca8a3631e3002edba9b0f9ec66b40a59d53db0f44827e34e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:20 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Mon, 22 Nov 2021 16:06:03 GMT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=10497
etag: W/"2901-5d162cd378793-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kclp12SdqtTx%2FZ3j6YD52t9PpWWan6kab5winkYPnCkDAmLfp70n4TXmCsUXCQnzKG3w1%2FHKPyW%2Fjovd%2FVDSipXkfgRSV9jcI0XXE4KMY1nII%2Fz9zltZHLzHTFE3Br%2BzQrpLYxZ539Fx2O9Shdyyi2I%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
cf-ray: 7e9341696d7939d4-FRA

GET
H2 200 social-share-kit.min.js Show response
www.threatminer.org/dist/js/ 6 KB
3 KB 155ms
143ms Script
application/javascript 2606:4700:20::681a:feb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/dist/js/social-share-kit.min.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac74cddb007ace18442f5111c4c23125de6031dca42bcead5ea5bfb12d2ca332

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 09 Mar 2019 16:07:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"179c-583ab8aa0e600-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eOy51kkuIfA2HNS2HnAWK7DnJ1FCYh2JfxkLgTmhgxVaQOYi35RpnnpExKq8nlWNF9PshwvTIIPbO7BARkfjodwAA7tk0J0QxyePW90JIJjCDLzVbbQ9aMKyOjsAO%2Fl0H19fpfXVn%2BYcBzKuCnSj9DY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
cf-ray: 7e9341696d7a39d4-FRA

GET
H2

200

80x15.png
licensebuttons.net/l/by/4.0/
Redirect Chain

https://i.creativecommons.org/l/by/4.0/80x15.png
https://licensebuttons.net/l/by/4.0/80x15.png

430 B
739 B

191ms
61ms

Image
image/png

2606:4700:10::ac43:73f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://licensebuttons.net/l/by/4.0/80x15.png

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0

Protocol

Server

2606:4700:10::ac43:73f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f43d4d35e7ac1e815dc0c8897806e30d928ee62e1aa6ac20f49c649f8b694004

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:21 GMT
strict-transport-security: max-age=15768000
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3766
cf-polished: origSize=640
content-length: 430
x-xss-protection: 1; mode=block
cf-bgj: imgq:100,h2pri
last-modified: Thu, 30 Apr 2020 21:59:13 GMT
server: cloudflare
etag: "5eab4a31-280"
x-frame-options: deny
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 7e93416e196f037c-FRA

Redirect headers

date: Wed, 19 Jul 2023 13:19:21 GMT
strict-transport-security: max-age=15768000
x-content-type-options: nosniff
cf-cache-status: EXPIRED
server: cloudflare
x-frame-options: deny
vary: Accept-Encoding
content-type: text/html
location: https://licensebuttons.net/l/by/4.0/80x15.png
cache-control: max-age=432000
cf-ray: 7e93416a09a0bbf5-FRA
x-xss-protection: 1; mode=block

GET
H2 200 infolinks_main.js Show response
resources.infolinks.com/js/ 4 KB
3 KB 167ms
57ms Script
application/javascript 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/infolinks_main.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 305281f47a6ff37fbaca0cc5edb707c8d6d1b7896cef8f1cc695e2e4ceb60e06

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:20 GMT
via: 1.1 google
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 19 Jul 2023 11:12:04 GMT
server: cloudflare
age: 7628
etag: W/"1039-600d519fa52f6"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600
cf-ray: 7e93416a098b3657-FRA
expires: Wed, 19 Jul 2023 12:12:12 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 140ms
39ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 19 Jul 2023 12:35:19 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 2641
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Wed, 19 Jul 2023 14:35:19 GMT

GET
H/1.1 200
OK embed.js Show response
threatminer.disqus.com/ 78 KB
25 KB 308ms
197ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://threatminer.disqus.com/embed.js

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

05edf556a96b06684f231b196cc0dbbb27f255de7cf1e4a3768fa8726faf16a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

Date: Wed, 19 Jul 2023 13:19:20 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=300; includeSubdomains
Server: openresty
Age: 0
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 25450

GET
H2 200 fontawesome-webfont.woff
www.threatminer.org/bower_components/font-awesome/fonts/ 64 KB
64 KB 87ms
86ms Font
application/font-woff 2606:4700:20::681a:feb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/font-awesome/fonts/fontawesome-webfont.woff?v=4.2.0
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/bower_components/font-awesome/css/font-awesome.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1

Request headers

Referer: https://www.threatminer.org/bower_components/font-awesome/css/font-awesome.min.css
Origin: https://www.threatminer.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Apr 2015 05:02:54 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"ffac-51434f58bfb80"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NODZpd3cfL8PZd%2BIxuqziRk9gyhFZgWWdbVS1jDk%2FkEUNDH0RzQzGGs8EF2zVrNZbxqWBnqO9NZE9iiGglETnncvVCYiz0wYv30EnTGqJptDyYgaLTNIp3BemwtVviE4Nv1GiF9I2Q4hd%2BJf32OfcNA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
cache-control: max-age=86400
cf-ray: 7e9341696d7d39d4-FRA

GET
H2 200 social-share-kit.woff
www.threatminer.org/dist/fonts/ 7 KB
7 KB 73ms
72ms Font
application/font-woff 2606:4700:20::681a:feb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/dist/fonts/social-share-kit.woff
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/dist/css/social-share-kit.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 697c41fffac431521f2db48c7426ac23b972b6eb7b1242f0bb47d6079884d3a4

Request headers

Referer: https://www.threatminer.org/dist/css/social-share-kit.css
Origin: https://www.threatminer.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 16 Dec 2016 10:13:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"1b08-543c3d291af80"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZiIpjhJb2bXu7lxBgDEcO7CamC5R5sVbYWiN1nLDcN7MCyAfeewCC8htH1Aq3%2FRcInn6qilWVM2by%2Bg6qwKc0DZrX4DUyiF7EBCbUUH01yd1szcpc2EvtMzTRNdu3OZrphA8UJIOscjQnR3U8zAP5q0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
cache-control: max-age=86400
cf-ray: 7e9341696d7e39d4-FRA

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
211 B 47ms
46ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=895798325&t=pageview&_s=1&dl=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&ul=en-us&de=UTF-8&dt=AV%3A%20Unix.Trojan.Gafgyt-6981154-0%20%7C%20ThreatMiner.org&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=1346326549&gjid=1698901503&cid=1257480026.1689772761&tid=UA-73787980-1&_gid=1696209019.1689772761&_r=1&_slc=1&z=394648227

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.threatminer.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Jul 2023 13:19:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.threatminer.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 getData.php Show response
www.threatminer.org/ 77 KB
6 KB 758ms
758ms XHR
text/html 2606:4700:20::681a:feb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/getData.php?e=samples_container&q=Unix.Trojan.Gafgyt-6981154-0&t=5&rt=2&p=1
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/dist/js/tm_utility.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 98a90b3404e5a519e77db07b5486ca2322abfd901a694ca713de7c29fa026908

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:21 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EdK3YXm%2FQoy0jNHGRA9zN6jwB3WnvUr5WOhcCYt1ED3KqV4fFAeHljpvmzwbGrQUQ%2BdTSMyC2UKtpVJJmRqQBkRuhkQZImePmyMCUUP9Z23Vtq%2FxXImnacV9%2FJ6bWX52%2FNZHZhZYYGjDMpr698Jqscw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-ray: 7e93416ba84439d4-FRA

GET
H2 200 getReport.php Show response
www.threatminer.org/ 0
284 B 811ms
810ms XHR
text/html 2606:4700:20::681a:feb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/getReport.php?e=notes_container&t=2&q=Unix.Trojan.Gafgyt-6981154-0
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/dist/js/tm_utility.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:21 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iqJQ%2FXwZjUZJa6nenveFFpfjuVKlFPTJjULolHp1uGZM9gtAh%2F%2FLaLOBTxZOIuvcxLQscFCYAT0kl1ZIYiPyYuyII%2Fkfyr52YDKcJJ44E8zblMc2VlqeoM06DbEqBllX5P0mtoiIZqFwqiJ3qiq%2FBXo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 7e93416ba84639d4-FRA

GET
H2 200 ice.js Show response
resources.infolinks.com/js/1870.002-3.027/ 186 KB
57 KB 54ms
54ms Script
application/javascript 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/1870.002-3.027/ice.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8032a22ce0e3929967e88df85bb84d8c9c078bb0b77dd5a816fcc9aad42364d7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:20 GMT
via: 1.1 google
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 12 Jul 2023 09:27:02 GMT
server: cloudflare
age: 8983
etag: W/"2e87a-60046d17b7595"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
cf-ray: 7e93416babd33657-FRA
expires: Fri, 18 Aug 2023 10:49:37 GMT

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307120102/ 357 KB
123 KB 118ms
117ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307120102/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5720763271532377&plah=www.threatminer.org&bust=31076133

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dcbc371cb3b9c8128cf9842b76da8326b8fc7a17c44b9aa46f8eaea8a71ee31e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 125715
x-xss-protection: 0
server: cafe
etag: 2137297027642951037
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 19 Jul 2023 13:19:20 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230717/r20190131/ Frame 82CE 10 KB
5 KB 128ms
40ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230717/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 64416
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4544
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 18 Jul 2023 19:25:45 GMT
etag: 12368291122986407432
expires: Tue, 01 Aug 2023 19:25:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
121 B 76ms
75ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=puberror&context=165&msg=TagError%3A%20adsbygoogle.push()%20error%3A%20All%20ins%20elements%20in%20the%20DOM%20with%20class%3Dadsbygoogle%20already%20have%20ads%20in%20them.%0Aat%20iq%20(https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%3A225%3A210)%0Aat%20Yp%20(adsbygoogle.js%3A221%3A403)%0Aat%20Up.e.client%20(adsbygoogle.js%3A215%3A42)%0Aat%20je.fa%20(adsbygoogle.js%3A51%3A224)%0Aat%20bj%20(adsbygoogle.js%3A87%3A19)%0Aat%20Up%20(adsbygoogle.js%3A215%3A31)%0Aat%20Tp%20(adsbygoogle.js%3A212%3A114)%0Aat%20adsbygoogle.js%3A232%3A350%0Aat%20je.fa%20(adsbygoogle.js%3A51%3A203)%0Aat%20bj%20(adsbygoogle.js%3A87%3A19)&shv=r20230717&mjsv=m202307120102&eid=44759875%2C44759837%2C44759926%2C31075850%2C31076133%2C31076162%2C44788441&url=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Jul 2023 13:19:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cse.js Show response
cse.google.com/ 6 KB
4 KB 203ms
74ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse.js?cx=414385693720d4156

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

803dcec8faa3dfb09ba59e5be4990cba8eb3cb0ecf1cb3a59c96ce845faaba1d

Security Headers

Name	Value
Content-Security-Policy	object-src 'none';base-uri 'self';script-src 'nonce-XHaAuOpO5xV2Ryf-j0dw9g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-XHaAuOpO5xV2Ryf-j0dw9g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
content-encoding: br
date: Wed, 19 Jul 2023 13:19:21 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2504
x-xss-protection: 0
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
server: gws
x-frame-options: SAMEORIGIN
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private
permissions-policy: unload=()
origin-trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=, AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
expires: Wed, 19 Jul 2023 13:19:21 GMT

