malware.news Open in urlscan Pro
2606:4700:20::681a:769 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085
Submission: On November 05 via api (November 5th 2024, 7:20:38 am UTC) from IN — Scanned from CA

Summary HTTP 44 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 8 IPs in 1 countries across 6 domains to perform 44 HTTP transactions. The main IP is 2606:4700:20::681a:769, located in United States and belongs to CLOUDFLARENET, US. The main domain is malware.news. The Cisco Umbrella rank of the primary domain is 923402.
TLS certificate: Issued by WE1 on September 8th 2024. Valid for: 3 months.

This is the only time malware.news was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
38	2606:4700:20:... 2606:4700:20::681a:769	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4004:c19::61	15169 (GOOGLE) (GOOGLE)
1	141.193.213.20 141.193.213.20	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1	2607:f8b0:400... 2607:f8b0:4004:c08::8a	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c1d::9d	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c0b::9d	15169 (GOOGLE) (GOOGLE)
1	142.251.167.94 142.251.167.94	15169 (GOOGLE) (GOOGLE)
44	8

38 2606:4700:20::681a:769 (United States)

ASN13335 (CLOUDFLARENET, US)

malware.news	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c19::61 (Washington, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.193.213.20 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

research.checkpoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c08::8a (Washington, United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c1d::9d (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c0b::9d (Washington, United States)

ASN15169 (GOOGLE, US)

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.167.94 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: ww-in-f94.1e100.net

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
38	malware.news malware.news — Cisco Umbrella Rank: 923402	2 MB
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 136 td.doubleclick.net — Cisco Umbrella Rank: 192	552 B
1	google.ca www.google.ca — Cisco Umbrella Rank: 12143	63 B
1	google.com analytics.google.com — Cisco Umbrella Rank: 147
1	checkpoint.com research.checkpoint.com	23 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	94 KB
44	6

	Domain	Requested by
38	malware.news	malware.news
1	www.google.ca	malware.news
1	td.doubleclick.net	www.googletagmanager.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	analytics.google.com	www.googletagmanager.com
1	research.checkpoint.com	malware.news
1	www.googletagmanager.com	malware.news
44	7

This site contains links to these domains. Also see Links.

Domain
www.zscaler.com
github.com
www.seqrite.com
research.checkpoint.com
discourse.org

Subject Issuer	Validity	Valid
malware.news WE1	`2024-09-08` - `2024-12-07`	3 months	crt.sh
*.google-analytics.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
research.checkpoint.com WE1	`2024-11-02` - `2025-01-31`	3 months	crt.sh
*.google.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.doubleclick.net WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.google.ca WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085
Frame ID: 7CDD66AB77A21DEAE2C2F997C8B512F9
Requests: 46 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-SVDG4GL741&gacid=444145552.1730791224&gtm=45je4au0v9121104881za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101823848~101878899~101878944~101925629&z=1424062311
Frame ID: 5BAEA35B995AFACFDDDF8E78E7B22135
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cloudy With a Chance of RATs: Unveiling APT36 and the Evolution of ElizaRAT - Malware Analysis - Malware Analysis, News and Indicators

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

44
Requests

100 %
HTTPS

71 %
IPv6

6
Domains

7
Subdomains

8
IPs

1
Countries

2409 kB
Transfer

14913 kB
Size

3
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.zscaler.com/blogs/security-research/peek-apt36-s-updated-arsenal
Title: disclosed

Search URL Search Domain Scan URL

URL: https://github.com/Fody/Costura
Title: Costura

Search URL Search Domain Scan URL

URL: https://www.seqrite.com/blog/umbrella-of-pakistani-threats-converging-tactics-of-cyber-operations-targeting-india/
Title: Linux

Search URL Search Domain Scan URL

URL: https://research.checkpoint.com/2024/the-evolution-of-transparent-tribes-new-malware/
Title: Cloudy With a Chance of RATs: Unveiling APT36 and the Evolution of ElizaRAT 8

Search URL Search Domain Scan URL

URL: https://research.checkpoint.com/
Title: Check Point Research

Search URL Search Domain Scan URL

URL: https://discourse.org/powered-by
Title: Powered by Discourse

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

44 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 88085 Show response
malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/ 172 KB
34 KB 388ms
47ms Document
text/html 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e78679bb5ecd13c511a395ddab535f058d52e460c8593a137d8da23e04a97b46

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-afYmdDKx82IzzO1gtyCKe7rMA' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 8ddb14af9dbda288-YUL
content-encoding: br
content-security-policy: upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-afYmdDKx82IzzO1gtyCKe7rMA' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self'
content-security-policy-report-only: upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-afYmdDKx82IzzO1gtyCKe7rMA' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self'
content-type: text/html; charset=utf-8
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 05 Nov 2024 07:20:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pl01Ud7ZNGPwqINF7v5j%2BuNniXVdb0JCEdpixKBuqhWspNWd46lx8%2FqkWwY%2B1%2BqJ2aHH1D94xtXMv1810Fl%2BF7OX%2F%2B1ISTgz9EOrkO4JQ1B0ye9PPKBargQN5EzCTvlADBxEkyrhbJ6nMw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=TCP&rtt=16805&sent=8&recv=13&lost=0&retrans=0&sent_bytes=4032&recv_bytes=2372&delivery_rate=230032&cwnd=254&unsent_bytes=0&cid=581123e050585840&ts=306&x=0"
vary: Accept-Encoding Accept
x-content-type-options: nosniff
x-discourse-cached: true
x-discourse-route: topics/show
x-discourse-trackview: 1
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-request-id: cf991367-4c00-4dd3-9dad-6917a2eea8ce
x-runtime: 0.002396
x-xss-protection: 0

GET
H2 200 start-discourse-c524a8995f2f0cbcea43353efe8e8f269da821ea97c21ef0f04df5fcd916170a.js Show response
malware.news/assets/ 567 B
692 B 49ms
44ms Script
application/javascript 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/start-discourse-c524a8995f2f0cbcea43353efe8e8f269da821ea97c21ef0f04df5fcd916170a.js
Requested by: Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c524a8995f2f0cbcea43353efe8e8f269da821ea97c21ef0f04df5fcd916170a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: HIT
age: 3595702
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U0QrqFFdCuLdrVT%2FtZ2WSPOZmU3%2BQnyF7yrVbTLPZ6CLcqmQTcbz59zbMzqBhUl1QzfWCMly%2F9F90gLV6fwBy1r59gS0cLVyZYH0ex2S88nCxGTafncR%2FXVFqG6q78dmOTZDobJCsxfHdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ddb14b01df5a288-YUL
expires: Sat, 13 Sep 2025 23:56:52 GMT
server-timing: cfL4;desc="?proto=TCP&rtt=21507&sent=111&recv=56&lost=0&retrans=0&sent_bytes=103530&recv_bytes=3665&delivery_rate=2245837&cwnd=257&unsent_bytes=32425&cid=581123e050585840&ts=366&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-type: application/javascript
last-modified: Sun, 19 May 2024 17:35:46 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 browser-update-9070f07226d022f68c06506e046ae33f8fe725302ff53955cd3d483f2fc47ff6.js Show response
malware.news/assets/ 2 KB
1 KB 51ms
47ms Script
application/javascript 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/browser-update-9070f07226d022f68c06506e046ae33f8fe725302ff53955cd3d483f2fc47ff6.js
Requested by: Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9070f07226d022f68c06506e046ae33f8fe725302ff53955cd3d483f2fc47ff6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: HIT
age: 3595702
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cd1RDKlBXbSussgXrqYXSp2zatA8wSy%2B6d2VvcLKdrwCwV7jzBQyKfjqmNqj9PdLXB0Wtv9DMeoYwgbsdGpJLauhkPtOhJ7ZDnEEox6vzwPjMdeqTDIr1G%2F9BNPJqGHM%2F0V7yjRlRR4HlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ddb14b01df6a288-YUL
expires: Sun, 09 Mar 2025 04:07:38 GMT
server-timing: cfL4;desc="?proto=TCP&rtt=21507&sent=111&recv=56&lost=0&retrans=0&sent_bytes=103530&recv_bytes=3665&delivery_rate=2245837&cwnd=257&unsent_bytes=32425&cid=581123e050585840&ts=366&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-type: application/javascript
last-modified: Sat, 09 Mar 2024 04:04:58 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 browser-detect-99f42f91bffa8ca1606d62b70bb92f981d83921e78ccdbd3d9538f07007f27ac.js Show response
malware.news/assets/ 497 B
849 B 27ms
26ms Script
application/javascript 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/browser-detect-99f42f91bffa8ca1606d62b70bb92f981d83921e78ccdbd3d9538f07007f27ac.js
Requested by: Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 99f42f91bffa8ca1606d62b70bb92f981d83921e78ccdbd3d9538f07007f27ac

