www.picussecurity.com Open in urlscan Pro
199.60.103.227 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus
Submission: On November 07 via api (November 7th 2024, 7:57:23 am UTC) from IN — Scanned from DE

Summary HTTP 143 Redirects Links 31 Behaviour Indicators

Summary

This website contacted 43 IPs in 5 countries across 34 domains to perform 143 HTTP transactions. The main IP is 199.60.103.227, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.picussecurity.com.
TLS certificate: Issued by WE1 on September 20th 2024. Valid for: 3 months.

This is the only time www.picussecurity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
49	199.60.103.227 199.60.103.227	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
3	2606:4700:440... 2606:4700:4400::6812:297c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
2	172.67.166.202 172.67.166.202	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	99.79.185.91 99.79.185.91	16509 (AMAZON-02) (AMAZON-02)
13	2.17.100.184 2.17.100.184	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:2800:233... 2606:2800:233:66b5:799a:7cd3:f74d:7071	15133 (EDGECAST) (EDGECAST)
3	2606:4700::68... 2606:4700::6811:b05b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 12	2606:4700::68... 2606:4700::6810:7574	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	143.204.205.185 143.204.205.185	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
1	18.66.102.53 18.66.102.53	16509 (AMAZON-02) (AMAZON-02)
3	2600:9000:249... 2600:9000:2490:9400:c:77c4:d500:93a1	16509 (AMAZON-02) (AMAZON-02)
4	172.217.18.3 172.217.18.3	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
2	157.240.253.1 157.240.253.1	32934 (FACEBOOK) (FACEBOOK)
2	146.75.120.157 146.75.120.157	54113 (FASTLY) (FASTLY)
1	13.32.27.19 13.32.27.19	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6810:6bfe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:8a11	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:4e8e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:afc9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:df98	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700:440... 2606:4700:4400::ac40:9310	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.67.75.100 172.67.75.100	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:1b32	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:350... 2a02:26f0:3500:10::210:a9a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	2620:1ec:33:3... 2620:1ec:33:3::10	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
6	104.18.80.204 104.18.80.204	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.66.112.79 18.66.112.79	16509 (AMAZON-02) (AMAZON-02)
1	52.208.120.167 52.208.120.167	16509 (AMAZON-02) (AMAZON-02)
1	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:f36c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	216.58.212.170 216.58.212.170	15169 (GOOGLE) (GOOGLE)
1 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2620:1ec:c11:... 2620:1ec:c11::237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	185.89.210.153 185.89.210.153	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a02:26f0:710... 2a02:26f0:7100::5f64:87d0	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	75.2.108.141 75.2.108.141	16509 (AMAZON-02) (AMAZON-02)
143	43

49 199.60.103.227 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.picussecurity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::6812:297c (United States)

ASN13335 (CLOUDFLARENET, US)

39666904.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
7048931.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.166.202 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.popt.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
display.popt.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.79.185.91 (Montreal, Canada)

ASN16509 (AMAZON-02, US)
PTR: ec2-99-79-185-91.ca-central-1.compute.amazonaws.com

p.visitorqueue.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2.17.100.184 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-184.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:233:66b5:799a:7cd3:f74d:7071 (United States)

ASN15133 (EDGECAST, US)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:b05b (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700::6810:7574 (United States) 4 redirects

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.205.185 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-205-185.fra53.r.cloudfront.net

d10lpsik1i8c69.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.102.53 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-53.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2490:9400:c:77c4:d500:93a1 (United States)

ASN16509 (AMAZON-02, US)

t.visitorqueue.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.18.3 (United States)

ASN15169 (GOOGLE, US)
PTR: fra02s19-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh7-rt.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.253.1 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-fra5.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-19.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:6bfe (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:8a11 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4e8e (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:afc9 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:df98 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:4400::ac40:9310 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.75.100 (United States)

ASN13335 (CLOUDFLARENET, US)

settings.luckyorange.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1b32 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.mouseflow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:10::210:a9a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:33:3::10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.18.80.204 (None, )

ASN13335 (CLOUDFLARENET, US)

forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.112.79 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-79.fra56.r.cloudfront.net

vc.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.208.120.167 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-208-120-167.eu-west-1.compute.amazonaws.com

content.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:f36c (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.212.170 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s01-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.89.210.153 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:7100::5f64:87d0 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 75.2.108.141 (United States)