GET
H2 200 widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html Show response
platform.twitter.com/widgets/ Frame 631E 320 KB
103 KB 39ms
39ms Document
text/html 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.threatminer.org
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: public, max-age=315360000
content-encoding: gzip
content-length: 105435
content-type: text/html; charset=utf-8
date: Wed, 19 Jul 2023 13:19:20 GMT
etag: "95e1b50b0c179aefb47b5b211bb347b5+gzip"
last-modified: Tue, 24 Jan 2023 21:41:13 GMT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
tw-cdn: FT
vary: Accept-Encoding
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
x-served-by: cache-iad-kjyo7100105-IAD, cache-fra-etou8220046-FRA

GET
H2 200 manage Show response
router.infolinks.com/usync/ Frame 6958 0
66 B 167ms
155ms Document
text/plain 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1870.002-3.027/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cf-cache-status: DYNAMIC
cf-ray: 7e93416c8d2b3657-FRA
content-length: 0
date: Wed, 19 Jul 2023 13:19:21 GMT
server: cloudflare
via: 1.1 google

GET
H2 200 lcmanage Show response
router.infolinks.com/usync/ 0
33 B 231ms
222ms Script
text/plain 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://router.infolinks.com/usync/lcmanage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1870.002-3.027/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:21 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7e93416c8d2d3657-FRA
content-length: 0

GET
H2 200 gsd Show response
router.infolinks.com/ 317 B
513 B 287ms
280ms Script
text/javascript 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://router.infolinks.com/gsd?evt=afterGSD&pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&jsv=1870.002-3.027&_cb=16897727610220
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1870.002-3.027/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85a175f70176da02c9ef722af61cf3e8345d9237ac738c7bc538010d8548ad37

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Jul 2023 13:19:21 GMT
via: 1.1 google
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
content-type: text/javascript;charset=UTF-8
p3p: CP="NON DSP NID OUR COR"
cache-control: max-age=0
cf-ray: 7e93416c8d2f3657-FRA
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 631E 869 B
658 B 378ms
153ms Fetch
application/json 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=a75d18132c6795fda7448bac2f4de85eacd4fdea

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.threatminer.org

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

x-response-time: 113
date: Wed, 19 Jul 2023 13:19:20 GMT
content-encoding: gzip
strict-transport-security: max-age=631138519
last-modified: Wed, 19 Jul 2023 13:19:21 GMT
server: tsa_o
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
x-transaction-id: cf5eb932dc8e1e0d
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
perf: 7626143928
x-connection-hash: 42a2fc53fe80146ebf01897d34c227b883bfab896734bcc59368e41b09e47e95
content-length: 337

GET
H/1.1 200
OK / Show response
disqus.com/embed/comments/ Frame AD94 149 KB
65 KB 422ms
219ms Document
text/html 151.101.0.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=Unix.Trojan.Gafgyt-6981154-0&t_u=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&t_d=AV%3A%20Unix.Trojan.Gafgyt-6981154-0&t_t=AV%3A%20Unix.Trojan.Gafgyt-6981154-0&s_o=default

Requested by

Host: threatminer.disqus.com
URL: https://threatminer.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5f442f7519fdee6add4385844cb3b1b6c7aeb6c5e0f9dadc38bf3d0af482c0fc

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ https://com-disqus.netmng.com:* 'unsafe-inline' https://referrer.disqus.com/juggler/ https://connect.facebook.net/en_US/sdk.js https://cdn.syndication.twimg.com/tweets.json https://apis.google.com https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Age: 0
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 65170
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://com-disqus.netmng.com:* 'unsafe-inline' https://referrer.disqus.com/juggler/ https://connect.facebook.net/en_US/sdk.js https://cdn.syndication.twimg.com/tweets.json https://apis.google.com https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Content-Type: text/html; charset=utf-8
Cross-Origin-Resource-Policy: cross-origin
Date: Wed, 19 Jul 2023 13:19:21 GMT
ETag: W/"lounge:view:7906359269.4f27eaa23f3212f328b6aec93b54e50f.2"
Last-Modified: Mon, 26 Jun 2023 10:03:31 GMT
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Referrer-Policy: no-referrer-when-downgrade
Server: nginx
Strict-Transport-Security: max-age=300; includeSubdomains
Timing-Allow-Origin: *
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"

GET
H/1.1 200
OK / Show response
tempest.services.disqus.com/ads-iframe/taboola/ 29 KB
10 KB 366ms
165ms XHR
text/html 199.232.192.64
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://tempest.services.disqus.com/ads-iframe/taboola/?position=top&shortname=threatminer&experiment=prebidbidisrequired&variant=active&service=dynamic&anchorColor=%23337ab7&colorScheme=light&sourceUrl=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&typeface=sans-serif&disqus_version=current
Requested by: Host: threatminer.disqus.com
URL: https://threatminer.disqus.com/embed.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.192.64 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: 2f24cb15ea263b26e180f6d5044c8c40ae720d3ce8905c8e37e88acc8bd32577

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

Date: Wed, 19 Jul 2023 13:19:21 GMT
Content-Encoding: gzip
Server: openresty
Age: 0
Vary: Accept-Encoding,
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=300
X-Service: router
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 9845

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ 43 B
339 B 333ms
137ms Image
image/gif 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?imp=91s31u9as3k28&experiment=prebidbidisrequired&variant=active&service=dynamic&area=top&product=embed&forum=threatminer&zone=thread&version=3c00c65811f2cec80a8903c739975872&page_url=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&page_referrer=&object_type=provider&event=activity&ad_product_name=iab_display&ad_product_layout=iab_display&bin=embed%3Apromoted_discovery%3Adynamic%3Aprebidbidisrequired%3Aactive&section=default&verb=call&adjective=1&forum_id=5993718

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

Date: Wed, 19 Jul 2023 13:19:21 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 397 B
608 B 199ms
50ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.threatminer.org&callback=_gfp_s_&client=ca-pub-5720763271532377

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307120102/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5720763271532377&plah=www.threatminer.org&bust=31076133

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e54075663ec8863df362b138878f27ee15c1462cad9f23021b6ba9a9c63389ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 256
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 201ms
55ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.threatminer.org

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame DDAA 436 B
382 B 221ms
211ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=250&slotname=4491384285&adk=1382012186&adf=1527761000&pi=t.ma~as.4491384285&w=299&fwrn=4&fwrnh=100&lmt=1689772761&rafmt=3&format=299x250&url=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&fwr=0&fwrattr=true&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689772760911&bpp=3&bdt=657&idt=218&shv=r20230717&mjsv=m202307120102&ptt=9&saldr=aa&abxe=1&correlator=4766789635580&frm=20&pv=2&ga_vid=1257480026.1689772761&ga_sid=1689772761&ga_hid=895798325&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=229&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759837%2C44759926%2C31075850%2C31076133%2C31076162%2C44788441&oid=2&pvsid=4108000658783393&tmod=294078861&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=DFeU7Yd6FN&p=https%3A//www.threatminer.org&dtd=233

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f36da6cfcbe8d6c46708e3b953d055efeff1016eb55e7c13848f52c52162e457

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 211
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 19 Jul 2023 13:19:21 GMT
expires: Wed, 19 Jul 2023 13:19:21 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B600 436 B
380 B 252ms
241ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=600&slotname=6407101181&adk=2989800909&adf=2245449527&pi=t.ma~as.6407101181&w=299&fwrn=4&fwrnh=100&lmt=1689772761&rafmt=1&format=299x600&url=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689772760914&bpp=1&bdt=660&idt=234&shv=r20230717&mjsv=m202307120102&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250&correlator=4766789635580&frm=20&pv=1&ga_vid=1257480026.1689772761&ga_sid=1689772761&ga_hid=895798325&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=507&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759837%2C44759926%2C31075850%2C31076133%2C31076162%2C44788441&oid=2&pvsid=4108000658783393&tmod=294078861&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=ePOrzwgnpP&p=https%3A//www.threatminer.org&dtd=237

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8d475d4ea6eaec2d17973e4640370bca1b4a7cc46e11410ab61939fe65971bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 212
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 19 Jul 2023 13:19:21 GMT
expires: Wed, 19 Jul 2023 13:19:21 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6045 436 B
380 B 250ms
240ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=1381165906&adk=2644663765&adf=151644923&pi=t.ma~as.1381165906&w=1182&fwrn=4&lmt=1689772761&rafmt=11&format=1182x200&url=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689772760915&bpp=1&bdt=661&idt=239&shv=r20230717&mjsv=m202307120102&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600&correlator=4766789635580&frm=20&pv=1&ga_vid=1257480026.1689772761&ga_sid=1689772761&ga_hid=895798325&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759837%2C44759926%2C31075850%2C31076133%2C31076162%2C44788441&oid=2&pvsid=4108000658783393&tmod=294078861&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=9Q25uxYIp8&p=https%3A//www.threatminer.org&dtd=242

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca5acd80a6f9a5f18d88e9ebb74ff3bc5b228812a301eb1823e282d3bc1dbb63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 212
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 19 Jul 2023 13:19:21 GMT
expires: Wed, 19 Jul 2023 13:19:21 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 86D1 436 B
385 B 492ms
482ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=6125219520&adk=3585176026&adf=748155151&pi=t.ma~as.6125219520&w=1200&fwrn=4&lmt=1689772761&rafmt=11&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689772760916&bpp=1&bdt=663&idt=244&shv=r20230717&mjsv=m202307120102&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200&correlator=4766789635580&frm=20&pv=1&ga_vid=1257480026.1689772761&ga_sid=1689772761&ga_hid=895798325&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=495&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759837%2C44759926%2C31075850%2C31076133%2C31076162%2C44788441&oid=2&pvsid=4108000658783393&tmod=294078861&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=GfwlS3Wnln&p=https%3A//www.threatminer.org&dtd=248

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

309fa599da76e04a59fd72164b7fc549770908d422c2210ac1eb62eaeb677cd5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 214
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 19 Jul 2023 13:19:21 GMT
expires: Wed, 19 Jul 2023 13:19:21 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cse_element__de.js Show response
www.google.com/cse/static/element/827890a761694e44/ 308 KB
103 KB 165ms
47ms Script
text/javascript 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/827890a761694e44/cse_element__de.js?usqp=CAI%3D

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=414385693720d4156

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d64c2d3836446d44b0a544580f03249825afbc4a0f307d80b811a2538442be91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 06:11:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25694
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104914
x-xss-protection: 0
last-modified: Thu, 08 Jun 2023 16:35:59 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Thu, 18 Jul 2024 06:11:07 GMT

GET
H2 200 default+de.css
www.google.com/cse/static/element/827890a761694e44/ 41 KB
9 KB 158ms
40ms Stylesheet
text/css 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/827890a761694e44/default+de.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=414385693720d4156

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c965aefdb4c6acf10f46758dc1601a64d811dcf3a378bf9e90278916aa47508f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 06:11:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25694
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9102
x-xss-protection: 0
last-modified: Thu, 08 Jun 2023 16:35:59 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Thu, 18 Jul 2024 06:11:07 GMT

GET
H2 200 default.css
www.google.com/cse/static/style/look/v4/ 4 KB
1 KB 163ms
46ms Stylesheet
text/css 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v4/default.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=414385693720d4156

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 12:52:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1630
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1345
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Wed, 19 Jul 2023 13:42:11 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3DA6 436 B
432 B 214ms
206ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=7757849485&adk=3516063199&adf=1896753424&pi=t.ma~as.7757849485&w=1200&fwrn=4&lmt=1689772761&rafmt=11&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689772760916&bpp=1&bdt=662&idt=251&shv=r20230717&mjsv=m202307120102&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200&correlator=4766789635580&frm=20&pv=1&ga_vid=1257480026.1689772761&ga_sid=1689772761&ga_hid=895798325&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=943&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759837%2C44759926%2C31075850%2C31076133%2C31076162%2C44788441&oid=2&pvsid=4108000658783393&tmod=294078861&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=l7kZO9Y22K&p=https%3A//www.threatminer.org&dtd=254