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: HIT
age: 3595701
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5b5Wjq11ycH8XE46VL5Ii7H3A0iEWaEtR4aywf4cL0jLySXKVc8AYQrZLBkVsZ73g8Mmzih4bKmxXQr6ghcdq3OALiqtd84NuL9HBSnp8va6Sj7Jss0va2V2qsG9VaGuDJ%2FB7sK7B1wMtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ddb14b09e26a288-YUL
expires: Sat, 20 Sep 2025 03:22:12 GMT
server-timing: cfL4;desc="?proto=TCP&rtt=17620&sent=170&recv=133&lost=0&retrans=0&sent_bytes=169230&recv_bytes=5349&delivery_rate=4182214&cwnd=274&unsent_bytes=0&cid=581123e050585840&ts=447&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-type: application/javascript
last-modified: Sun, 19 May 2024 17:35:46 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 vendor.ff29780b9fed784cce2d843dcb93a803-608f4f77d8437d715d8d39c739c0c8bbe0fe51c9305e55f1ec7d0bee19f5571f.js Show response
malware.news/assets/ 438 KB
123 KB 44ms
36ms Script
application/javascript 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/vendor.ff29780b9fed784cce2d843dcb93a803-608f4f77d8437d715d8d39c739c0c8bbe0fe51c9305e55f1ec7d0bee19f5571f.js
Requested by: Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 608f4f77d8437d715d8d39c739c0c8bbe0fe51c9305e55f1ec7d0bee19f5571f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: HIT
age: 3595701
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b2oLDhio%2BoqxbIYk3llT1NdvDTEkXIubgWMkQ%2BGg5vEL2C66aqdqUzdpp8SzEZ2FZCVdj0vxv3dhwjbNq5pU2Yxra5yaGUbFv7z9WWm%2BLcAi0nhP9O8%2B1Iw5w6SESzsy5t8GeHEO3uHS2A%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ddb14b0ae2aa288-YUL
expires: Mon, 19 May 2025 17:21:44 GMT
server-timing: cfL4;desc="?proto=TCP&rtt=17599&sent=245&recv=141&lost=0&retrans=0&sent_bytes=237420&recv_bytes=6165&delivery_rate=4182214&cwnd=274&unsent_bytes=0&cid=581123e050585840&ts=466&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-type: application/javascript
last-modified: Sun, 19 May 2024 17:17:10 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 chunk.6d6a6a17194d67289ef4.d41d8cd9.js Show response
malware.news/assets/ 12 MB
2 MB 61ms
53ms Script
application/javascript 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/chunk.6d6a6a17194d67289ef4.d41d8cd9.js
Requested by: Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5566fc85873915364c34914ef9efda42cca8e77faad713da08a9d3d8e8677943

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jFwjo1mdu%2BfylQvUIy%2BYCuyA6qC2rEgvzCPEbIj2mItjj4CjYKdYsF8oyyRZ7nPR9Rwm8IgsnvbRJGH%2BxEQR8XNj3QnIjHMeT7lyvLdKZ6EKG1HISsd41ltjeVuUZMiI3O7ThXVtexaq2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ddb14b0ae2ba288-YUL
expires: Wed, 05 Nov 2025 07:15:51 GMT
server-timing: cfL4;desc="?proto=TCP&rtt=16909&sent=352&recv=184&lost=0&retrans=0&sent_bytes=370710&recv_bytes=6165&delivery_rate=4182214&cwnd=274&unsent_bytes=0&cid=581123e050585840&ts=479&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-type: application/javascript
last-modified: Sun, 19 May 2024 17:35:11 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 chunk.d43472f435e6bfab8439.d41d8cd9.js Show response
malware.news/assets/ 305 KB
21 KB 40ms
32ms Script
application/javascript 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/chunk.d43472f435e6bfab8439.d41d8cd9.js
Requested by: Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b5ddfb3a605aeed9ff478a225e8062861424d523836d7256e2b75489bf20cdf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: HIT
age: 1119649
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MWPXBqtCPCr4724ooHDHSQjP4xRNZh4ggPwh4YnVVEcI7IUqCkZLW5cbZbXh%2BPE0HAVVSFfJioSlXKM6LKGi0AM1ryL5EuEs6mL2yio8%2FBIuFhcGdXa%2Fo%2BLEhaLEffXrevmyJpdB7GifFg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ddb14b0ae2ca288-YUL
expires: Mon, 19 May 2025 17:21:38 GMT
server-timing: cfL4;desc="?proto=TCP&rtt=17620&sent=215&recv=140&lost=0&retrans=0&sent_bytes=205411&recv_bytes=6165&delivery_rate=4182214&cwnd=274&unsent_bytes=31&cid=581123e050585840&ts=459&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-type: application/javascript
last-modified: Sun, 19 May 2024 17:17:01 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 checklist-55813a5bacc3c99fda0b099a80401f124870fa9b510ced078af32f8a82364461.js Show response
malware.news/assets/plugins/ 4 KB
2 KB 49ms
41ms Script
application/javascript 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/plugins/checklist-55813a5bacc3c99fda0b099a80401f124870fa9b510ced078af32f8a82364461.js
Requested by: Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55813a5bacc3c99fda0b099a80401f124870fa9b510ced078af32f8a82364461

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j0Wf3X2nyJZKK%2FDoFpU5i6ATUXtUduD5r%2FamynCWQzMvViWYS7qnxWsCAYUaj2ggagrjrEkwLhPTFh0JZgPTnuPaRkJbktMmFZmNACl0I2bX9JZcEEERjS1z248OcaqUvcoLe6up97kQmw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ddb14b0ae2da288-YUL
expires: Mon, 19 May 2025 17:21:38 GMT
server-timing: cfL4;desc="?proto=TCP&rtt=17599&sent=346&recv=141&lost=0&retrans=0&sent_bytes=364236&recv_bytes=6165&delivery_rate=4182214&cwnd=274&unsent_bytes=2472&cid=581123e050585840&ts=470&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-type: application/javascript
last-modified: Sun, 19 May 2024 17:18:01 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 discourse-details-48148ec534a4c5e9614302186b345123ba1358787c41bc31cbd17231f794fe42.js Show response
malware.news/assets/plugins/ 1 KB
1 KB 31ms
23ms Script
application/javascript 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/plugins/discourse-details-48148ec534a4c5e9614302186b345123ba1358787c41bc31cbd17231f794fe42.js
Requested by: Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 48148ec534a4c5e9614302186b345123ba1358787c41bc31cbd17231f794fe42

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: HIT
age: 3595701
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GdUMun4jemcaHVDKy2SDpjDk111iRSEundngfSx%2BHu1SD2riYB66pC0JkIUNTq3gu7z883LCIt6Q32LcGoL70WHYz9kJEzWPodxoRN5kjzZdOjGnPjpSGCrrQDVRkjmjayTc6tp4CNgEWA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ddb14b0ae2ea288-YUL
expires: Mon, 12 May 2025 06:44:11 GMT
server-timing: cfL4;desc="?proto=TCP&rtt=17620&sent=175&recv=140&lost=0&retrans=0&sent_bytes=170145&recv_bytes=6165&delivery_rate=4182214&cwnd=274&unsent_bytes=0&cid=581123e050585840&ts=456&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-type: application/javascript
last-modified: Sat, 09 Mar 2024 04:05:22 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 discourse-lazy-videos-bdf1486acc96b228a2163490640a2bdc90f5e0a1bb1949335fd1fde2ad48795c.js Show response
malware.news/assets/plugins/ 7 KB
3 KB 48ms
40ms Script
application/javascript 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/plugins/discourse-lazy-videos-bdf1486acc96b228a2163490640a2bdc90f5e0a1bb1949335fd1fde2ad48795c.js
Requested by: Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bdf1486acc96b228a2163490640a2bdc90f5e0a1bb1949335fd1fde2ad48795c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ztg2CortXQu8rCCS02rogXFxdEkaKcWcSUuGo%2Brv56oNwuzhxcLylofWO5DIJvfUybpPxSlDwVwmVxlne55xmgtm4839lKBQfIjZ2HnXT9E7gDQtMheabaG8D3v1qo7tuPRi8UMwfN3TpA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ddb14b0ae2fa288-YUL
expires: Thu, 30 Oct 2025 19:34:52 GMT
server-timing: cfL4;desc="?proto=TCP&rtt=17599&sent=345&recv=141&lost=0&retrans=0&sent_bytes=363715&recv_bytes=6165&delivery_rate=4182214&cwnd=274&unsent_bytes=0&cid=581123e050585840&ts=469&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-type: application/javascript
last-modified: Sun, 19 May 2024 17:36:18 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 discourse-local-dates-823b91992054aeb8ca1e4921c7a3ae7f9fae09ef838946f3b261ab5a6ad776ee.js Show response
malware.news/assets/plugins/ 33 KB
9 KB 33ms
27ms Script
application/javascript 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/plugins/discourse-local-dates-823b91992054aeb8ca1e4921c7a3ae7f9fae09ef838946f3b261ab5a6ad776ee.js
Requested by: Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 823b91992054aeb8ca1e4921c7a3ae7f9fae09ef838946f3b261ab5a6ad776ee