ASN16509 (AMAZON-02, US)
PTR: afe865822f884bb48.awsglobalaccelerator.com

eps.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
49	picussecurity.com www.picussecurity.com	757 KB
16	6sc.co j.6sc.co — Cisco Umbrella Rank: 5626 c.6sc.co — Cisco Umbrella Rank: 6951 ipv6.6sc.co — Cisco Umbrella Rank: 5794 eps.6sc.co — Cisco Umbrella Rank: 11869 b.6sc.co — Cisco Umbrella Rank: 3611	23 KB
12	hubspot.com 4 redirects js.hubspot.com — Cisco Umbrella Rank: 3554 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 3687 app.hubspot.com — Cisco Umbrella Rank: 5859 static.hubspot.com — Cisco Umbrella Rank: 17785 track.hubspot.com — Cisco Umbrella Rank: 2324 forms.hubspot.com — Cisco Umbrella Rank: 5962	32 KB
6	hsforms.com forms-na1.hsforms.com — Cisco Umbrella Rank: 7161 forms.hsforms.com — Cisco Umbrella Rank: 4621 perf-na1.hsforms.com — Cisco Umbrella Rank: 3796	4 KB
5	bing.com bat.bing.com — Cisco Umbrella Rank: 348	32 KB
5	linkedin.com 1 redirects platform.linkedin.com — Cisco Umbrella Rank: 3841 px.ads.linkedin.com — Cisco Umbrella Rank: 321 px4.ads.linkedin.com — Cisco Umbrella Rank: 6828	163 KB
4	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2172	28 KB
4	gstatic.com fonts.gstatic.com	117 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	339 KB
4	visitorqueue.com p.visitorqueue.com — Cisco Umbrella Rank: 127828 t.visitorqueue.com — Cisco Umbrella Rank: 90087	6 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 30	3 KB
3	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 5807	6 KB
3	hubspotusercontent-na1.net 39666904.fs1.hubspotusercontent-na1.net — Cisco Umbrella Rank: 87366 7048931.fs1.hubspotusercontent-na1.net	7 KB
2	bing.net bat.bing.net — Cisco Umbrella Rank: 20475	467 B
2	hotjar.io vc.hotjar.io — Cisco Umbrella Rank: 3185 content.hotjar.io — Cisco Umbrella Rank: 6755	405 B
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 4567 forms.hscollectedforms.net — Cisco Umbrella Rank: 4719	25 KB
2	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1472	27 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 180	75 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 877 script.hotjar.com — Cisco Umbrella Rank: 1177	61 KB
2	popt.in cdn.popt.in — Cisco Umbrella Rank: 31131 display.popt.in — Cisco Umbrella Rank: 29372	54 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 220	32 KB
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 479	704 B
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 3483	814 B
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 3643
1	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 116
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 784	14 KB
1	mouseflow.com cdn.mouseflow.com — Cisco Umbrella Rank: 7549	489 B
1	luckyorange.net settings.luckyorange.net — Cisco Umbrella Rank: 13599	912 B
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3176	4 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2191	25 KB
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 5048	26 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 5740	92 KB
1	googleusercontent.com lh7-rt.googleusercontent.com — Cisco Umbrella Rank: 733	62 KB
1	cloudfront.net d10lpsik1i8c69.cloudfront.net	3 KB
143	34