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f412d0482441d69a8e0691c39080ea424c7596bdd01c0aa864ef999ac762e3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 212
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 19 Jul 2023 13:19:21 GMT
expires: Wed, 19 Jul 2023 13:19:21 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 74ms
74ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&id=privacy_notice&cls=alert%20alert-info%20alert-dismissable%20bottom_popup&ign=false&pw=1600&ph=1200&x=800&y=1130.4

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Jul 2023 13:19:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E2A3 18 KB
6 KB 243ms
235ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&adk=1812271804&adf=3025194257&lmt=1689772761&plat=1%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&ea=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689772760946&bpp=2&bdt=692&idt=227&shv=r20230717&mjsv=m202307120102&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200&nras=1&correlator=4766789635580&frm=20&pv=1&ga_vid=1257480026.1689772761&ga_sid=1689772761&ga_hid=895798325&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759837%2C44759926%2C31075850%2C31076133%2C31076162%2C44788441&oid=2&pvsid=4108000658783393&tmod=294078861&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=6&uci=a!6&fsb=1&dtd=235

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9e587630d89abf4b627c8d41622b6b4e5585b6d74131d57bbc60caf81a75c453

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 5489
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 19 Jul 2023 13:19:21 GMT
expires: Wed, 19 Jul 2023 13:19:21 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 doq.htm Show response
rt3056.infolinks.com/action/ 1 KB
1 KB 285ms
175ms XHR
text/html 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rt3056.infolinks.com/action/doq.htm?pcode=utf-8&r=16897727613301
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1870.002-3.027/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ce1bc0b1ba248c51b4442ecb2d3f258d8dcc365257e48a39ed8978577e14f81

Request headers

Referer: https://www.threatminer.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Wed, 19 Jul 2023 13:19:21 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin
content-type: text/html;charset=UTF-8
access-control-allow-origin: https://www.threatminer.org
p3p: CP="NON DSP NID OUR COR"
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-language: de-DE
cf-ray: 7e93416f19d4bb56-FRA
x-application-context: application:prod
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 timeline.16b53cc33aaa562f8f41a495bf720289.js Show response
platform.twitter.com/js/ 8 KB
3 KB 40ms
39ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/timeline.16b53cc33aaa562f8f41a495bf720289.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 7cccd8f78bd73c79f1281052eb4c9bdf6f38386fca206da9954fdf24ab0784af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:21 GMT
content-encoding: gzip
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 2964
x-served-by: cache-iad-kjyo7100166-IAD, cache-fra-etou8220046-FRA
last-modified: Tue, 24 Jan 2023 21:41:06 GMT
etag: "569768187d20181e1cdea6aa19f3a4b4+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 async-ads.js Show response
cse.google.com/adsense/search/ 143 KB
53 KB 53ms
52ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/adsense/search/async-ads.js

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/827890a761694e44/cse_element__de.js?usqp=CAI%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

39cc3c3de5c489939b8bfb390951631fea0e8c2e321a97aa28c1c10f099b3811

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
etag: "17244570259920034905"
vary: Accept-Encoding
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
accept-ranges: bytes
expires: Wed, 19 Jul 2023 13:19:21 GMT

GET
H2 200 clear.png
www.google.com/cse/static/css/v2/ 1018 B
1 KB 41ms
40ms Image
image/png 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/cse/static/css/v2/clear.png

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/827890a761694e44/default+de.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/cse/static/element/827890a761694e44/default+de.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Sat, 15 Jul 2023 22:20:39 GMT
x-content-type-options: nosniff
age: 313122
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1018
x-xss-protection: 0
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Sun, 14 Jul 2024 22:20:39 GMT

GET
H2 200 branding.png
www.google.com/cse/static/images/1x/de/ 1 KB
2 KB 41ms
40ms Image
image/png 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/cse/static/images/1x/de/branding.png

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5ee9e63e519096342d5899e32f1a38b4880ffba6b2aff64178b955a3b7f3a80d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Tue, 18 Jul 2023 21:47:09 GMT
x-content-type-options: nosniff
age: 55932
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1512
x-xss-protection: 0
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Wed, 17 Jul 2024 21:47:09 GMT

GET
H2 200 v1 Show response
cse.google.com/cse/element/ 14 KB
3 KB 280ms
279ms Script
application/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse/element/v1?rsz=filtered_cse&num=10&hl=de&source=gcsc&gss=.com&cselibv=827890a761694e44&cx=414385693720d4156&q=Unix.Trojan.Gafgyt-6981154-0&safe=active&cse_tok=AB-tC_76DNFmQ9Aczw8Jaq_xN2ph:1689772761105&lr=&cr=&gl=&filter=0&sort=&as_oq=&as_sitesearch=&exp=csqr,cc&callback=google.search.cse.api6157

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/827890a761694e44/cse_element__de.js?usqp=CAI%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dde853047ad3cfbce38982bb7c48f80d22d56b89409b68370260aea21f20b176

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-gbKUHeVeUPPk5NnGKVChVA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/QualityProseCsqrElementHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/QualityProseCsqrElementHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/QualityProseCsqrElementHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:21 GMT
content-security-policy: script-src 'report-sample' 'nonce-gbKUHeVeUPPk5NnGKVChVA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/QualityProseCsqrElementHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/QualityProseCsqrElementHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/QualityProseCsqrElementHttp/cspreport
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 204 generate_204
clients1.google.com/ 0
117 B 161ms
40ms Image
text/plain 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clients1.google.com/generate_204
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:21 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 loader.js Show response
cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/ Frame D89A 266 KB
62 KB 141ms
42ms Script
application/javascript 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: c10245ca307437013c8da4c628999d2a4e4ba8e69e40520ca3c6f1994309abd5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

x-amz-version-id: 6eV72U5W1pruPqqkGmaHB2LD8Fp1cRkC
content-encoding: gzip
via: 1.1 varnish
date: Wed, 19 Jul 2023 13:19:21 GMT
x-amz-request-id: FT1JBED38ZZP9JDN
age: 9463
x-amz-server-side-encryption: AES256
x-cache: HIT
x-from-cache: 1
x-envoy-upstream-service-time: 8
x-amz-replication-status: FAILED
content-length: 62972
x-amz-id-2: C5DvkwruVzX2wd8fAr8DAsa68IKsSZW6p1wTqaHq4LG2jdYGKbSfljMW7N6LpG1V3OnLSURY8gE=
x-served-by: cache-fra-eddf8230095-FRA
last-modified: Wed, 19 Jul 2023 09:50:53 UTC
server: nginx
x-tbl-debug: bestatus=200,beresp=OK
x-timer: S1689772762.596758,VS0,VE2
etag: "4b6d941ac67e60cc6b1e5a29613b338c486b009e"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
abp: 14
cache-control: private,max-age=14400
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 ThreatMiner Show response
syndication.twitter.com/srv/timeline-profile/screen-name/ Frame 6065 5 KB
2 KB 176ms
176ms Document
text/html 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/srv/timeline-profile/screen-name/ThreatMiner?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=500px&origin=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&sessionId=a75d18132c6795fda7448bac2f4de85eacd4fdea&showHeader=true&showReplies=false&theme=light&transparent=false&widgetsVersion=aaf4084522e3a%3A1674595607486

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

58890ddb51ddfea690b70cd9bf63746fdf7cc565b2a3bc122557c92d3333702b

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Xss-Protection	0

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: must-revalidate, max-age=60
content-encoding: gzip
content-length: 1863
content-type: text/html; charset=utf-8
date: Wed, 19 Jul 2023 13:19:21 GMT
etag: "14e8-kbOCi0VLET5rtdoomS5KIkK+rb4"
perf: 7626143928
server: tsa_o
strict-transport-security: max-age=631138519
x-connection-hash: 42a2fc53fe80146ebf01897d34c227b883bfab896734bcc59368e41b09e47e95
x-response-time: 131
x-transaction-id: 6283deae4d2a083f
x-xss-protection: 0

GET
H2 200 lounge.load.3c00c65811f2cec80a8903c739975872.js Show response
c.disquscdn.com/next/embed/ Frame AD94 1 KB
1 KB 195ms
48ms Script
application/javascript 2600:9000:2247:c800:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.load.3c00c65811f2cec80a8903c739975872.js

Requested by

Host: disqus.com
URL: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=Unix.Trojan.Gafgyt-6981154-0&t_u=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&t_d=AV%3A%20Unix.Trojan.Gafgyt-6981154-0&t_t=AV%3A%20Unix.Trojan.Gafgyt-6981154-0&s_o=default

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2247:c800:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

ae05b8f9cd0f5597f74764396a6e173dccbea0204340a1dc1ce1a5faf1277612

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=Unix.Trojan.Gafgyt-6981154-0&t_u=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&t_d=AV%3A%20Unix.Trojan.Gafgyt-6981154-0&t_t=AV%3A%20Unix.Trojan.Gafgyt-6981154-0&s_o=default
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

x-cache-hits: 0
date: Mon, 10 Jul 2023 13:47:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ea387b850914681ced817b614bc2da7c.cloudfront.net (CloudFront)
x-amz-cf-pop: MXP63-P2
age: 775902
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 624
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Mon, 10 Jul 2023 13:41:14 GMT
server: nginx
etag: "64ac0a7a-270"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: uSRvA-iYShy6KPUW7nXwVnpEcA0DbsrV7UfCv02EWuxSiL5cnY37KA==
expires: Tue, 09 Jul 2024 13:47:39 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 384 B
313 B 50ms
48ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.threatminer.org&client=google-coop&product=SAS&callback=__sasCookie

Requested by

Host: cse.google.com
URL: https://cse.google.com/adsense/search/async-ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f26ab9ab7a00b45f0cf4debcb2b30141557cb8dc28094a09c3dcc9911fdd8b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 244
x-xss-protection: 0

GET
H3 200 ads Show response
cse.google.com/cse_v2/ Frame D3B2 821 B
477 B 225ms
225ms Document
text/html 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse_v2/ads?adsafe=high&pcsa=true&cx=414385693720d4156&fexp=20606&client=google-coop&q=Unix.Trojan.Gafgyt-6981154-0&r=m&hl=de&type=0&oe=UTF-8&ie=UTF-8&format=p4&ad=p4&nocache=9641689772761630&num=0&output=uds_ads_only&source=gcsc&v=3&bsl=10&pac=0&u_his=2&u_tz=0&dt=1689772761631&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=1712&frm=0&cl=547804711&uio=-&jsid=csa&jsv=547804711&rurl=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&adbw=master-1%3A271

Requested by

Host: cse.google.com
URL: https://cse.google.com/adsense/search/async-ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

83f2c698d09877c3f874d6680d5ab35ad9b9194b6613eee5f7a35870080719ea

Security Headers

Name	Value
Content-Security-Policy	object-src 'none';base-uri 'self';script-src 'nonce-xOpELzgEVkvD94zdESd9tg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Xss-Protection	0

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=3600
content-encoding: br
content-length: 455
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-xOpELzgEVkvD94zdESd9tg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
content-type: text/html; charset=UTF-8
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
date: Wed, 19 Jul 2023 13:19:21 GMT
expires: Wed, 19 Jul 2023 13:19:21 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
server: gws
x-xss-protection: 0

GET
H2 200 in_search.js Show response
resources.infolinks.com/js/1870.002-3.027/ 225 KB
89 KB 59ms
58ms Script
application/javascript 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/1870.002-3.027/in_search.js
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1870.002-3.027/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2793a2480ec92bb88b69925fb42235bf9e2c074c69f4741e494b6ff2665e38a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:21 GMT
via: 1.1 google
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 12 Jul 2023 09:27:02 GMT
server: cloudflare
age: 5484
etag: W/"383f1-60046d17b7595"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
cf-ray: 7e9341707b433657-FRA
expires: Fri, 18 Aug 2023 11:47:57 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 345 KB
119 KB 155ms
47ms Script
text/javascript 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1870.002-3.027/ice.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ab8a3637b0bea5bf31a60ecf6a82f92ee5e06f3eeb89282350962337f91c3009