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: HIT
age: 1119649
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xt5VGXvV7dkrN0I%2B77tpeH7oZJc%2FxUgtRqc1C0%2FtkDxtgmSsJq52kgOweAwjkueWkXveMKBvG3i%2F9Sf1M0yIsZg6HKHVbnij8HOYD3zxvbB9fxwTXHE9MZbXi3NVMa0mCCPNAl3MiapaeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ddb14b0ae30a288-YUL
expires: Mon, 19 May 2025 17:21:38 GMT
server-timing: cfL4;desc="?proto=TCP&rtt=17620&sent=186&recv=140&lost=0&retrans=0&sent_bytes=175495&recv_bytes=6165&delivery_rate=4182214&cwnd=274&unsent_bytes=0&cid=581123e050585840&ts=457&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-type: application/javascript
last-modified: Sun, 19 May 2024 17:18:02 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 discourse-presence-a43bd7b3aa8d60242368b06762baf883047520450269be0bbd5491f6c14661c0.js Show response
malware.news/assets/plugins/ 11 KB
3 KB 31ms
25ms Script
application/javascript 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/plugins/discourse-presence-a43bd7b3aa8d60242368b06762baf883047520450269be0bbd5491f6c14661c0.js
Requested by: Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a43bd7b3aa8d60242368b06762baf883047520450269be0bbd5491f6c14661c0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: HIT
age: 3595701
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BNY3dLz5SsV5C9tINogvJjEt%2BLwA5EK%2FZ0O0rSaY%2FRPD4XiTEXSd%2FQTwR56BE9Oj74243rEDKFGUOkMjgilpPsXV3cymSSLZO6ZFLWb6WvP5WiamfL4zJyqwXVmqcVMqMKJ11v%2Fy1p19TA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ddb14b0ae31a288-YUL
expires: Mon, 19 May 2025 17:21:38 GMT
server-timing: cfL4;desc="?proto=TCP&rtt=17620&sent=178&recv=140&lost=0&retrans=0&sent_bytes=171326&recv_bytes=6165&delivery_rate=4182214&cwnd=274&unsent_bytes=0&cid=581123e050585840&ts=456&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-type: application/javascript
last-modified: Sun, 19 May 2024 17:18:02 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 docker_manager_admin-b355b48ea8dc5f9252a78cf0a6b7210b0493676ee421a69a425d092b98c2cc51.js Show response
malware.news/assets/plugins/ 37 KB
8 KB 36ms
30ms Script
application/javascript 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/plugins/docker_manager_admin-b355b48ea8dc5f9252a78cf0a6b7210b0493676ee421a69a425d092b98c2cc51.js
Requested by: Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b355b48ea8dc5f9252a78cf0a6b7210b0493676ee421a69a425d092b98c2cc51

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: HIT
age: 3595701
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pgHyFUbBQQ0T3D5DOsCVdzoc4y1H23WAATt%2BizWYB4JmCzFNcurRIt2m1Z1EJiyh5gt5Gwjw6a%2FDyWBGBCr%2FEYMKXHSsMhj71YYE8sF3T8pvFJgmm4iUp13e3oSvFL2Mf9HaYax3KBe7Cg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ddb14b0ae32a288-YUL
expires: Mon, 19 May 2025 17:21:38 GMT
server-timing: cfL4;desc="?proto=TCP&rtt=17620&sent=233&recv=140&lost=0&retrans=0&sent_bytes=227278&recv_bytes=6165&delivery_rate=4182214&cwnd=274&unsent_bytes=0&cid=581123e050585840&ts=459&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-type: application/javascript
last-modified: Sun, 19 May 2024 17:18:02 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 footnote-79e2a367b53b791240c3504826b87b2787c9d197d77cd422969d592aae9cf23b.js Show response
malware.news/assets/plugins/ 3 KB
2 KB 47ms
42ms Script
application/javascript 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/plugins/footnote-79e2a367b53b791240c3504826b87b2787c9d197d77cd422969d592aae9cf23b.js
Requested by: Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79e2a367b53b791240c3504826b87b2787c9d197d77cd422969d592aae9cf23b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f4%2FxruyhkOfeTvfFCPMv1rjaOAe4m9cURWhetCEdPqXX1rQhyZ7oVxM5EbEc%2F21v4J4GZQFUlY30go%2FVfg%2BUnoIh9O27%2FOtAcUi5PczEvV2VOG8zGL62vU2wqR8mbxf%2FOo6iBkhtbsCCRw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ddb14b0ae33a288-YUL
expires: Wed, 05 Nov 2025 06:22:20 GMT
server-timing: cfL4;desc="?proto=TCP&rtt=17599&sent=349&recv=141&lost=0&retrans=0&sent_bytes=367154&recv_bytes=6165&delivery_rate=4182214&cwnd=274&unsent_bytes=1837&cid=581123e050585840&ts=470&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-type: application/javascript
last-modified: Sun, 19 May 2024 17:36:19 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 footnote_extra-295b457b90cb18fedfdb544868c494c71842a27c0781d3042fa4fd26589204fa.js Show response
malware.news/assets/plugins/ 6 KB
3 KB 33ms
28ms Script
application/javascript 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/plugins/footnote_extra-295b457b90cb18fedfdb544868c494c71842a27c0781d3042fa4fd26589204fa.js
Requested by: Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d42ebdcddd972fdff22dca8398998a80ce50b0ec08915e8e8b9682a941b8651

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: HIT
age: 1119649
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KPDmFEtIDHQJppESCB66FgEqPHHTO6tmhnAeh8KIJr4UMYnM89kqqfSMJved5MIRgo%2FSHmAVXbyIIrIGquAoY75bWW4P4Nnzmmx6RqXnpfXudrsKlGmwfesNlmeAJRY4sG5N%2FpuFWuKd5g%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ddb14b0ae35a288-YUL
expires: Mon, 12 May 2025 01:37:00 GMT
server-timing: cfL4;desc="?proto=TCP&rtt=17620&sent=196&recv=140&lost=0&retrans=0&sent_bytes=185288&recv_bytes=6165&delivery_rate=4182214&cwnd=274&unsent_bytes=0&cid=581123e050585840&ts=457&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-type: application/javascript
last-modified: Sat, 09 Mar 2024 04:05:57 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 poll-ee978b42838e26d757251675c40fb0f62dff2f4081dc00fc4bb5492265f63b16.js Show response
malware.news/assets/plugins/ 62 KB
17 KB 32ms
27ms Script
application/javascript 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/plugins/poll-ee978b42838e26d757251675c40fb0f62dff2f4081dc00fc4bb5492265f63b16.js
Requested by: Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ee978b42838e26d757251675c40fb0f62dff2f4081dc00fc4bb5492265f63b16

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: HIT
age: 1119649
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JzjUvn3AtdvzsX5HHDfrC5%2Ft8OKJoaSdJ6Fb%2BOOP2BMCUiWgcJHZTZKyQkYeta00Q4%2Fxb8opfbpsBO19MSeEFcljhf0PPOisiVrsYO2n5oshSXhwnNsC1v%2FQ%2BtTp3S5fORHOX16hzX7oKw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ddb14b0ae36a288-YUL
expires: Mon, 19 May 2025 17:21:39 GMT
server-timing: cfL4;desc="?proto=TCP&rtt=17620&sent=200&recv=140&lost=0&retrans=0&sent_bytes=188105&recv_bytes=6165&delivery_rate=4182214&cwnd=274&unsent_bytes=0&cid=581123e050585840&ts=458&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-type: application/javascript
last-modified: Sun, 19 May 2024 17:18:03 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 spoiler-alert-77512c36f465902e7dbf3b8252c7cd6387edc9bf4ca804b79466212c1d1c843d.js Show response
malware.news/assets/plugins/ 3 KB
2 KB 39ms
34ms Script
application/javascript 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/plugins/spoiler-alert-77512c36f465902e7dbf3b8252c7cd6387edc9bf4ca804b79466212c1d1c843d.js
Requested by: Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 77512c36f465902e7dbf3b8252c7cd6387edc9bf4ca804b79466212c1d1c843d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: HIT
age: 3595701
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JHZi2PmGDMhP66r7hpUyf81YpBByu2Ra65CtN9NZNCHZlmWpbNWAdQ3DmK4l5Y05mqetocgOvnmgUWEiyUj49KIAbtP3WuKKcwu7WEXYNCsZf1ZQW3D2iA9F3cnkDuif2ijl6g5xUXqQ9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ddb14b0ae37a288-YUL
expires: Tue, 29 Apr 2025 17:27:28 GMT
server-timing: cfL4;desc="?proto=TCP&rtt=17620&sent=241&recv=140&lost=0&retrans=0&sent_bytes=235490&recv_bytes=6165&delivery_rate=4182214&cwnd=274&unsent_bytes=0&cid=581123e050585840&ts=461&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-type: application/javascript
last-modified: Sat, 09 Mar 2024 04:05:23 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 en-666fe268c5c09740e19778d3756be4ffa4bfa22642e83a31cc7ee39923049ac7.js Show response
malware.news/assets/locales/ 348 KB
95 KB 60ms
55ms Script
application/javascript 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/locales/en-666fe268c5c09740e19778d3756be4ffa4bfa22642e83a31cc7ee39923049ac7.js
Requested by: Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c5ee33f26479a267cb93b664a5c2ff07e4f835e022e2fdbc5c8c23564b0dc292