	Domain	Requested by
49	www.picussecurity.com	www.picussecurity.com js.usemessages.com
10	b.6sc.co
5	bat.bing.com	www.googletagmanager.com bat.bing.com
4	cta-service-cms2.hubspot.com	2 redirects js.hubspot.com
4	js.hs-banner.com	www.picussecurity.com js.hs-banner.com
4	fonts.gstatic.com	fonts.googleapis.com
4	www.googletagmanager.com	www.picussecurity.com www.googletagmanager.com
4	fonts.googleapis.com	www.picussecurity.com js.hs-banner.com
3	track.hubspot.com
3	px.ads.linkedin.com	1 redirects snap.licdn.com
3	forms-na1.hsforms.com	www.picussecurity.com
3	t.visitorqueue.com	www.picussecurity.com t.visitorqueue.com
3	static.hsappstatic.net	www.picussecurity.com
2	eps.6sc.co	j.6sc.co
2	bat.bing.net	bat.bing.com www.picussecurity.com
2	static.hubspot.com	2 redirects
2	perf-na1.hsforms.com	www.picussecurity.com
2	platform.twitter.com	www.picussecurity.com platform.twitter.com
2	connect.facebook.net	www.picussecurity.com connect.facebook.net
2	j.6sc.co	www.picussecurity.com j.6sc.co
2	cdnjs.cloudflare.com	www.picussecurity.com
2	39666904.fs1.hubspotusercontent-na1.net	www.picussecurity.com
1	forms.hubspot.com	js.hsleadflows.net
1	display.popt.in	cdnjs.cloudflare.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	secure.adnxs.com	j.6sc.co
1	px4.ads.linkedin.com	www.picussecurity.com
1	forms.hsforms.com	www.picussecurity.com
1	api.hubapi.com	js.hsadspixel.net
1	region1.google-analytics.com	www.googletagmanager.com
1	pagead2.googlesyndication.com	www.googletagmanager.com
1	content.hotjar.io	script.hotjar.com
1	vc.hotjar.io	script.hotjar.com
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	snap.licdn.com	www.googletagmanager.com
1	cdn.mouseflow.com	www.googletagmanager.com
1	settings.luckyorange.net	d10lpsik1i8c69.cloudfront.net
1	app.hubspot.com	www.picussecurity.com
1	js.hsadspixel.net	www.picussecurity.com
1	js.hs-analytics.net	www.picussecurity.com
1	js.usemessages.com	www.picussecurity.com
1	js.hsleadflows.net	www.picussecurity.com
1	js.hscollectedforms.net	www.picussecurity.com
1	script.hotjar.com	static.hotjar.com
1	7048931.fs1.hubspotusercontent-na1.net	www.picussecurity.com
1	lh7-rt.googleusercontent.com	www.picussecurity.com
1	static.hotjar.com	www.picussecurity.com
1	d10lpsik1i8c69.cloudfront.net	www.picussecurity.com
1	js.hubspot.com	www.picussecurity.com
1	platform.linkedin.com	www.picussecurity.com
1	p.visitorqueue.com	www.picussecurity.com
1	cdn.popt.in	www.picussecurity.com
143	53

This site contains links to these domains. Also see Links.

Domain
discover.picussecurity.com
app.picussecurity.com
events.picussecurity.com
picussecurity.com
insights.picussecurity.com
picuslabs.io
academy.picussecurity.com
cta-service-cms2.hubspot.com
www.cisa.gov
www.fortiguard.com
github.com
www.akamai.com
msrc.microsoft.com
asec.ahnlab.com
rackspace.service-now.com
www.solarwinds.com
thehackernews.com
databreaches.net
nvd.nist.gov
unit42.paloaltonetworks.com
www.broadcom.com
blog.talosintelligence.com
twitter.com
www.linkedin.com
www.facebook.com
support.picussecurity.com
www.youtube.com