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121727
x-xss-protection: 0
expires: Wed, 19 Jul 2023 13:19:21 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 83ms
81ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_success&c=0&wpc=ca-pub-5720763271532377&warn=13&w=1600&h=1200&pp=0&ppp=0&eatf=false&eatfAbg=false&reatf=true&a=6%2C1%2C5%2C7&apv=20230712_103852&sat=1689531278704&afm=0&as_count=5&d_count=0&ng_count=0&am_count=0&atf_count=5&mdns=0.536&alldns=0.536&allp=38&pgh=2703&abl=false&rr=n&su=www.threatminer.org&pvc=4108000658783393&r=0.1&eid=44759875%2C44759837%2C44759926%2C31075850%2C31076133%2C31076162%2C44788441

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Jul 2023 13:19:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 runtime-2cef2cd3029217be2b2d.js Show response
platform.twitter.com/_next/static/chunks/ Frame 6065 4 KB
2 KB 41ms
39ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/runtime-2cef2cd3029217be2b2d.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/ThreatMiner?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=500px&origin=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&sessionId=a75d18132c6795fda7448bac2f4de85eacd4fdea&showHeader=true&showReplies=false&theme=light&transparent=false&widgetsVersion=aaf4084522e3a%3A1674595607486
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: a5b37032efedf9b583cf3300674381f3cea172655df6be23f0ae1c4df8bcb665

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:21 GMT
content-encoding: gzip
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 2231
x-served-by: cache-iad-kcgs7200128-IAD, cache-fra-etou8220046-FRA
last-modified: Tue, 27 Jun 2023 19:44:59 GMT
etag: "eb889f102ce828c998bb02a52af6f77e+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 modules.20f98d7498a59035a762.js Show response
platform.twitter.com/_next/static/chunks/ Frame 6065 286 KB
94 KB 44ms
42ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/modules.20f98d7498a59035a762.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/ThreatMiner?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=500px&origin=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&sessionId=a75d18132c6795fda7448bac2f4de85eacd4fdea&showHeader=true&showReplies=false&theme=light&transparent=false&widgetsVersion=aaf4084522e3a%3A1674595607486
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 9013a9ca40a672ee35978b117e54d8b342cb591e8951f599a2b6dfef9d9fa723

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:21 GMT
content-encoding: gzip
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 95842
x-served-by: cache-iad-kcgs7200041-IAD, cache-fra-etou8220046-FRA
last-modified: Tue, 07 Mar 2023 20:15:15 GMT
etag: "1c54378254eefb52fea75b3c31dfe51d+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 main-fd9ef5eb169057cda26d.js Show response
platform.twitter.com/_next/static/chunks/ Frame 6065 90 B
194 B 54ms
52ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/main-fd9ef5eb169057cda26d.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/ThreatMiner?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=500px&origin=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&sessionId=a75d18132c6795fda7448bac2f4de85eacd4fdea&showHeader=true&showReplies=false&theme=light&transparent=false&widgetsVersion=aaf4084522e3a%3A1674595607486
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: eefd62bfe6d0ad2f3f2b7bddb8f2c46d7c8b6ed4897e3f9309968a58dc078753

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:21 GMT
content-encoding: gzip
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 85
x-served-by: cache-iad-kiad7000137-IAD, cache-fra-etou8220046-FRA
last-modified: Tue, 07 Mar 2023 20:15:15 GMT
etag: "1d1fa0644a94523711b2bb99a8d652bc+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 _app-6ed494f5458c72a92281.js Show response
platform.twitter.com/_next/static/chunks/pages/ Frame 6065 1 KB
801 B 54ms
52ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/pages/_app-6ed494f5458c72a92281.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/ThreatMiner?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=500px&origin=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&sessionId=a75d18132c6795fda7448bac2f4de85eacd4fdea&showHeader=true&showReplies=false&theme=light&transparent=false&widgetsVersion=aaf4084522e3a%3A1674595607486
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 729cfa84928e7a87a4a4551df25c1406da86af8f0ebd2f579460546d11722326

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:21 GMT
content-encoding: gzip
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 668
x-served-by: cache-iad-kiad7000150-IAD, cache-fra-etou8220046-FRA
last-modified: Sat, 11 Feb 2023 00:59:57 GMT
etag: "2856f57c62c238a564ef576bbc50ca4a+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 %5BscreenName%5D-c33f0b02841cffc3e9b4.js Show response
platform.twitter.com/_next/static/chunks/pages/timeline-profile/screen-name/ Frame 6065 13 KB
2 KB 54ms
53ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/pages/timeline-profile/screen-name/%5BscreenName%5D-c33f0b02841cffc3e9b4.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/ThreatMiner?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=500px&origin=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&sessionId=a75d18132c6795fda7448bac2f4de85eacd4fdea&showHeader=true&showReplies=false&theme=light&transparent=false&widgetsVersion=aaf4084522e3a%3A1674595607486
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: bd18e405cbfb6fb5c27224b38e792c8b6542d9b7eae37aa5883808b69392dcef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:21 GMT
content-encoding: gzip
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 1290
x-served-by: cache-iad-kjyo7100087-IAD, cache-fra-etou8220046-FRA
last-modified: Tue, 07 Mar 2023 20:15:15 GMT
etag: "e78034c651c8a81b2acd83dc7e7ad407+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 _buildManifest.js Show response
platform.twitter.com/_next/static/vn5fUacsNpP-nIkFRlFf6/ Frame 6065 1 KB
596 B 42ms
41ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/vn5fUacsNpP-nIkFRlFf6/_buildManifest.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/ThreatMiner?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=500px&origin=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&sessionId=a75d18132c6795fda7448bac2f4de85eacd4fdea&showHeader=true&showReplies=false&theme=light&transparent=false&widgetsVersion=aaf4084522e3a%3A1674595607486
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 7a4a63c52bdfab0ab459b1b77dad4a4ce4e1f7dfdfdba0b2013ba32f0690e15f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:21 GMT
content-encoding: gzip
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 451
x-served-by: cache-iad-kiad7000135-IAD, cache-fra-etou8220046-FRA
last-modified: Tue, 27 Jun 2023 19:44:59 GMT
etag: "bd9a3afe8a64146469f036be13628170+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 _ssgManifest.js Show response
platform.twitter.com/_next/static/vn5fUacsNpP-nIkFRlFf6/ Frame 6065 76 B
189 B 42ms
42ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/vn5fUacsNpP-nIkFRlFf6/_ssgManifest.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/ThreatMiner?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=500px&origin=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&sessionId=a75d18132c6795fda7448bac2f4de85eacd4fdea&showHeader=true&showReplies=false&theme=light&transparent=false&widgetsVersion=aaf4084522e3a%3A1674595607486
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 653f3e53e89b4f8548ff86c19e92bb3c6b84b6be7485a320b1e00893ed877479

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:21 GMT
content-encoding: gzip
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 60
x-served-by: cache-iad-kjyo7100146-IAD, cache-fra-etou8220046-FRA
last-modified: Tue, 27 Jun 2023 19:44:59 GMT
etag: "abee47769bf307639ace4945f9cfd4ff+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 impl.20230705-26_b2-PR-58260-DEV-131119--remove-po-1a351587653.js Show response
cdn.taboola.com/libtrc/ Frame D89A 788 KB
163 KB 51ms
51ms Script
application/javascript 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20230705-26_b2-PR-58260-DEV-131119--remove-po-1a351587653.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 562354aa8914725cf4375fda72b5407fc8a456380de570089dcfd801ea769a8c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

x-amz-version-id: VrW1dQG_9Umx1kUyHlwLpTnbJY99If8B
content-encoding: br
via: 1.1 varnish
date: Wed, 19 Jul 2023 13:19:21 GMT
x-amz-request-id: EHRE9PQDHHBY4R9R
age: 2760
x-amz-server-side-encryption: AES256
x-cache: HIT
content-length: 166759
x-amz-id-2: NOIbUtY/f8S9EhUHFaTwdnF+jEznSuIp4ixSsLy1YoPogXt9g6mO/4W0be0MUrpls/6wgmR5YKJ0TPN9bpSICw==
x-served-by: cache-fra-eddf8230095-FRA
last-modified: Wed, 05 Jul 2023 19:16:07 GMT
server: AmazonS3-br
x-tbl-debug: bestatus=200,beresp=OK
x-timer: S1689772762.841355,VS0,VE0
etag: "6a26de4bda59ff0c8dc0f19496fa9bcf"
vary: Accept-Encoding
content-type: application/javascript
abp: 88
access-control-allow-origin: *
cache-control: private,max-age=14400
accept-ranges: bytes
x-cache-hits: 616

GET
H2 200 tr5
cdn.taboola.com/libtrc/ Frame D89A 3 B
79 B 46ms
46ms Image
text/html 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/libtrc/tr5?abgroup=app-install-new-layout-v6_var
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

x-served-by: cache-fra-eddf8230095-FRA
date: Wed, 19 Jul 2023 13:19:21 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1689772762.841331,VS0,VE0
x-cache: HIT
content-type: text/html
access-control-allow-origin: *
cache-control: private,max-age=14400
accept-ranges: bytes
content-length: 3
retry-after: 0
x-cache-hits: 0

GET
H2 200 getads.htm Show response
rt3056.infolinks.com/action/ 138 B
289 B 217ms
216ms Script
text/html 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rt3056.infolinks.com/action/getads.htm?hks=%5B%7B%22lid%22%3A%22d_IL_INSEARCH%22%2C%22bdc%22%3A1%2C%22prod_t%22%3A%22d%22%2C%22garc%22%3A0%2C%22sdata%22%3A%22license%22%2C%22scs%22%3A%22-EzFDHDyFu%22%7D%5D&rid=610bb350-bfa9-4641-8029-c51837a579f1&jsv=1870.002-3.027&sr=1600X1200&rts=1689772761845&cfv=-1&cb=getAdsResponse&os=Windows&ov=10&br=Chrome&bv=115.0.5790.98&dv=p&ce=t&purl=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&tzo=-0000&c=c&strg=true&sua=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%7D&rsd=T3t_oUwWCECeLJH9XFIub5pfTrDa8P6GgScjWp-nm5av_9RTiXFbzU4wu0kktWmUYZF4jUWkWbv2frYaZ1zK9ySm89HiMBkiHQB4CHQr7DCXcdveFXUvzJf-8j7-dzACUbe2gdQkt3rPsYcR_kRwCkE8NAPSF1Bj&rsk=64&rcs=KQ6trPwYoPIK8g2qtq1WJg&cuid=59274978-c444-4462-ab13-6c2d0d5d2046&hbnr=false
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1870.002-3.027/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3213448f16d6a360d0e39ee82c9307e22a5d3cc28a4c753a69defea70a730572

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Jul 2023 13:19:22 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
p3p: CP="NON DSP NID OUR COR"
content-language: de-DE
content-type: text/html;charset=UTF-8
cache-control: no-cache,no-store
cf-ray: 7e934171adea3657-FRA
x-application-context: application:prod
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 204 009740c9-f487-4513-8701-6eae104d7bed
csp.withgoogle.com/csp/lcreport/ 0
0 178ms
57ms Ping
text/html 2a00:1450:4001:829::2011
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csp.withgoogle.com/csp/lcreport/009740c9-f487-4513-8701-6eae104d7bed
Requested by: Host: www.google.com
URL: https://www.google.com/cse/static/element/827890a761694e44/cse_element__de.js?usqp=CAI%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2011 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.threatminer.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 images
encrypted-tbn2.gstatic.com/ 12 KB
12 KB 270ms
130ms Image
image/jpeg 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/images?q=tbn:ANd9GcSesTcAPhpVxEsNqs8iPevg9YWqiYRE8DrGZnVFi2o05yYHafJywx6t7jK6