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fdueKdsg9yzukCmwwyXa2zGDwmHUp75op8QGqkxNlGnAyYMj0bxfCdheyw4bJO6hOoKO55c5J8kfvw4V4TCuz1f0vYva8gzEuEP8K5qDkX4Z7uWrv%2FeUBLfkcfZiXUtv1gp9SLVXMacxCg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ddb14b0ae38a288-YUL
expires: Mon, 19 May 2025 17:40:56 GMT
server-timing: cfL4;desc="?proto=TCP&rtt=16909&sent=413&recv=184&lost=0&retrans=0&sent_bytes=445620&recv_bytes=6165&delivery_rate=4182214&cwnd=274&unsent_bytes=0&cid=581123e050585840&ts=481&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-type: application/javascript
last-modified: Sun, 19 May 2024 17:36:59 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 267 KB
94 KB 292ms
58ms Script
application/javascript 2607:f8b0:4004:c19::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-SVDG4GL741

Requested by

Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c19::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c17ecec27dfc181a213218c05b55f758ef0340346ae21b6f2d6b61f2123891d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Tue, 05 Nov 2024 07:20:22 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 05 Nov 2024 07:20:22 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 95833
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 google-universal-analytics-v4-e154af4adb3c483a3aba7f9a7229b8881cdc5cf369290923d965a2ad30163ae8.js Show response
malware.news/assets/ 533 B
789 B 33ms
28ms Script
application/javascript 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/assets/google-universal-analytics-v4-e154af4adb3c483a3aba7f9a7229b8881cdc5cf369290923d965a2ad30163ae8.js
Requested by: Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e154af4adb3c483a3aba7f9a7229b8881cdc5cf369290923d965a2ad30163ae8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: HIT
age: 3595701
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZcPPk7TRvpYAex%2FM0V1KIpTgXvdtdm5Lo3i%2B8Wb5zRDCoM%2BK%2Fr%2FH6ANEW99utdY%2BsbWZI0KdnuD6fH3HuE0ZIG4UqxtWDBUWzDaAAUuqEKo%2B9zqs%2BkF2NEX19Z8WQZMzmoIBsKTWnXJP7g%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ddb14b0ae39a288-YUL
expires: Tue, 29 Apr 2025 14:41:33 GMT
server-timing: cfL4;desc="?proto=TCP&rtt=17620&sent=183&recv=140&lost=0&retrans=0&sent_bytes=174640&recv_bytes=6165&delivery_rate=4182214&cwnd=274&unsent_bytes=0&cid=581123e050585840&ts=457&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-type: application/javascript
last-modified: Sat, 09 Mar 2024 04:04:58 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 color_definitions_base__2_4a8c937dd96730817e3ecfdfc23b856bce1e757d.css
malware.news/stylesheets/ 4 KB
2 KB 30ms
26ms Stylesheet
text/css 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/color_definitions_base__2_4a8c937dd96730817e3ecfdfc23b856bce1e757d.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4e134f40c8c4baad557dbe3eb6869d8cf4a66462084170b4881a2aff6eca274

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

x-request-id: ec55d492-ec82-4a17-9160-650e9eb115b8
content-encoding: gzip
cf-cache-status: HIT
age: 3595702
x-permitted-cross-domain-policies: none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9bo0mrZ99JjgoP5c2DGEg6F0WnL38ymPBD1%2B7x4SpPYEThfelxax9JglJrdjHTPsNkLLGqenyLvKN5dWn%2BN%2BTECpSS7hMnfzMWWt9pH8I9sr%2FFl1vy3iBX5YHBNFcbADo278a9hUryJcaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server-timing: cfL4;desc="?proto=TCP&rtt=21507&sent=50&recv=56&lost=0&retrans=0&sent_bytes=39402&recv_bytes=3665&delivery_rate=2245837&cwnd=257&unsent_bytes=0&cid=581123e050585840&ts=365&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-disposition: inline; filename="color_definitions_base__2_4a8c937dd96730817e3ecfdfc23b856bce1e757d.css"; filename*=UTF-8''color_definitions_base__2_4a8c937dd96730817e3ecfdfc23b856bce1e757d.css
content-type: text/css
vary: Accept-Encoding
last-modified: Sun, 19 May 2024 17:37:16 GMT
x-frame-options: SAMEORIGIN
cache-control: public, max-age=31556952, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: same-origin-allow-popups
content-transfer-encoding: binary
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8ddb14b01deaa288-YUL
x-discourse-route: stylesheets/show
x-xss-protection: 0
server: cloudflare

GET
H2 200 desktop_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
malware.news/stylesheets/ 661 KB
103 KB 35ms
31ms Stylesheet
text/css 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/desktop_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2fe258a6b3a482ce904aaa4d71aa8b276ac2d66289e56515adaa373ce73e6173

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

x-request-id: d5e0fb08-e9f8-4b92-9a16-00ade4ca5c82
content-encoding: gzip
cf-cache-status: HIT
age: 3595702
x-permitted-cross-domain-policies: none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EOPk9EQqTYMGtFgWZ4IiXdGBYXMhOBZvIp%2B8fU74eQ%2BJn2rPNv2akijfuuGmX6TJnLc33ev7K%2FgLNFOufLTv6B25ryHioPthG%2Be5fsoxF8XQBn82toQ%2BRmXx1Xr%2FH30m%2FFLOk2CkRvc63w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server-timing: cfL4;desc="?proto=TCP&rtt=21507&sent=64&recv=56&lost=0&retrans=0&sent_bytes=46705&recv_bytes=3665&delivery_rate=2245837&cwnd=257&unsent_bytes=0&cid=581123e050585840&ts=366&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-disposition: inline; filename="desktop_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css"; filename*=UTF-8''desktop_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
content-type: text/css
vary: Accept-Encoding
last-modified: Sun, 19 May 2024 17:37:10 GMT
x-frame-options: SAMEORIGIN
cache-control: public, max-age=31556952, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: same-origin-allow-popups
content-transfer-encoding: binary
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8ddb14b01deba288-YUL
x-discourse-route: stylesheets/show
x-xss-protection: 0
server: cloudflare

GET
H2 200 checklist_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
malware.news/stylesheets/ 5 KB
1 KB 55ms
51ms Stylesheet
text/css 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/checklist_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f0fbc7f61c0620a4ec824cc106951eff46d60cfd8eb8d8d490218463d2fd98cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

x-request-id: 1a993d85-260b-47f0-9546-228b39271db1
content-encoding: gzip
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hYr%2FIxlu7X7V4gwpqEHBqiuISsvtp7bFqeOwG7mh%2BIF%2FG96KwEx5KKB2SMC%2FmToeDFHNRfSbMR8Whr5yPWNq2cLOVKcRKQlta4MquC6kORJPtxV%2BI3Ex1ixt1yZrlNbef0SUWSIFpn5WJA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server-timing: cfL4;desc="?proto=TCP&rtt=21507&sent=111&recv=57&lost=0&retrans=0&sent_bytes=103530&recv_bytes=4340&delivery_rate=2245837&cwnd=257&unsent_bytes=32425&cid=581123e050585840&ts=380&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-disposition: inline; filename="checklist_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css"; filename*=UTF-8''checklist_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
content-type: text/css
vary: Accept-Encoding
last-modified: Sun, 19 May 2024 17:37:14 GMT
x-frame-options: SAMEORIGIN
cache-control: public, max-age=31556952, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: same-origin-allow-popups
content-transfer-encoding: binary
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8ddb14b01deda288-YUL
x-discourse-route: stylesheets/show
x-xss-protection: 0
server: cloudflare