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90d56a5eb6932b185ca77cbbeed7dcd257c62b97cfb2b09e721e250d72c6c1e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:22 GMT
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11884
x-xss-protection: 0
last-modified: Sun, 15 Nov 2015 13:18:37 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 18 Jul 2024 13:19:22 GMT

GET
H3 200 branding.png
www.google.com/cse/static/images/1x/de/ 1 KB
2 KB 52ms
49ms Image
image/png 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/cse/static/images/1x/de/branding.png

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5ee9e63e519096342d5899e32f1a38b4880ffba6b2aff64178b955a3b7f3a80d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Tue, 18 Jul 2023 21:47:09 GMT
x-content-type-options: nosniff
age: 55932
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1512
x-xss-protection: 0
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Wed, 17 Jul 2024 21:47:09 GMT

GET
H2 200 common.bundle.42272221620e218896f3973a3bb140e2.js Show response
c.disquscdn.com/next/embed/ Frame AD94 280 KB
93 KB 154ms
56ms Script
application/javascript 2600:9000:2247:c800:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.42272221620e218896f3973a3bb140e2.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.load.3c00c65811f2cec80a8903c739975872.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2247:c800:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

d23fd6a13b657ba55789f4a8b098f72d86e253917a83af15a2e4e6ed23a9e5c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=Unix.Trojan.Gafgyt-6981154-0&t_u=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&t_d=AV%3A%20Unix.Trojan.Gafgyt-6981154-0&t_t=AV%3A%20Unix.Trojan.Gafgyt-6981154-0&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 16 Jun 2023 20:18:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 64f80ca426b5a59bdd6397ea5b2d845c.cloudfront.net (CloudFront)
x-amz-cf-pop: MXP63-P2
age: 2826057
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 94141
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Fri, 16 Jun 2023 20:12:30 GMT
server: nginx
etag: "648cc22e-16fbd"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: cSXzloXYmoH7k1TJbzqO6jHieh6UVnonaCVK3jOxTkz0jmRL9MF_Yw==
expires: Sat, 15 Jun 2024 20:18:25 GMT

GET
H3 200 async-ads.js Show response
cse.google.com/adsense/search/ Frame D3B2 143 KB
52 KB 49ms
49ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/adsense/search/async-ads.js?pac=0

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse_v2/ads?adsafe=high&pcsa=true&cx=414385693720d4156&fexp=20606&client=google-coop&q=Unix.Trojan.Gafgyt-6981154-0&r=m&hl=de&type=0&oe=UTF-8&ie=UTF-8&format=p4&ad=p4&nocache=9641689772761630&num=0&output=uds_ads_only&source=gcsc&v=3&bsl=10&pac=0&u_his=2&u_tz=0&dt=1689772761631&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=1712&frm=0&cl=547804711&uio=-&jsid=csa&jsv=547804711&rurl=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&adbw=master-1%3A271

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

39cc3c3de5c489939b8bfb390951631fea0e8c2e321a97aa28c1c10f099b3811

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cse.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
etag: "17244570259920034905"
vary: Accept-Encoding
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
accept-ranges: bytes
expires: Wed, 19 Jul 2023 13:19:21 GMT

GET
H2 200 2.691622e4391d1973cb65.js Show response
platform.twitter.com/_next/static/chunks/ Frame 6065 23 KB
8 KB 43ms
42ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/2.691622e4391d1973cb65.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-2cef2cd3029217be2b2d.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 2adcd0a627dee2ac4ab782a00745d7678e374dc4625ddf673a88121977d77c67

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:21 GMT
content-encoding: gzip
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 7674
x-served-by: cache-iad-kiad7000057-IAD, cache-fra-etou8220046-FRA
last-modified: Tue, 07 Mar 2023 20:15:15 GMT
etag: "942b5b928a24465d1906b4716131d896+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 16.142d2ae66656c89148d4.js Show response
platform.twitter.com/_next/static/chunks/ Frame 6065 36 KB
12 KB 43ms
43ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/16.142d2ae66656c89148d4.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-2cef2cd3029217be2b2d.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 7ccaf896a943bdeb36d41b39bbf98d23dfe1c9a8ae55a6dacdadb2638dbebb8d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:21 GMT
content-encoding: gzip
x-amz-server-side-encryption: AES256
x-cache: MISS, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 11742
x-served-by: cache-iad-kcgs7200147-IAD, cache-fra-etou8220046-FRA
last-modified: Tue, 27 Jun 2023 19:44:59 GMT
etag: "83f133db31f2f224334873b637da46cb+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 0.5686651481f4464c5717.js Show response
platform.twitter.com/_next/static/chunks/ Frame 6065 314 KB
104 KB 40ms
39ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/0.5686651481f4464c5717.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-2cef2cd3029217be2b2d.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 97faf872f051e026ad60fe49411ea63058763bb7f1b3f83db644a19bbcdc05cd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:22 GMT
content-encoding: gzip
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 106304
x-served-by: cache-iad-kiad7000146-IAD, cache-fra-etou8220046-FRA
last-modified: Tue, 27 Jun 2023 19:44:59 GMT
etag: "b9b1dd7ae92ad3982af11fe7072b6664+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 4.fbbd25113f2df4fe737c.js Show response
platform.twitter.com/_next/static/chunks/ Frame 6065 247 KB
66 KB 48ms
47ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/4.fbbd25113f2df4fe737c.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-2cef2cd3029217be2b2d.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 377dcba0ba5794ca4856fc650b5ce17cd30c62787b1a784f2247a7b86d95bec8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:22 GMT
content-encoding: gzip
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 67792
x-served-by: cache-iad-kcgs7200071-IAD, cache-fra-etou8220046-FRA
last-modified: Tue, 27 Jun 2023 19:44:59 GMT
etag: "ab046685ef0879ed66eafd971fc107a6+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 1.184d2a3edeaf2b598b70.js Show response
platform.twitter.com/_next/static/chunks/ Frame 6065 132 KB
35 KB 52ms
52ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/1.184d2a3edeaf2b598b70.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-2cef2cd3029217be2b2d.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 2094344b2bff06c92b1adf03e3bdb9506632a5511909448629f64d1b2bc0e004

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:22 GMT
content-encoding: gzip
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 35879
x-served-by: cache-iad-kiad7000110-IAD, cache-fra-etou8220046-FRA
last-modified: Tue, 27 Jun 2023 19:44:59 GMT
etag: "76a15f84c29af44712ea9a662e02ffd5+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 3.6dd7cdd29a2101a1c884.js Show response
platform.twitter.com/_next/static/chunks/ Frame 6065 657 KB
161 KB 52ms
51ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/3.6dd7cdd29a2101a1c884.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-2cef2cd3029217be2b2d.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 94441dd203830058a19eb0892915df9cbe91edfb3673bc1c6b4512f4c7edc39f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:22 GMT
content-encoding: gzip
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 164892
x-served-by: cache-iad-kiad7000147-IAD, cache-fra-etou8220046-FRA
last-modified: Tue, 27 Jun 2023 19:44:59 GMT
etag: "ed8ce1225c6b70140167ad888dbe53de+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 6.d6877f687dd7f7c5c2dc.js Show response
platform.twitter.com/_next/static/chunks/ Frame 6065 2 KB
1 KB 52ms
51ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/6.d6877f687dd7f7c5c2dc.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-2cef2cd3029217be2b2d.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 713a5085778002ac882de664c065bc7a55a26c6091d12c39a038bac7b70dcf45

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:22 GMT
content-encoding: gzip
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 1276
x-served-by: cache-iad-kiad7000165-IAD, cache-fra-etou8220046-FRA
last-modified: Tue, 27 Jun 2023 19:44:59 GMT
etag: "0e9ca787dfdcbf5ffeb7df678ec8f6df+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 vidice.js Show response
resources.infolinks.com/js/vidice/2.0/ 333 KB
86 KB 57ms
57ms Script
application/javascript 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/vidice/2.0/vidice.js
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1870.002-3.027/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b2bdac211f43fbee9eeb4d50f8755206599f76296cd15316a97c9d2cb2050d2f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:22 GMT
via: 1.1 google
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 20 Mar 2023 11:31:12 GMT
server: cloudflare
age: 12143
etag: W/"5344d-5f75343a1bcf7"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
cf-ray: 7e93417348af3657-FRA
expires: Fri, 18 Aug 2023 09:56:59 GMT

GET
H2 200 lounge.dbc47866f009f9d6f1556cd58214d9a3.css
c.disquscdn.com/next/embed/styles/ Frame AD94 233 KB
33 KB 54ms
54ms Stylesheet
text/css 2600:9000:2247:c800:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.42272221620e218896f3973a3bb140e2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2247:c800:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

61779c74768b5eb298860ceb7d7cf06f2b228fdc53df72b530490a792a5b8a59

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=Unix.Trojan.Gafgyt-6981154-0&t_u=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&t_d=AV%3A%20Unix.Trojan.Gafgyt-6981154-0&t_t=AV%3A%20Unix.Trojan.Gafgyt-6981154-0&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

x-cache-hits: 0
date: Tue, 30 May 2023 18:53:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 64f80ca426b5a59bdd6397ea5b2d845c.cloudfront.net (CloudFront)
x-amz-cf-pop: MXP63-P2
age: 4299962
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 33282
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Tue, 30 May 2023 18:28:53 GMT
server: nginx
etag: "64764065-8202"
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: XgDOqqeQ7UJ-wL0FpjyCS1RrzBUwkNfg9kCFyRt8mxGR56_RRjK2Tg==
expires: Wed, 29 May 2024 18:53:20 GMT

GET
H2 200 lounge.bundle.9252e8c30002c02fb7a36ab614c3c6ee.js Show response
c.disquscdn.com/next/embed/ Frame AD94 513 KB
129 KB 61ms
60ms Script
application/javascript 2600:9000:2247:c800:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.9252e8c30002c02fb7a36ab614c3c6ee.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.42272221620e218896f3973a3bb140e2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2247:c800:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

417412fab0fb1f36d3771b208b38a4342dcef4f9c2fdd9287d7bd7e51d63bd74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=Unix.Trojan.Gafgyt-6981154-0&t_u=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&t_d=AV%3A%20Unix.Trojan.Gafgyt-6981154-0&t_t=AV%3A%20Unix.Trojan.Gafgyt-6981154-0&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

x-cache-hits: 0
date: Mon, 10 Jul 2023 13:47:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 64f80ca426b5a59bdd6397ea5b2d845c.cloudfront.net (CloudFront)
x-amz-cf-pop: MXP63-P2
age: 775902
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 130983
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Mon, 10 Jul 2023 13:41:15 GMT
server: nginx
etag: "64ac0a7b-1ffa7"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: bZVlLmsf5MRd852b8LzTS1ZHAHBHtmBaH5BUxudtQQO6QyxWke1Psw==
expires: Tue, 09 Jul 2024 13:47:40 GMT

GET
H/1.1 200
OK config.js Show response
disqus.com/next/ Frame AD94 18 KB
19 KB 39ms
39ms Script
application/javascript 151.101.0.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.42272221620e218896f3973a3bb140e2.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