GET
H2 200 discourse-details_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
malware.news/stylesheets/ 3 KB
2 KB 48ms
44ms Stylesheet
text/css 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/discourse-details_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0998f98bd48342f12e7081dc237e6982e151d5f03cda0cf111da67e615b8ce9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

x-request-id: 1534ccd9-ef9e-455b-8259-e75df474fb94
content-encoding: gzip
cf-cache-status: HIT
age: 1119649
x-permitted-cross-domain-policies: none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sDiWma1FOe%2FT31BasrlKldUfXSL8ZNkDUMNWg9U%2BJPV4LOdoDWHvJxv4sUAPwhGj4RS%2BICPkQJKnjlmI%2Fe8N6E1o%2BP6FJQAG7oycMJ8C1lj7J7pbWqO5aQWIFL2G3yINgOYNEim9%2BPQTow%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server-timing: cfL4;desc="?proto=TCP&rtt=21507&sent=111&recv=56&lost=0&retrans=0&sent_bytes=103530&recv_bytes=3665&delivery_rate=2245837&cwnd=257&unsent_bytes=32425&cid=581123e050585840&ts=367&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-disposition: inline; filename="discourse-details_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css"; filename*=UTF-8''discourse-details_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
content-type: text/css
vary: Accept-Encoding
last-modified: Sun, 19 May 2024 17:37:14 GMT
x-frame-options: SAMEORIGIN
cache-control: public, max-age=31556952, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: same-origin-allow-popups
content-transfer-encoding: binary
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8ddb14b01deea288-YUL
x-discourse-route: stylesheets/show
x-xss-protection: 0
server: cloudflare

GET
H2 200 discourse-lazy-videos_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
malware.news/stylesheets/ 7 KB
4 KB 30ms
27ms Stylesheet
text/css 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/discourse-lazy-videos_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

152760f614cc53fb6dd1c362d06c281a719e37ce1dec3636ffb90f33e2bb6131

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

x-request-id: f1c5df15-0a88-4aab-bd13-b20596d0831c
content-encoding: gzip
cf-cache-status: HIT
age: 1119649
x-permitted-cross-domain-policies: none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fo88r83uUqO31kkWnkWT%2FIV9pk%2FU%2B8dthS1cj7KsxivedGK9DkLdlAw8NCfXfXTLs9cZUW7XDhiFDxOjk4k6LkTMLdYfdoRENsjONCV6Emqf8jMQ1Yw%2FAiBlu1ljpLZ6aklK%2F4m1dvCkZA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server-timing: cfL4;desc="?proto=TCP&rtt=21507&sent=54&recv=56&lost=0&retrans=0&sent_bytes=41468&recv_bytes=3665&delivery_rate=2245837&cwnd=257&unsent_bytes=0&cid=581123e050585840&ts=365&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-disposition: inline; filename="discourse-lazy-videos_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css"; filename*=UTF-8''discourse-lazy-videos_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
content-type: text/css
vary: Accept-Encoding
last-modified: Sun, 19 May 2024 17:37:14 GMT
x-frame-options: SAMEORIGIN
cache-control: public, max-age=31556952, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: same-origin-allow-popups
content-transfer-encoding: binary
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8ddb14b01defa288-YUL
x-discourse-route: stylesheets/show
x-xss-protection: 0
server: cloudflare

GET
H2 200 discourse-local-dates_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
malware.news/stylesheets/ 875 B
1 KB 50ms
47ms Stylesheet
text/css 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/discourse-local-dates_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a2b15f24ee32ae108d07a11757c4e120fb2c0384f3a842952432da1736158ce7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

x-request-id: fdb288da-5f3e-4e2b-ac1b-dee5aee94f6d
content-encoding: gzip
cf-cache-status: HIT
age: 3595702
x-permitted-cross-domain-policies: none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GMm0d8o7eznQU%2BK13vQNcf0eMGP0ItinXR15bBU4BJ1%2Fspy4%2B%2ByZ1o%2FsgY6kVbIrtYl7Lqcce1GJYvOkzQmYSmeKh5Bi99H1vfIuUX9cV9%2BLVoScHSIWd5uI3pD0thJKbI%2BJ0eobodtBYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server-timing: cfL4;desc="?proto=TCP&rtt=21507&sent=111&recv=56&lost=0&retrans=0&sent_bytes=103530&recv_bytes=3665&delivery_rate=2245837&cwnd=257&unsent_bytes=32425&cid=581123e050585840&ts=369&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-disposition: inline; filename="discourse-local-dates_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css"; filename*=UTF-8''discourse-local-dates_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
content-type: text/css
vary: Accept-Encoding
last-modified: Sun, 19 May 2024 17:37:15 GMT
x-frame-options: SAMEORIGIN
cache-control: public, max-age=31556952, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: same-origin-allow-popups
content-transfer-encoding: binary
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8ddb14b01df1a288-YUL
x-discourse-route: stylesheets/show
x-xss-protection: 0
server: cloudflare

GET
H2 200 discourse-narrative-bot_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
malware.news/stylesheets/ 171 B
771 B 53ms
51ms Stylesheet
text/css 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/discourse-narrative-bot_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c3dcd0afcea9a61171dd74c218ce2ba9bb686ae0e68c967ae4e75c8fdeb8687

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

x-request-id: 1569a4d0-d527-4f26-88b2-4831c34dbba7
content-encoding: gzip
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9JkJavtN9OEyJH%2BB4P%2FvrONAoLe5Vj1nirHPgxcgS5jlHtwpiQwUKIalQCTyDV2AxKkMrTKQWCWncN07CVcXObeiMqzMO5gbl4BQ3TdnJJY7ZuuQYnEfP0U7jTHXKWFvzy%2BrFCFFOWp5wQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server-timing: cfL4;desc="?proto=TCP&rtt=21507&sent=111&recv=57&lost=0&retrans=0&sent_bytes=103530&recv_bytes=4340&delivery_rate=2245837&cwnd=257&unsent_bytes=32425&cid=581123e050585840&ts=380&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-disposition: inline; filename="discourse-narrative-bot_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css"; filename*=UTF-8''discourse-narrative-bot_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
content-type: text/css
vary: Accept-Encoding
last-modified: Sun, 19 May 2024 17:37:15 GMT
x-frame-options: SAMEORIGIN
cache-control: public, max-age=31556952, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: same-origin-allow-popups
content-transfer-encoding: binary
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8ddb14b01df3a288-YUL
x-discourse-route: stylesheets/show
x-xss-protection: 0
server: cloudflare

GET
H2 200 discourse-presence_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
malware.news/stylesheets/ 1 KB
1 KB 30ms
28ms Stylesheet
text/css 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/discourse-presence_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a39db0af2b877ea2c5cccbc1420ef9533196f61a33e740d8ec2bb31126470856

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

x-request-id: 180573a8-0fd7-428c-88aa-a4821fca2709
content-encoding: gzip
cf-cache-status: HIT
age: 3595702
x-permitted-cross-domain-policies: none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ASZMCu9vXp2qKqx61MrjetKah%2B7lc4mID3y2ap%2Fiv9m%2Bptal%2FTvd%2F3obkQrudDrs4p9px3Wnyh96leu6FUjK358bUc0PpxMr0iQIRy5OjoZgpNw5yqUG%2BNGnkAACzT6Rnr0kEfzGECiD8w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server-timing: cfL4;desc="?proto=TCP&rtt=21507&sent=61&recv=56&lost=0&retrans=0&sent_bytes=45257&recv_bytes=3665&delivery_rate=2245837&cwnd=257&unsent_bytes=0&cid=581123e050585840&ts=366&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-disposition: inline; filename="discourse-presence_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css"; filename*=UTF-8''discourse-presence_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
content-type: text/css
vary: Accept-Encoding
last-modified: Sun, 19 May 2024 17:37:15 GMT
x-frame-options: SAMEORIGIN
cache-control: public, max-age=31556952, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: same-origin-allow-popups
content-transfer-encoding: binary
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8ddb14b01df4a288-YUL
x-discourse-route: stylesheets/show
x-xss-protection: 0
server: cloudflare

GET
H2 200 docker_manager_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
malware.news/stylesheets/ 2 KB
2 KB 46ms
42ms Stylesheet
text/css 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/docker_manager_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb79726d8b50ade37e5ca0c5c82fc92eea9757c2e14e5f7feca1b80f7732048e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

x-request-id: 8e046a15-4c38-45b5-b003-5981d94f7bef
content-encoding: gzip
cf-cache-status: HIT
age: 3595702
x-permitted-cross-domain-policies: none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yyor5gs3yxdZLpj%2F0YsHykTxpGvHlgEnIxKU0oWbgGQ7SimJGdy%2BsE%2Bs5XjqzS07Fnn0CBCnxF1GpgSXoBG51xF64fGbfDoI9FiL640s6sdXExCiHDhy963vzv%2B4DP5wLEbfUnta4gn%2Fow%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server-timing: cfL4;desc="?proto=TCP&rtt=21507&sent=111&recv=57&lost=0&retrans=0&sent_bytes=103530&recv_bytes=4340&delivery_rate=2245837&cwnd=257&unsent_bytes=32425&cid=581123e050585840&ts=381&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-disposition: inline; filename="docker_manager_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css"; filename*=UTF-8''docker_manager_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
content-type: text/css
vary: Accept-Encoding
last-modified: Sun, 19 May 2024 17:37:15 GMT
x-frame-options: SAMEORIGIN
cache-control: public, max-age=31556952, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: same-origin-allow-popups
content-transfer-encoding: binary
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8ddb14b02dfea288-YUL
x-discourse-route: stylesheets/show
x-xss-protection: 0
server: cloudflare

GET
H2 200 footnote_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
malware.news/stylesheets/ 2 KB
1 KB 60ms
57ms Stylesheet
text/css 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/footnote_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b795edfb1b2de13aba43932708e4148b0aa37971047c94fcded06dbe5a4f61ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

x-request-id: 0a14e6ff-3c2f-40eb-ac99-ff981b6824ea
content-encoding: gzip
cf-cache-status: HIT
age: 1119649
x-permitted-cross-domain-policies: none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kuQ1dYkKmCfS9LLz%2BHdfgYUNjzDA0THVDBgr7zaDNGqeJsJZ4YxjIuRJ8l2aFh1f3GJQkxgXyr1U6BhiESfgGTMybzo6RDOARqVeVO%2BsJIriEOagOXBoXJrX7xckOFdjBHUSwOWLsf6qCg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server-timing: cfL4;desc="?proto=TCP&rtt=16502&sent=167&recv=83&lost=0&retrans=0&sent_bytes=167568&recv_bytes=4340&delivery_rate=4350912&cwnd=274&unsent_bytes=310&cid=581123e050585840&ts=384&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-disposition: inline; filename="footnote_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css"; filename*=UTF-8''footnote_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
content-type: text/css
vary: Accept-Encoding
last-modified: Sun, 19 May 2024 17:37:15 GMT
x-frame-options: SAMEORIGIN
cache-control: public, max-age=31556952, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: same-origin-allow-popups
content-transfer-encoding: binary
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8ddb14b02dffa288-YUL
x-discourse-route: stylesheets/show
x-xss-protection: 0
server: cloudflare

GET
H2 200 poll_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
malware.news/stylesheets/ 10 KB
3 KB 45ms
43ms Stylesheet
text/css 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/poll_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ae4f4ee6f5299f646a880259e857f469f41fc0ae30cc568c94e81901dad49cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

x-request-id: 1d474f2c-3dc1-441e-8712-b226c908560a
content-encoding: gzip
cf-cache-status: HIT
age: 3595702
x-permitted-cross-domain-policies: none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0Nyxcp60zhsCfUH3k%2BiApdQsVPETXRjS8c8l4N%2BtZ%2FrHBgQudOJ3FG5PbdfJbpU0XgYr5SyuyrbxjBflMI1c8pK20fFDb0vPRy3t6nGWPt5KKMuDiyv9jvxuX2MIIJ1tIXby%2Fh81H7h6dg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server-timing: cfL4;desc="?proto=TCP&rtt=19213&sent=111&recv=61&lost=0&retrans=0&sent_bytes=103530&recv_bytes=4340&delivery_rate=2245837&cwnd=257&unsent_bytes=32425&cid=581123e050585840&ts=381&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-disposition: inline; filename="poll_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css"; filename*=UTF-8''poll_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
content-type: text/css
vary: Accept-Encoding
last-modified: Sun, 19 May 2024 17:37:15 GMT
x-frame-options: SAMEORIGIN
cache-control: public, max-age=31556952, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: same-origin-allow-popups
content-transfer-encoding: binary
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8ddb14b02e00a288-YUL
x-discourse-route: stylesheets/show
x-xss-protection: 0
server: cloudflare

GET
H2 200 spoiler-alert_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
malware.news/stylesheets/ 1 KB
1004 B 46ms
43ms Stylesheet
text/css 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/spoiler-alert_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1f1ad194fec669a7a9d1643b2e5aa0fc0d4c3566c0652e741f9b7667e687185d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

x-request-id: 1025a72b-c694-435b-ae6b-a3817b13fb2e
content-encoding: gzip
cf-cache-status: HIT
age: 1119649
x-permitted-cross-domain-policies: none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d7FiK5qE5omdwXr722rIxVpN0kPzBVB2j1hjX5fHnHWPi%2FH4gyAOCzfooLCudIhzDtGXGM%2FsMqJEqhLyyMSh5dExMHdGbD%2F15MZ9n%2BdlYQs3rbEIJvHJeUMQMk5VqkwksPv476YrI9K2bA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server-timing: cfL4;desc="?proto=TCP&rtt=17856&sent=113&recv=65&lost=0&retrans=0&sent_bytes=104899&recv_bytes=4340&delivery_rate=2245837&cwnd=257&unsent_bytes=31056&cid=581123e050585840&ts=382&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-disposition: inline; filename="spoiler-alert_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css"; filename*=UTF-8''spoiler-alert_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
content-type: text/css
vary: Accept-Encoding
last-modified: Sun, 19 May 2024 17:37:15 GMT
x-frame-options: SAMEORIGIN
cache-control: public, max-age=31556952, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: same-origin-allow-popups
content-transfer-encoding: binary
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8ddb14b02e01a288-YUL
x-discourse-route: stylesheets/show
x-xss-protection: 0
server: cloudflare

GET
H2 200 poll_desktop_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
malware.news/stylesheets/ 611 B
1 KB 47ms
44ms Stylesheet
text/css 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/poll_desktop_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25f16c6ec5664d0694edfe491fb383a433ece0ea25917cf656e87d3867d5dd5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

x-request-id: 6fe1b42b-501f-4ea8-a40f-423db8c4ee7f
content-encoding: gzip
cf-cache-status: HIT
age: 3595702
x-permitted-cross-domain-policies: none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cH3%2BkgX1Fp4iBupFrejKBqhQV4ALQXBP5b%2B3KnX4xndzkMjXTSngPmLITXHwnN2Hhu9mvex6y7GJBT06ze7mwhrgRJM%2B37l4kqVdcITPfk7s5hFwpAZevg4aG%2FlBqD4R0HvIUSpPP7v9%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server-timing: cfL4;desc="?proto=TCP&rtt=16588&sent=120&recv=78&lost=0&retrans=0&sent_bytes=112814&recv_bytes=4340&delivery_rate=3102340&cwnd=257&unsent_bytes=23141&cid=581123e050585840&ts=383&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-disposition: inline; filename="poll_desktop_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css"; filename*=UTF-8''poll_desktop_2867f57e66c2a9b74ab08f80de95e5a0436372fb.css
content-type: text/css
vary: Accept-Encoding
last-modified: Sun, 19 May 2024 17:37:15 GMT
x-frame-options: SAMEORIGIN
cache-control: public, max-age=31556952, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: same-origin-allow-popups
content-transfer-encoding: binary
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8ddb14b02e04a288-YUL
x-discourse-route: stylesheets/show
x-xss-protection: 0
server: cloudflare

GET
H2 200 desktop_theme_2_a38326017212e35af640b7285f440cd9f26f6eaa.css
malware.news/stylesheets/ 108 B
721 B 45ms
44ms Stylesheet
text/css 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/stylesheets/desktop_theme_2_a38326017212e35af640b7285f440cd9f26f6eaa.css?__ws=malware.news

Requested by

Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b01475a1ed788124386bf51068464a0ea886a403c1b1e51e8a2cde722894a2c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

x-request-id: 2623e9a5-df6b-4bf4-ba65-70c12a647b5f
content-encoding: gzip
cf-cache-status: HIT
age: 3595702
x-permitted-cross-domain-policies: none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ils6xvRJdVw8LLpfrCARJ47jee%2FxaBbeLrPprmF5VCl0ut9TdzbJBbdzqlkcvikhOgiyncuJ3BzbHimEUrM438kcFtAZZmVQa9GLw%2F4Z3Jt1nIW0nZYxv0%2FMX9%2FQFepmkKERVKZDTuZAfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server-timing: cfL4;desc="?proto=TCP&rtt=16785&sent=113&recv=72&lost=0&retrans=0&sent_bytes=104899&recv_bytes=4340&delivery_rate=2414005&cwnd=257&unsent_bytes=31056&cid=581123e050585840&ts=382&x=0"
date: Tue, 05 Nov 2024 07:20:21 GMT
content-disposition: inline; filename="desktop_theme_2_a38326017212e35af640b7285f440cd9f26f6eaa.css"; filename*=UTF-8''desktop_theme_2_a38326017212e35af640b7285f440cd9f26f6eaa.css
content-type: text/css
vary: Accept-Encoding
last-modified: Sun, 19 May 2024 17:37:16 GMT
x-frame-options: SAMEORIGIN
cache-control: public, max-age=31556952, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: same-origin-allow-popups
content-transfer-encoding: binary
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8ddb14b02e06a288-YUL
x-discourse-route: stylesheets/show
x-xss-protection: 0
server: cloudflare