52a3a3da0b9315d0761e96afd11f6ace725b86dcce0cd40b35eecfe36d936527

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=Unix.Trojan.Gafgyt-6981154-0&t_u=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&t_d=AV%3A%20Unix.Trojan.Gafgyt-6981154-0&t_t=AV%3A%20Unix.Trojan.Gafgyt-6981154-0&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

Date: Wed, 19 Jul 2023 13:19:22 GMT
Strict-Transport-Security: max-age=300; includeSubdomains
X-Content-Type-Options: nosniff
Server: nginx
Age: 12
X-Frame-Options: SAMEORIGIN
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 18754
X-XSS-Protection: 1; mode=block

GET
H2 200 ondemand.Dropdown.d716bae5b8f017ef3f36.js Show response
platform.twitter.com/_next/static/chunks/ Frame 6065 7 KB
3 KB 40ms
40ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/ondemand.Dropdown.d716bae5b8f017ef3f36.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-2cef2cd3029217be2b2d.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 1c0486acafe63a074adbd08ecc9cad99ee106f3701e2b93c2a75533774f7faba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:22 GMT
content-encoding: gzip
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 2822
x-served-by: cache-iad-kiad7000034-IAD, cache-fra-etou8220046-FRA
last-modified: Tue, 27 Jun 2023 19:44:59 GMT
etag: "ee85bb78f0eb1080fd5fc8c4d4cddbb8+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 jot
syndication.twitter.com/i/ Frame 6065 43 B
127 B 146ms
146ms Image
image/gif 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1689772762244%2C%22event_namespace%22%3A%7B%22action%22%3A%22no-results%22%2C%22client%22%3A%22tfw%22%2C%22page%22%3A%22timeline-profile%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%22aaf4084522e3a%3A1674595607486%22%2C%22dnt%22%3Atrue%2C%22widget_id%22%3A%22twitter-widget-0%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%22bb06567%3A1687853948269%22%2C%22widget_data_source%22%3A%22screen-name%3AThreatMiner%22%7D&dnt=1&session_id=a75d18132c6795fda7448bac2f4de85eacd4fdea

Requested by

Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/ThreatMiner?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=500px&origin=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&sessionId=a75d18132c6795fda7448bac2f4de85eacd4fdea&showHeader=true&showReplies=false&theme=light&transparent=false&widgetsVersion=aaf4084522e3a%3A1674595607486

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/srv/timeline-profile/screen-name/ThreatMiner?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=500px&origin=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&sessionId=a75d18132c6795fda7448bac2f4de85eacd4fdea&showHeader=true&showReplies=false&theme=light&transparent=false&widgetsVersion=aaf4084522e3a%3A1674595607486
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

x-response-time: 106
date: Wed, 19 Jul 2023 13:19:21 GMT
strict-transport-security: max-age=631138519
last-modified: Wed, 19 Jul 2023 13:19:22 GMT
server: tsa_o
vary: Origin
content-type: image/gif
x-transaction-id: a571dff6b2c1f432
cache-control: must-revalidate, max-age=600
perf: 7626143928
x-connection-hash: 42a2fc53fe80146ebf01897d34c227b883bfab896734bcc59368e41b09e47e95
content-length: 43

GET
H/1.1 200
OK details Show response
disqus.com/api/3.0/forums/ Frame AD94 3 KB
3 KB 163ms
163ms XHR
application/json 151.101.0.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/forums/details?forum=threatminer&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.42272221620e218896f3973a3bb140e2.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

7430cf9b306e883bc318f8dcb2511d50724a7a593f910e1072ce84cf3da10d1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=Unix.Trojan.Gafgyt-6981154-0&t_u=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&t_d=AV%3A%20Unix.Trojan.Gafgyt-6981154-0&t_t=AV%3A%20Unix.Trojan.Gafgyt-6981154-0&s_o=default
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

Date: Wed, 19 Jul 2023 13:19:22 GMT
Strict-Transport-Security: max-age=300; includeSubdomains
X-Content-Type-Options: nosniff
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
Vary: Origin, Cookie
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: application/json
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 3120
X-XSS-Protection: 1; mode=block

GET
H2 200 css2
fonts.googleapis.com/ Frame AD94 11 KB
1 KB 139ms
50ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4dbc45bd7ed8caf2aeeae8de34e519d874987d5285c79b5b4a93a1d670a929c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=Unix.Trojan.Gafgyt-6981154-0&t_u=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&t_d=AV%3A%20Unix.Trojan.Gafgyt-6981154-0&t_t=AV%3A%20Unix.Trojan.Gafgyt-6981154-0&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 19 Jul 2023 13:19:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 19 Jul 2023 11:23:52 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 19 Jul 2023 13:19:22 GMT

GET
DATA 200
OK truncated
/ Frame AD94 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
c.disquscdn.com/next/embed/assets/img/ Frame AD94 13 KB
13 KB 48ms
48ms Image
image/svg+xml 2600:9000:2247:c800:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2247:c800:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

x-cache-hits: 0
date: Sat, 25 Mar 2023 15:31:57 GMT
via: 1.1 64f80ca426b5a59bdd6397ea5b2d845c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: MXP63-P2
age: 10014445
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 13079
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Fri, 17 Mar 2023 09:25:43 GMT
server: nginx
etag: "64143217-3317"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: XeNegMTZwREgX-qnvAxV0_GjNzM7jUAskEjI9GBPBYVEgqDqGlS1rQ==
expires: Sun, 24 Mar 2024 15:31:57 GMT

GET
H2 200 loader.ba7c86e8b4b6135bb668d05223f8f127.gif
c.disquscdn.com/next/embed/assets/img/ Frame AD94 3 KB
3 KB 49ms
47ms Image
image/gif 2600:9000:2247:c800:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/loader.ba7c86e8b4b6135bb668d05223f8f127.gif

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2247:c800:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

x-cache-hits: 0
date: Mon, 15 May 2023 04:11:29 GMT
via: 1.1 64f80ca426b5a59bdd6397ea5b2d845c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: MXP63-P2
age: 5648872
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 2971
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Tue, 09 May 2023 18:32:30 GMT
server: nginx
etag: "645a91be-b9b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: -yW2aSVcZ48Cvtdf3wKkjmuhfNzZanyBZ-mi-E15-QAXuJ-GP72CaA==
expires: Tue, 14 May 2024 04:11:29 GMT

GET
H2 200 email.727e30eb9b6c1e85cb010b9c8eb04c7e.svg
c.disquscdn.com/next/embed/assets/img/ Frame AD94 840 B
1 KB 49ms
48ms Image
image/svg+xml 2600:9000:2247:c800:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/email.727e30eb9b6c1e85cb010b9c8eb04c7e.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2247:c800:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

0589c5845288117448d7aa710af60618b151d78efd1a2653f89a0b57f7eb3de8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

x-cache-hits: 0
date: Mon, 14 Nov 2022 05:36:22 GMT
via: 1.1 64f80ca426b5a59bdd6397ea5b2d845c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: MXP63-P2
age: 21368580
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 840
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Fri, 11 Nov 2022 07:03:00 GMT
server: nginx
etag: "636df3a4-348"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: ifSSZ2gpmB0UNU8nTpM5iVV3Pv0wubk85CjGEZ1OLJ6ZKTXqEWudqw==
expires: Tue, 14 Nov 2023 05:36:22 GMT

GET
H2 200 privacy.8c96be6b50de1c3fab838c5f050e0be5.svg
c.disquscdn.com/next/embed/assets/img/ Frame AD94 891 B
1 KB 49ms
48ms Image
image/svg+xml 2600:9000:2247:c800:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/privacy.8c96be6b50de1c3fab838c5f050e0be5.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2247:c800:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

068753b8f09b32ad8a3283199c7252090d0076a56924df724dda72828ae31b95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

x-cache-hits: 0
date: Sat, 12 Nov 2022 02:28:02 GMT
via: 1.1 64f80ca426b5a59bdd6397ea5b2d845c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: MXP63-P2
age: 21552680
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 891
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Fri, 11 Nov 2022 07:03:00 GMT
server: nginx
etag: "636df3a4-37b"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: Eh-RL22pJmkSO5Sg4jsqnCdjWEv7_cXbI1zVofSVz90suohB0VL3vA==
expires: Sun, 12 Nov 2023 02:28:02 GMT

GET
H2 200 warning.3bc0b4bff6c268a4ceaf404014b9be42.svg
c.disquscdn.com/next/embed/assets/img/ Frame AD94 605 B
1 KB 50ms
49ms Image
image/svg+xml 2600:9000:2247:c800:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/warning.3bc0b4bff6c268a4ceaf404014b9be42.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2247:c800:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

a657bedd3bc0c106f7cfa5fe6556a0b7e175870d33bd7da9ef67ffcffbafda69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

x-cache-hits: 0
date: Sun, 04 Dec 2022 10:05:42 GMT
via: 1.1 64f80ca426b5a59bdd6397ea5b2d845c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: MXP63-P2
age: 19624420
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 605
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Thu, 01 Dec 2022 19:00:29 GMT
server: nginx
etag: "6388f9cd-25d"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: R9Xi4D2REyl16jKJSxN4x6A12aB6bSR7ma_sp_McjTrZjoWgJq1Vmg==
expires: Mon, 04 Dec 2023 10:05:42 GMT

GET
H2 200 sprite.ad630a07080a45451f139a7487853ff8.png
c.disquscdn.com/next/embed/assets/img/ Frame AD94 2 KB
2 KB 50ms
49ms Image
image/png 2600:9000:2247:c800:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/sprite.ad630a07080a45451f139a7487853ff8.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2247:c800:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

x-cache-hits: 0
date: Tue, 20 Sep 2022 11:48:31 GMT
via: 1.1 64f80ca426b5a59bdd6397ea5b2d845c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: MXP63-P2
age: 26098251
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 1763
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Fri, 16 Sep 2022 08:34:41 GMT
server: nginx
etag: "63243521-6e3"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 4ASRN4Y4S975c3-nCyC9_cRBgjLWJRvMGJ3t45vMRJYpl-4dIanSvQ==
expires: Wed, 20 Sep 2023 11:48:31 GMT

GET
H2 200 icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2
c.disquscdn.com/next/embed/assets/font/ Frame AD94 8 KB
8 KB 52ms
51ms Font
application/octet-stream 2600:9000:2247:c800:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/assets/font/icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2247:c800:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

x-cache-hits: 0
date: Sun, 28 Aug 2022 00:45:29 GMT
via: 1.1 ea387b850914681ced817b614bc2da7c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: MXP63-P2
age: 28125233
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 7900
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Fri, 26 Aug 2022 22:07:42 GMT
server: nginx
etag: "6309442e-1edc"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: XGVQvxZ2nSrtucPLFuMh9nZ1irO_p-VcWnzx_FI5ACShAlJL57a8GA==
expires: Mon, 28 Aug 2023 00:45:29 GMT

GET
H2 200 alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js Show response
c.disquscdn.com/next/embed/ 78 KB
27 KB 50ms
49ms Script
application/javascript 2600:9000:2247:c800:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js

Requested by

Host: threatminer.disqus.com
URL: https://threatminer.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2247:c800:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

9efb3d5e1b082a66bd94908b42afb4cf6fe0e8eb8f50b8d2a18f6a5da03e6a18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 21 Apr 2023 00:18:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 64f80ca426b5a59bdd6397ea5b2d845c.cloudfront.net (CloudFront)
x-amz-cf-pop: MXP63-P2
age: 7736428
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 26578
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Tue, 18 Apr 2023 23:42:29 GMT
server: nginx
etag: "643f2ae5-67d2"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: YoQbBMoiig4AHYfg356ECxpwfZ0Jq308Xb2L4ga5I5NSKh0A_ALK3Q==
expires: Sat, 20 Apr 2024 00:18:54 GMT