GET
DATA 200
OK truncated
/ 42 B
42 B Image
image/svg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a0389bf2491388d6184b975a3a130c29fc1a9af8f29a4c9a3d0536a3da88e0f3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H2 200 svg-2-c1066beb12cc75cc4c3bc42f218f381c862e7905.js Show response
malware.news/svg-sprite/malware.news/ 143 KB
49 KB 36ms
32ms Script
application/javascript 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/svg-sprite/malware.news/svg-2-c1066beb12cc75cc4c3bc42f218f381c862e7905.js

Requested by

Host: malware.news
URL: https://malware.news/assets/chunk.6d6a6a17194d67289ef4.d41d8cd9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ce1934be1fa8520dcc9442317e483c1fc52cc241cc48c096c0d188cd327ae04

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

x-request-id: a1b55771-44c0-4a8f-aedb-1d6a2d2d6638
content-encoding: gzip
cf-cache-status: HIT
age: 3595698
x-permitted-cross-domain-policies: none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TfI7ZVuR4Dl8UT8bNjly8%2BiBWVtrBHdStMSwacm%2BYFjHbri6QvKoaNCcjyXXHmsKJi8f5%2Bx8TMYPQ2fpj90hRGZf6zFsLUCy93LuBIpCybjaeHHSlL66wPAYKs0Uc5mQ4BBlnBlX3SBsDA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server-timing: cfL4;desc="?proto=TCP&rtt=21469&sent=1884&recv=1178&lost=0&retrans=7&sent_bytes=2299343&recv_bytes=6468&delivery_rate=315783&cwnd=618&unsent_bytes=0&cid=581123e050585840&ts=1759&x=0"
date: Tue, 05 Nov 2024 07:20:23 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding, Accept
last-modified: Mon, 19 May 2014 17:24:04 GMT
x-frame-options: SAMEORIGIN
cache-control: public, max-age=31556952, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: same-origin-allow-popups
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8ddb14b8c9e1a288-YUL
x-discourse-route: svg_sprite/show
x-xss-protection: 0
server: cloudflare

GET
H2 200 ba8ee0a927a69022c651441ac23d01bcdbc09785.png
malware.news/uploads/default/original/3X/b/a/ 9 KB
9 KB 38ms
38ms Image
image/png 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://malware.news/uploads/default/original/3X/b/a/ba8ee0a927a69022c651441ac23d01bcdbc09785.png
Requested by: Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 041dc75fa9294876d29e6d78e76c9f7f3202f1763480da93d6ce2414d0a095c3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

cache-control: max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vTfe0QtOsJc%2FxUDrPv%2FU6vmYkQLHWLTx4UhMu6tkJSTINRJfP%2B1vV8FbOlFNIeQ8TtpuKh1dazG5wanwXFUHzaLwuET5D1wO%2FQkmWtHh%2Fg2RhPZ0S8ymM7dR1lwGxivllOiBdzOIawenOg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ddb14bbaafea288-YUL
expires: Wed, 03 Sep 2025 05:48:43 GMT
accept-ranges: bytes
access-control-allow-origin: *
server-timing: cfL4;desc="?proto=TCP&rtt=20546&sent=1931&recv=1200&lost=0&retrans=11&sent_bytes=2353491&recv_bytes=6631&delivery_rate=2061919&cwnd=618&unsent_bytes=0&cid=581123e050585840&ts=2234&x=0"
content-length: 8758
date: Tue, 05 Nov 2024 07:20:23 GMT
content-type: image/png
last-modified: Sat, 22 Dec 2018 04:38:37 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 24_2.png
malware.news/user_avatar/malware.news/malbot/48/ 3 KB
3 KB 38ms
29ms Image
image/jpeg 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://malware.news/user_avatar/malware.news/malbot/48/24_2.png

Requested by

Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

acb53c4533765bc5dc1225c4850964ddb2ed637a7a1cf420c446a08104085da8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

cf-bgj: h2pri
cf-cache-status: HIT
age: 1007939
x-permitted-cross-domain-policies: none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KcDcLCI%2B5eOtmQ1yB%2BFuXklyzj7Ejri6iSlZznkM%2FddFgvv7VoqDxxU5SUjs7KzdfqByG%2F9N03u4PMYl5N5n%2Fukf3VdrvbuV2qbaw%2FTYB%2BnMMcKN4JtM8lVsdwki1uB9DouLycPnX0hKUA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server-timing: cfL4;desc="?proto=TCP&rtt=23801&sent=1940&recv=1207&lost=0&retrans=11&sent_bytes=2362837&recv_bytes=6713&delivery_rate=2061919&cwnd=619&unsent_bytes=0&cid=581123e050585840&ts=2367&x=0"
date: Tue, 05 Nov 2024 07:20:23 GMT
content-type: image/jpeg
last-modified: Sat, 09 Mar 2024 04:15:49 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
cache-control: public, max-age=31556952, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-transfer-encoding: binary
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8ddb14bc9b5ea288-YUL
accept-ranges: bytes
content-length: 2626
x-discourse-route: user_avatars/show
x-xss-protection: 0
server: cloudflare

GET
H2 200 UNR56TU4OV-image1.png
research.checkpoint.com/wp-content/uploads/2024/10/ 22 KB
23 KB 293ms
42ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://research.checkpoint.com/wp-content/uploads/2024/10/UNR56TU4OV-image1.png
Requested by: Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c785b08bf3402eccdd15b3ab2b76cac69a0357c8b31e52bb74fbfe52d06d94ca

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/

Response headers

cf-bgj: imgq:100,h2pri
etag: "670b88f1-b4b5"
age: 63234
cf-cache-status: HIT
cf-polished: origFmt=png, origSize=46261
alt-svc: h3=":443"; ma=86400
date: Tue, 05 Nov 2024 07:20:24 GMT
content-type: image/webp
content-disposition: inline; filename="UNR56TU4OV-image1.webp"
vary: Accept
last-modified: Sun, 13 Oct 2024 08:46:41 GMT
cache-control: public, max-age=31536000
cf-ray: 8ddb14be2985ac96-YYZ
accept-ranges: bytes
access-control-allow-origin: *
content-length: 22922
server: cloudflare

POST
H2 204 collect
analytics.google.com/g/ 0
0 349ms
46ms Fetch
text/plain 2607:f8b0:4004:c08::8a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-SVDG4GL741&gtm=45je4au0v9121104881za200&_p=1730791222890&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101823848~101878899~101878944~101925629&cid=444145552.1730791224&ecid=909452948&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&dl=%2Ft%2Fcloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat%2F88085&dt=Cloudy%20With%20a%20Chance%20of%20RATs%3A%20Unveiling%20APT36%20and%20the%20Evolution%20of%20ElizaRAT%20-%20Malware%20Analysis%20-%20Malware%20Analysis%2C%20News%20and%20Indicators&sid=1730791224&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.autoLinkConfig=%5Bobject%20Object%5D&tfd=3055
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-SVDG4GL741
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c08::8a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://malware.news
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 05 Nov 2024 07:20:24 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
552 B 345ms
43ms Ping
text/plain 2607:f8b0:4004:c1d::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-SVDG4GL741&cid=444145552.1730791224&gtm=45je4au0v9121104881za200&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101823848~101878899~101878944~101925629
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-SVDG4GL741
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c1d::9d Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://malware.news
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 05 Nov 2024 07:20:24 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 rul
td.doubleclick.net/td/ga/ Frame 5BAE 0
0 294ms
43ms Document
text/html 2607:f8b0:4004:c0b::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/ga/rul?tid=G-SVDG4GL741&gacid=444145552.1730791224&gtm=45je4au0v9121104881za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101823848~101878899~101878944~101925629&z=1424062311

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-SVDG4GL741

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c0b::9d Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://malware.news/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Nov 2024 07:20:24 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ga-audiences
www.google.ca/ads/ 42 B
63 B 311ms
98ms Image
image/gif 142.251.167.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-SVDG4GL741&cid=444145552.1730791224&gtm=45je4au0v9121104881za200&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101823848~101878899~101878944~101925629&tag_exp=101823848~101878899~101878944~101925629&z=1365671418

Requested by

Host: malware.news
URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.94 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 05 Nov 2024 07:20:24 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1ad09817976c24d9eab6f4fc788740fc5db93bda522227a4f18f324bb38adf11

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H2 200 a0086c91da850eb004fb4af82117ab347b9e272a_2_32x32.png
malware.news/uploads/default/optimized/3X/a/0/ 2 KB
2 KB 34ms
31ms Other
image/png 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malware.news/uploads/default/optimized/3X/a/0/a0086c91da850eb004fb4af82117ab347b9e272a_2_32x32.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c7afa12ce5701916349284e884f7fddcf56832f30d041982b6f9a484b64084f5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085