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ Frame AD94 43 B
339 B 133ms
133ms Image
image/gif 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?abe=0&embed_hidden=0&load_time=245&event=init_embed&thread=7906359269&forum=threatminer&forum_id=5993718&imp=91s31u9as3k28&thread_slug=av_puapresenoker8f608_cloud&user_type=anon&referrer=https%3A%2F%2Fwww.threatminer.org%2F&theme=next&dnt=0&tracking_enabled=0&experiment=prebidbidisrequired&variant=active&service=dynamic&promoted_enabled=true&max_enabled=true

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=Unix.Trojan.Gafgyt-6981154-0&t_u=https%3A%2F%2Fwww.threatminer.org%2Fav.php%3Fq%3DUnix.Trojan.Gafgyt-6981154-0&t_d=AV%3A%20Unix.Trojan.Gafgyt-6981154-0&t_t=AV%3A%20Unix.Trojan.Gafgyt-6981154-0&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

Date: Wed, 19 Jul 2023 13:19:22 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

GET
H2 200 pixel.gif
cdn.viglink.com/images/ 43 B
397 B 199ms
41ms Image
image/gif 99.84.88.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.viglink.com/images/pixel.gif?ch=1&rn=0.36523569640677134
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.88.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-88-83.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:22 GMT
via: 1.1 a8d866886b5d25a5cfcb0df362279f88.cloudfront.net (CloudFront)
last-modified: Tue, 10 Feb 2015 03:29:39 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-C1
age: 4
etag: "221d8352905f2c38b3cb2bd191d630b0"
x-cache: Hit from cloudfront
content-type: image/gif
cache-control: max-age=15, must-revalidate
accept-ranges: bytes
content-length: 43
x-amz-cf-id: -U4oWXv1L10yqkFzAaTYy8qnMqXfCU2ThRlm8Yw3kKRL9cU4Irzm-A==

GET
H2 200 pixel.gif
cdn.viglink.com/images/ 43 B
396 B 199ms
40ms Image
image/gif 99.84.88.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.viglink.com/images/pixel.gif?ch=2&rn=0.36523569640677134
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/av.php?q=Unix.Trojan.Gafgyt-6981154-0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.88.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-88-83.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:22 GMT
via: 1.1 a8d866886b5d25a5cfcb0df362279f88.cloudfront.net (CloudFront)
last-modified: Tue, 10 Feb 2015 03:29:39 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-C1
age: 4
etag: "221d8352905f2c38b3cb2bd191d630b0"
x-cache: Hit from cloudfront
content-type: image/gif
cache-control: max-age=15, must-revalidate
accept-ranges: bytes
content-length: 43
x-amz-cf-id: r03lfY6CcntiG4zSTDXW2PnWU-eqi5Jn0x2eN4UwN0LrS7B2id_CTw==

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame AD94 15 KB
16 KB 162ms
42ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Sat, 15 Jul 2023 17:04:15 GMT
x-content-type-options: nosniff
age: 332107
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 14 Jul 2024 17:04:15 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame AD94 15 KB
15 KB 169ms
51ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Sat, 15 Jul 2023 03:30:27 GMT
x-content-type-options: nosniff
age: 380935
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 14 Jul 2024 03:30:27 GMT

GET
H2 200 KFOkCnqEu92Fr1Mu51xIIzI.woff2
fonts.gstatic.com/s/roboto/v30/ Frame AD94 17 KB
17 KB 213ms
98ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 15:43:49 GMT
x-content-type-options: nosniff
age: 596133
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17368
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 11 Jul 2024 15:43:49 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame AD94 16 KB
16 KB 196ms
85ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Sat, 15 Jul 2023 01:50:32 GMT
x-content-type-options: nosniff
age: 386930
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 14 Jul 2024 01:50:32 GMT

GET
H2 200 KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2
fonts.gstatic.com/s/roboto/v30/ Frame AD94 17 KB
17 KB 220ms
111ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6be97ca17228a69c406231d89c003194c3dfba7401eaa9fe9e9ed0ef1c18dc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Sat, 15 Jul 2023 16:54:27 GMT
x-content-type-options: nosniff
age: 332695
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17032
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 14 Jul 2024 16:54:27 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
12 KB 171ms
90ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230717&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c65f8142ad5df29120e2fe563037ac126aa7233999cb66910104287e07acfa59

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11852
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 157ms
67ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 19 Jul 2023 13:19:22 GMT

POST
H/1.1 200
OK ping Show response
links.services.disqus.com/api/ 316 B
753 B 153ms
70ms XHR
text/javascript 199.232.196.64
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://links.services.disqus.com/api/ping
Requested by: Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.196.64 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: c8ee2eaec66289add6f131e2f825a8a4fc220f128fbea7608f0d6eacc3905019

Request headers

Referer: https://www.threatminer.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Wed, 19 Jul 2023 13:19:23 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://www.threatminer.org
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 316
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 4669 13 KB
5 KB 41ms
39ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 4018
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 19 Jul 2023 12:12:25 GMT
expires: Thu, 18 Jul 2024 12:12:25 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame B6A4 783 B
534 B 51ms
50ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8f119fbcba7b70d32f5409a1516a9e258eaad5c68d4b3f9dd44a32dce7d08456

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-UJuVFPmvwsz32bA15ZbusQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.threatminer.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-UJuVFPmvwsz32bA15ZbusQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 19 Jul 2023 13:19:23 GMT
expires: Wed, 19 Jul 2023 13:19:23 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 z4IayZfX88ZX2_EYt94GdYIPN7RJq1GGqWNWESymoNs.js Show response
pagead2.googlesyndication.com/bg/ Frame 4669 37 KB
14 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/z4IayZfX88ZX2_EYt94GdYIPN7RJq1GGqWNWESymoNs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf821ac997d7f3c657dbf118b7de0675820f37b449ab5186a96356112ca6a0db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 12:07:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4301
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14789
x-xss-protection: 0
last-modified: Mon, 03 Jul 2023 10:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 18 Jul 2024 12:07:42 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame B6A4 0
0 74ms
73ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230717&jk=4108000658783393&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

GET
H/1.1 403
Forbidden sync.gif
links.services.disqus.com/api/ 0
0 70ms
70ms Image
text/html 199.232.196.64
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://links.services.disqus.com/api/sync.gif?key=cfdfcf52dffd0a702a61bad27507376d
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.196.64 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

POST
H/1.1 200
OK domains Show response
links.services.disqus.com/api/ 58 B
494 B 148ms
66ms XHR
text/javascript 199.232.196.64
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://links.services.disqus.com/api/domains
Requested by: Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.196.64 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: c9ab1a5bb00588804954e55d28968ffc55ad603808bc7596f45f84552252d7e5

Request headers

Referer: https://www.threatminer.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Wed, 19 Jul 2023 13:19:23 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://www.threatminer.org
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 58
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 4669 0
10 B 39ms
39ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?Ef0aCA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 13:19:23 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 81ms
80ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230717&jk=4108000658783393&bg=!j4yljNjNAAa3SiIRl0o7ADkAdvg8WgPOWWKUf-d735sAGZYIqimqUdh05jOspIS4TGOQe1lPNYqOJiEadh53EPoYiB65rM9njY4CAAAAR1IAAAALaAEHmQKso5r2mnp34n0_f1NxBMBv7AXky_l2pP3sOkCW4g5rXi_rfBGcm5lIjVI9l7Myu1TjQkF36BXwf8cpyrmTS8ViwaOr020umauTMWsz2ipLRafiR1ecqVS_ZPTv5IVYVb2Ne9viXXKjvDUikXgfveB07SmOnm9ugb_kSedA7Kh8bZTeVPKZ51tDYjB62R0YhPUTfYb1Zwhr7IKLrhKqopJTx7MvCI45FBegpSIMlwIQrjWXlft4cbTVVQVKcQDBp_tfFzzCRyMj0icfrzC1-DWqe7zEOO3JTPImWRkEaWwA6KPMBoJTSbP2SRm7362ej4gX9X9B8dtdjd7emX6JtULqwgvNYdWVvO1D2Y_Tuf57WtfGHY_8ct3fzhk-6-vP2ngq4-gRy-lbri3gLcik7EtiNiK-da8Gt3G7Aa2asdvrPBXrDmf4odgm88Sb3pbLpRS6wduj4zx7QP_uH7fc3Ly-kDb58LLLBWfvYLKz7Ugyw81pI-OR4XFks9sl3QXbWt3n61rOnZsFoya9c54_9yYEAGrJXrzqP9yAsYmadS7qVs1_ZSABn82yYN6F6CLbZRWSnTGmBNDv1rl_ReUIWGBnGHAPi0_4weaEwWw72JjqroWSgXYxxyDRubQ_VDq-XgD49CpSHmt4JmD26k4wBjY_bm3UARpSJ2XWMl3M6Q5Ox8qyAiMz0xM7TKCu5KZSYlRaUYw7K8lOtC6E1oi-5V9i3r7bBQ5sZMjHUEmgDCwcLGmEHv5X_YxMJmK6z7y9ZjvrSbRi7k1yYysr314Lmf1UaGCExKXNClODEDV0kI_FktCKYMnABhGdi6auzK-htLFh5rJd2L0IImN_-dEkprm8uYcTU3QdXMI2QR2YvjDw1jYDfIm7uFkCOqntwp_-XqzY8XnXTJhyVJYeUspJ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

125 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.threatminer.org/	1969-12-31 23:59:59	Name: PHPSESSID Value: 7j9bmv9ut5gq7i9sv03o4ksfh4
.threatminer.org/	1970-01-20 22:58:52	Name: _ga Value: GA1.2.1257480026.1689772761
.threatminer.org/	1970-01-20 13:24:19	Name: _gid Value: GA1.2.1696209019.1689772761
.threatminer.org/	1970-01-20 13:22:52	Name: _gat Value: 1
www.threatminer.org/	1969-12-31 23:59:59	Name: logglytrackingsession Value: d86763f3-cc9f-451d-8d52-4e58ba8e4c7c
.infolinks.com/	1970-01-20 22:58:52	Name: cuid Value: 59274978-c444-4462-ab13-6c2d0d5d2046
.threatminer.org/	1970-01-20 22:44:28	Name: __gads Value: ID=8a98fffb6dcb89cc-220d86fbb0e70047:T=1689772761:RT=1689772761:S=ALNI_MYFShHAxILEQ2Ps9o-h9qk0xuQZ9w
.threatminer.org/	1970-01-20 22:44:28	Name: __gpi Value: UID=00000c400a74cd18:T=1689772761:RT=1689772761:S=ALNI_MZmRet7q7-oN7LHzLqxX0elOIrSDQ
.doubleclick.net/	1970-01-20 13:22:53	Name: test_cookie Value: CheckForPermission
.threatminer.org/	1970-01-20 22:44:28	Name: __gsas Value: ID=bf8e2556c4d75926:T=1689772761:RT=1689772761:S=ALNI_MYf6tgajjrBtCWsojrVAMQ7HhhJ9g