Response headers

cf-cache-status: HIT
age: 3595677
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VdApSRLiJ36lKUxMx9i5uD0aaDYOLcwh6Gr2OAZizmidmBc0CQKDac9qAr0jhKbCiAwcVmsuyAiicNCceS9bs7uGZIUQc1OzGK0o9tOhyP1aKAV1uELxl6ghzKAhdWw7BbXriw1SJElcgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
expires: Sun, 09 Mar 2025 04:07:40 GMT
server-timing: cfL4;desc="?proto=TCP&rtt=20655&sent=1945&recv=1213&lost=0&retrans=11&sent_bytes=2366085&recv_bytes=6902&delivery_rate=2061919&cwnd=510&unsent_bytes=0&cid=581123e050585840&ts=3633&x=0"
date: Tue, 05 Nov 2024 07:20:25 GMT
content-type: image/png
last-modified: Sat, 01 Jun 2019 22:43:41 GMT
vary: Accept-Encoding
cache-control: max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ddb14c48f21a288-YUL
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1851
server: cloudflare

POST
H2 200 poll
malware.news/message-bus/96db41b49e55456780bcc0254b50c695/ 267 B
0 74ms
36ms XHR
text/plain 2606:4700:20::681a:769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.news/message-bus/96db41b49e55456780bcc0254b50c695/poll

Requested by

Host: malware.news
URL: https://malware.news/assets/chunk.6d6a6a17194d67289ef4.d41d8cd9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:769 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Discourse-Deferred-Track-View: true
X-CSRF-Token: undefined
Referer: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085
X-SILENCE-LOGGER: true
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: text/plain, */*; q=0.01
Discourse-Present: true
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

access-control-max-age: 7200
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v4VeV4VYH46FSg3NXc%2Fo1o1R8DwaME3yPI9dzPULMnN60Lvpa0V0EwVAiu8k9eFLXLk9aTRk9YeAqRY2yr7cSbTvzyH9QHMJ74HefRlAxaNncg1yKlELk3WcQYttnFWcRANBvO8iH5Pf8g%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, POST
x-content-type-options: nosniff
expires: 0
server-timing: cfL4;desc="?proto=TCP&rtt=18962&sent=1950&recv=1219&lost=0&retrans=11&sent_bytes=2368495&recv_bytes=7467&delivery_rate=2061919&cwnd=510&unsent_bytes=0&cid=581123e050585840&ts=3795&x=0"
date: Tue, 05 Nov 2024 07:20:25 GMT
content-type: text/plain; charset=utf-8
access-control-allow-headers: X-SILENCE-LOGGER, X-Shared-Session-Key, Dont-Chunk, Discourse-Present, Discourse-Deferred-Track-View
cache-control: must-revalidate, private, max-age=0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
cf-ray: 8ddb14c56f9ba288-YUL
access-control-allow-origin: https://malware.news
server: cloudflare

Verdicts & Comments Add Verdict or Comment

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.malware.news/	1970-01-21 10:22:31	Name: _ga_SVDG4GL741 Value: GS1.1.1730791224.1.0.1730791224.60.0.909452948
.malware.news/	1970-01-21 10:22:31	Name: _ga Value: GA1.1.444145552.1730791224
.doubleclick.net/	1970-01-21 00:46:32	Name: test_cookie Value: CheckForPermission

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085 Message: The Content Security Policy directive 'upgrade-insecure-requests' is ignored when delivered in a report-only policy.
recommendation	verbose	URL: https://malware.news/t/cloudy-with-a-chance-of-rats-unveiling-apt36-and-the-evolution-of-elizarat/88085 Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-SVDG4GL741(Line 149) Message: The Content Security Policy directive 'upgrade-insecure-requests' is ignored when delivered in a report-only policy.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-afYmdDKx82IzzO1gtyCKe7rMA' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
malware.news
research.checkpoint.com
stats.g.doubleclick.net
td.doubleclick.net
www.google.ca
www.googletagmanager.com
141.193.213.20
142.251.167.94
2606:4700:20::681a:769
2607:f8b0:4004:c08::8a
2607:f8b0:4004:c0b::9d
2607:f8b0:4004:c19::61
2607:f8b0:4004:c1d::9d
041dc75fa9294876d29e6d78e76c9f7f3202f1763480da93d6ce2414d0a095c3
0998f98bd48342f12e7081dc237e6982e151d5f03cda0cf111da67e615b8ce9a
0b5ddfb3a605aeed9ff478a225e8062861424d523836d7256e2b75489bf20cdf
152760f614cc53fb6dd1c362d06c281a719e37ce1dec3636ffb90f33e2bb6131
1ad09817976c24d9eab6f4fc788740fc5db93bda522227a4f18f324bb38adf11
1c3dcd0afcea9a61171dd74c218ce2ba9bb686ae0e68c967ae4e75c8fdeb8687
1f1ad194fec669a7a9d1643b2e5aa0fc0d4c3566c0652e741f9b7667e687185d
25f16c6ec5664d0694edfe491fb383a433ece0ea25917cf656e87d3867d5dd5d
2fe258a6b3a482ce904aaa4d71aa8b276ac2d66289e56515adaa373ce73e6173
48148ec534a4c5e9614302186b345123ba1358787c41bc31cbd17231f794fe42
4ae4f4ee6f5299f646a880259e857f469f41fc0ae30cc568c94e81901dad49cd
5566fc85873915364c34914ef9efda42cca8e77faad713da08a9d3d8e8677943
55813a5bacc3c99fda0b099a80401f124870fa9b510ced078af32f8a82364461
5d42ebdcddd972fdff22dca8398998a80ce50b0ec08915e8e8b9682a941b8651
608f4f77d8437d715d8d39c739c0c8bbe0fe51c9305e55f1ec7d0bee19f5571f
77512c36f465902e7dbf3b8252c7cd6387edc9bf4ca804b79466212c1d1c843d
79e2a367b53b791240c3504826b87b2787c9d197d77cd422969d592aae9cf23b
823b91992054aeb8ca1e4921c7a3ae7f9fae09ef838946f3b261ab5a6ad776ee
8ce1934be1fa8520dcc9442317e483c1fc52cc241cc48c096c0d188cd327ae04
9070f07226d022f68c06506e046ae33f8fe725302ff53955cd3d483f2fc47ff6
99f42f91bffa8ca1606d62b70bb92f981d83921e78ccdbd3d9538f07007f27ac
a0389bf2491388d6184b975a3a130c29fc1a9af8f29a4c9a3d0536a3da88e0f3
a2b15f24ee32ae108d07a11757c4e120fb2c0384f3a842952432da1736158ce7
a39db0af2b877ea2c5cccbc1420ef9533196f61a33e740d8ec2bb31126470856
a43bd7b3aa8d60242368b06762baf883047520450269be0bbd5491f6c14661c0
acb53c4533765bc5dc1225c4850964ddb2ed637a7a1cf420c446a08104085da8
b01475a1ed788124386bf51068464a0ea886a403c1b1e51e8a2cde722894a2c1
b355b48ea8dc5f9252a78cf0a6b7210b0493676ee421a69a425d092b98c2cc51
b795edfb1b2de13aba43932708e4148b0aa37971047c94fcded06dbe5a4f61ac
bdf1486acc96b228a2163490640a2bdc90f5e0a1bb1949335fd1fde2ad48795c
c17ecec27dfc181a213218c05b55f758ef0340346ae21b6f2d6b61f2123891d0
c4e134f40c8c4baad557dbe3eb6869d8cf4a66462084170b4881a2aff6eca274
c524a8995f2f0cbcea43353efe8e8f269da821ea97c21ef0f04df5fcd916170a
c5ee33f26479a267cb93b664a5c2ff07e4f835e022e2fdbc5c8c23564b0dc292
c785b08bf3402eccdd15b3ab2b76cac69a0357c8b31e52bb74fbfe52d06d94ca
c7afa12ce5701916349284e884f7fddcf56832f30d041982b6f9a484b64084f5
cb79726d8b50ade37e5ca0c5c82fc92eea9757c2e14e5f7feca1b80f7732048e
e154af4adb3c483a3aba7f9a7229b8881cdc5cf369290923d965a2ad30163ae8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e78679bb5ecd13c511a395ddab535f058d52e460c8593a137d8da23e04a97b46
ee978b42838e26d757251675c40fb0f62dff2f4081dc00fc4bb5492265f63b16
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0fbc7f61c0620a4ec824cc106951eff46d60cfd8eb8d8d490218463d2fd98cb

malware.news Open in urlscan Pro 2606:4700:20::681a:769 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

44 Requests

100 %HTTPS

71 %IPv6

6 Domains

7 Subdomains

8 IPs

1 Countries

2409 kBTransfer

14913 kBSize

3 Cookies

6 Outgoing links

Redirected requests

44 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

malware.news Open in urlscan Pro
2606:4700:20::681a:769 Public Scan

Screenshot
Live screenshot

Full Image

44
Requests

100 %
HTTPS

71 %
IPv6

6
Domains

7
Subdomains

8
IPs

1
Countries

2409 kB
Transfer

14913 kB
Size

3
Cookies

44 HTTP transactions
3 data transactions