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://threatminer.disqus.com/embed.js(Line 46) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
other	warning	URL: https://cse.google.com/adsense/search/async-ads.js(Line 213) Message: Unrecognized feature: 'attribution-reporting'.
network	error	URL: https://links.services.disqus.com/api/sync.gif?key=cfdfcf52dffd0a702a61bad27507376d Message: Failed to load resource: the server responded with a status of 403 (Forbidden)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
c.disquscdn.com
cdn.taboola.com
cdn.viglink.com
clients1.google.com
cse.google.com
csp.withgoogle.com
disqus.com
encrypted-tbn2.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
i.creativecommons.org
imasdk.googleapis.com
licensebuttons.net
links.services.disqus.com
pagead2.googlesyndication.com
partner.googleadservices.com
platform.twitter.com
referrer.disqus.com
resources.infolinks.com
router.infolinks.com
rt3056.infolinks.com
syndication.twitter.com
tempest.services.disqus.com
threatminer.disqus.com
threatminer.org
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.threatminer.org
104.244.42.200
146.75.120.157
151.101.0.134
151.101.65.44
172.66.41.9
199.232.192.64
199.232.196.134
199.232.196.64
2600:9000:2247:c800:6:8656:f5c0:93a1
2606:4700:10::6814:9710
2606:4700:10::ac43:73f
2606:4700:20::681a:feb
2606:4700:20::ac43:4b5e
2a00:1450:4001:806::2003
2a00:1450:4001:806::200e
2a00:1450:4001:80e::200e
2a00:1450:4001:811::200e
2a00:1450:4001:812::2002
2a00:1450:4001:813::200a
2a00:1450:4001:827::2002
2a00:1450:4001:829::2011
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2004
2a00:1450:4001:82b::2001
2a00:1450:4001:830::2002
2a00:1450:4001:830::200a
2a00:1450:4001:831::200e
99.84.88.83
0589c5845288117448d7aa710af60618b151d78efd1a2653f89a0b57f7eb3de8
05edf556a96b06684f231b196cc0dbbb27f255de7cf1e4a3768fa8726faf16a2
068753b8f09b32ad8a3283199c7252090d0076a56924df724dda72828ae31b95
07a081c6a38ab09a0163aecaaf77713ffae6e09d06ba1a112efef22e01857ddc
0fb1bbca73646e8e2b93c82e8d8b219647b13d4b440c48e338290b9a685b8de1
18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1
1c0486acafe63a074adbd08ecc9cad99ee106f3701e2b93c2a75533774f7faba
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
2094344b2bff06c92b1adf03e3bdb9506632a5511909448629f64d1b2bc0e004
2793a2480ec92bb88b69925fb42235bf9e2c074c69f4741e494b6ff2665e38a4
2adcd0a627dee2ac4ab782a00745d7678e374dc4625ddf673a88121977d77c67
2f24cb15ea263b26e180f6d5044c8c40ae720d3ce8905c8e37e88acc8bd32577
302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4
305281f47a6ff37fbaca0cc5edb707c8d6d1b7896cef8f1cc695e2e4ceb60e06
309fa599da76e04a59fd72164b7fc549770908d422c2210ac1eb62eaeb677cd5
3213448f16d6a360d0e39ee82c9307e22a5d3cc28a4c753a69defea70a730572
3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4
329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd
377dcba0ba5794ca4856fc650b5ce17cd30c62787b1a784f2247a7b86d95bec8
392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b
39cc3c3de5c489939b8bfb390951631fea0e8c2e321a97aa28c1c10f099b3811
3ab0a74bbd399efdf7c9c9bffb689f0a755fc7131d5af04c8393d45f5163a69b
4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf
417412fab0fb1f36d3771b208b38a4342dcef4f9c2fdd9287d7bd7e51d63bd74
45b3ffadbc785de6091fa798527891eb7264e4d115e3c1a37acb60e3d70d4966
4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c
4dbc45bd7ed8caf2aeeae8de34e519d874987d5285c79b5b4a93a1d670a929c4
50d6e541020cbfdddf888aa2c42ad1c8d2296f9045709983354441032e2eb55d
52a3a3da0b9315d0761e96afd11f6ace725b86dcce0cd40b35eecfe36d936527
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
562354aa8914725cf4375fda72b5407fc8a456380de570089dcfd801ea769a8c
58890ddb51ddfea690b70cd9bf63746fdf7cc565b2a3bc122557c92d3333702b
5ee9e63e519096342d5899e32f1a38b4880ffba6b2aff64178b955a3b7f3a80d
5f442f7519fdee6add4385844cb3b1b6c7aeb6c5e0f9dadc38bf3d0af482c0fc
60adb5d029ec8a5d4613d7d57ff8a799c43caae1d1d1c2e5c230d65850fd5273
61779c74768b5eb298860ceb7d7cf06f2b228fdc53df72b530490a792a5b8a59
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6528ecf4e47a3ee53caea545f0a8ecd5cc7bddbd7712c11710f7bbe622a00e3d
653f3e53e89b4f8548ff86c19e92bb3c6b84b6be7485a320b1e00893ed877479
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
697c41fffac431521f2db48c7426ac23b972b6eb7b1242f0bb47d6079884d3a4
6be97ca17228a69c406231d89c003194c3dfba7401eaa9fe9e9ed0ef1c18dc38
713a5085778002ac882de664c065bc7a55a26c6091d12c39a038bac7b70dcf45
729cfa84928e7a87a4a4551df25c1406da86af8f0ebd2f579460546d11722326
7430cf9b306e883bc318f8dcb2511d50724a7a593f910e1072ce84cf3da10d1d
7a4a63c52bdfab0ab459b1b77dad4a4ce4e1f7dfdfdba0b2013ba32f0690e15f
7ccaf896a943bdeb36d41b39bbf98d23dfe1c9a8ae55a6dacdadb2638dbebb8d
7cccd8f78bd73c79f1281052eb4c9bdf6f38386fca206da9954fdf24ab0784af
8032a22ce0e3929967e88df85bb84d8c9c078bb0b77dd5a816fcc9aad42364d7
803dcec8faa3dfb09ba59e5be4990cba8eb3cb0ecf1cb3a59c96ce845faaba1d
83f2c698d09877c3f874d6680d5ab35ad9b9194b6613eee5f7a35870080719ea
85a175f70176da02c9ef722af61cf3e8345d9237ac738c7bc538010d8548ad37
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8aeaf60f6f34ced8ed9c83b249bdfc8544cc8f318294074898e6ced1d04e678c
8ce1bc0b1ba248c51b4442ecb2d3f258d8dcc365257e48a39ed8978577e14f81
8f119fbcba7b70d32f5409a1516a9e258eaad5c68d4b3f9dd44a32dce7d08456
8f412d0482441d69a8e0691c39080ea424c7596bdd01c0aa864ef999ac762e3c
8f4d3b47b47a8a31163dad5d7fb15e27a0056d07b0c34c6089fd9225664e847c
9013a9ca40a672ee35978b117e54d8b342cb591e8951f599a2b6dfef9d9fa723
90d56a5eb6932b185ca77cbbeed7dcd257c62b97cfb2b09e721e250d72c6c1e5
934abde684325043e16edeffd73752cd5f0ab00b5723d8e47a618ce3f16a3799
94441dd203830058a19eb0892915df9cbe91edfb3673bc1c6b4512f4c7edc39f
9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3
97faf872f051e026ad60fe49411ea63058763bb7f1b3f83db644a19bbcdc05cd
98a90b3404e5a519e77db07b5486ca2322abfd901a694ca713de7c29fa026908
9926a0d226b45faff8db829a1c445f33efa6522e213fafed1000365d5abf73df
9e587630d89abf4b627c8d41622b6b4e5585b6d74131d57bbc60caf81a75c453
9efb3d5e1b082a66bd94908b42afb4cf6fe0e8eb8f50b8d2a18f6a5da03e6a18
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5b37032efedf9b583cf3300674381f3cea172655df6be23f0ae1c4df8bcb665
a657bedd3bc0c106f7cfa5fe6556a0b7e175870d33bd7da9ef67ffcffbafda69
a905062b971bfb70ba70dda1a454d9cb7f7389be7ff515f6eb9009c8e697a34b
ab8a3637b0bea5bf31a60ecf6a82f92ee5e06f3eeb89282350962337f91c3009
ac74cddb007ace18442f5111c4c23125de6031dca42bcead5ea5bfb12d2ca332
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae05b8f9cd0f5597f74764396a6e173dccbea0204340a1dc1ce1a5faf1277612
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b2bdac211f43fbee9eeb4d50f8755206599f76296cd15316a97c9d2cb2050d2f
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bd18e405cbfb6fb5c27224b38e792c8b6542d9b7eae37aa5883808b69392dcef
c10245ca307437013c8da4c628999d2a4e4ba8e69e40520ca3c6f1994309abd5
c65f8142ad5df29120e2fe563037ac126aa7233999cb66910104287e07acfa59
c692f0d15d92d902c12d745947ba1f892a76bbf3f74c6f3a9f590afd0653ee04
c7d55fb721c0a1bb591d30b6e06f7781fbd13ab200a8aef0fa8df62e455bc0b1
c8d475d4ea6eaec2d17973e4640370bca1b4a7cc46e11410ab61939fe65971bf
c8ee2eaec66289add6f131e2f825a8a4fc220f128fbea7608f0d6eacc3905019
c965aefdb4c6acf10f46758dc1601a64d811dcf3a378bf9e90278916aa47508f
c9ab1a5bb00588804954e55d28968ffc55ad603808bc7596f45f84552252d7e5
ca5acd80a6f9a5f18d88e9ebb74ff3bc5b228812a301eb1823e282d3bc1dbb63
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf821ac997d7f3c657dbf118b7de0675820f37b449ab5186a96356112ca6a0db
cf919e6fbfbf62a4f8cfaab4cf5c5f80e7c10be2bc9f7e4c70142175c0b49b4f
d23fd6a13b657ba55789f4a8b098f72d86e253917a83af15a2e4e6ed23a9e5c9
d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8
d64c2d3836446d44b0a544580f03249825afbc4a0f307d80b811a2538442be91
daad09180ffa835d33653fd242f2079af5795d651427c455576ec33416c965bc
db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9
dcbc371cb3b9c8128cf9842b76da8326b8fc7a17c44b9aa46f8eaea8a71ee31e
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
dde853047ad3cfbce38982bb7c48f80d22d56b89409b68370260aea21f20b176
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e0dc574fb2b266dba913861d60b0c69d1e41f0fd095a3341a45f26401cd8b6b3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e54075663ec8863df362b138878f27ee15c1462cad9f23021b6ba9a9c63389ae
e725928ffb665a91ca8a3631e3002edba9b0f9ec66b40a59d53db0f44827e34e
ecee1d502f45731162f99f4d6aa07c0315a26a8382c1b1bc3c9958ab3ff04000
ed99491fe47b5733d1ad2fbf90f5d9066d049a530d1b92ebe47be5e0c527a32e
eefd62bfe6d0ad2f3f2b7bddb8f2c46d7c8b6ed4897e3f9309968a58dc078753
f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5
f26ab9ab7a00b45f0cf4debcb2b30141557cb8dc28094a09c3dcc9911fdd8b0e
f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5
f36da6cfcbe8d6c46708e3b953d055efeff1016eb55e7c13848f52c52162e457
f43d4d35e7ac1e815dc0c8897806e30d928ee62e1aa6ac20f49c649f8b694004
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
fac55d188233bffb66023997fcdf69c38df2f62ee4654ad62c61a85b6e81d705

www.threatminer.org Open in urlscan Pro 2606:4700:20::681a:feb Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

132 Requests

99 %HTTPS

68 %IPv6

17 Domains

31 Subdomains

27 IPs

2 Countries

3308 kBTransfer

9836 kBSize

10 Cookies

15 Outgoing links

Page URL History

Redirected requests

132 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

www.threatminer.org Open in urlscan Pro
2606:4700:20::681a:feb Public Scan

Screenshot
Live screenshot

Full Image

132
Requests

99 %
HTTPS

68 %
IPv6

17
Domains

31
Subdomains

27
IPs

2
Countries

3308 kB
Transfer

9836 kB
Size

10
Cookies

132 HTTP transactions
1 data transactions