Subject Issuer	Validity	Valid
www.picussecurity.com WE1	`2024-09-20` - `2024-12-19`	3 months	crt.sh
hubspotusercontent-na1.net WE1	`2024-10-27` - `2025-01-26`	3 months	crt.sh
cdnjs.cloudflare.com WE1	`2024-09-28` - `2024-12-27`	3 months	crt.sh
upload.video.google.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
popt.in WE1	`2024-10-29` - `2025-01-27`	3 months	crt.sh
p.visitorqueue.com Amazon RSA 2048 M03	`2024-08-02` - `2025-08-31`	a year	crt.sh
6sc.co R10	`2024-09-23` - `2024-12-22`	3 months	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2024-06-13` - `2025-06-13`	a year	crt.sh
hsappstatic.net WE1	`2024-11-04` - `2025-02-02`	3 months	crt.sh
hubspot.com WE1	`2024-10-03` - `2025-01-01`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2024-07-30` - `2025-07-03`	a year	crt.sh
*.google-analytics.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.hotjar.com Amazon RSA 2048 M03	`2024-05-22` - `2025-06-20`	a year	crt.sh
*.visitorqueue.com Amazon RSA 2048 M02	`2024-02-15` - `2025-03-15`	a year	crt.sh
*.gstatic.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.googleusercontent.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-08-16` - `2024-11-14`	3 months	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-24` - `2025-07-25`	a year	crt.sh
hscollectedforms.net WE1	`2024-09-22` - `2024-12-21`	3 months	crt.sh
hsleadflows.net WE1	`2024-09-29` - `2024-12-28`	3 months	crt.sh
usemessages.com WE1	`2024-10-06` - `2025-01-04`	3 months	crt.sh
hs-analytics.net WE1	`2024-10-07` - `2025-01-05`	3 months	crt.sh
hsadspixel.net WE1	`2024-10-10` - `2025-01-08`	3 months	crt.sh
hs-banner.com WE1	`2024-09-24` - `2024-12-23`	3 months	crt.sh
luckyorange.net WE1	`2024-09-23` - `2024-12-22`	3 months	crt.sh
cdn.mouseflow.com WE1	`2024-09-23` - `2024-12-22`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 03	`2024-09-16` - `2025-03-15`	6 months	crt.sh
hsforms.com WE1	`2024-10-10` - `2025-01-08`	3 months	crt.sh
*.hotjar.io Amazon ECDSA 256 M02	`2024-02-07` - `2025-03-08`	a year	crt.sh
*.g.doubleclick.net WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
hubapi.com WE1	`2024-09-09` - `2024-12-08`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-10-14` - `2025-04-14`	6 months	crt.sh
bat.bing.net Microsoft Azure RSA TLS Issuing CA 07	`2024-10-27` - `2025-04-25`	6 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2024-02-14` - `2025-03-16`	a year	crt.sh
eps.6sc.co Amazon RSA 2048 M02	`2024-08-29` - `2025-09-27`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus
Frame ID: BF21F9840F49C95D49BF33D1CA365070
Requests: 142 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.picussecurity.com
Frame ID: DDB6B5E8F68CFD615CCFFD849C75157E
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Fwww.picussecurity.com
Frame ID: A3C26C7F62B46352122DD4AD64D5C896
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

U.S. Targets RedLine and META Infostealers in Operation Magnus

Detected technologies

animate.css (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Mautic (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

[^a-z]mtc.*\.js

Mouse Flow (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.mouseflow\.com

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

<link [^>]+(?:/([\d.]+)/)?slick-theme\.css
(?:/([\d.]+))?/slick(?:\.min)?\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

143
Requests

98 %
HTTPS

52 %
IPv6

34
Domains

53
Subdomains

43
IPs

5
Countries

2017 kB
Transfer

5232 kB
Size

39
Cookies

31 Outgoing links

These are links going to different origins than the main page.

URL: https://discover.picussecurity.com/start-your-free-trial
Title: Free Trial

Search URL Search Domain Scan URL

URL: https://app.picussecurity.com/signin
Title: Login

Search URL Search Domain Scan URL

URL: https://events.picussecurity.com/demo-picus-platform
Title: Request a Demo

Search URL Search Domain Scan URL

URL: https://picussecurity.com/hubfs/General_Datasheet_2023/Picus%20Security%20Control%20Validation%20-%20Datasheet.pdf

Search URL Search Domain Scan URL

URL: https://insights.picussecurity.com/know-your-cyber-threats
Title: Actionable Threat Intelligence Report

Search URL Search Domain Scan URL

URL: https://picuslabs.io/tools/attack-simulator?__hstc=51282614.9a1220329c9eb0bd7486cd70ce96e540.1730966235843.1730966235843.1730966235843.1&__hssc=51282614.1.1730966235843&__hsfp=3377520574
Title: Emerging Threat Simulator

Search URL Search Domain Scan URL

URL: https://academy.picussecurity.com/
Title: Purple Academy

Search URL Search Domain Scan URL

URL: https://events.picussecurity.com/assessing-zero-trust-program-assume-breach-webinar

Search URL Search Domain Scan URL

URL: https://cta-service-cms2.hubspot.com/web-interactives/public/v1/track/click?encryptedPayload=AVxigLK56K2FD3oupG9KmqoJ1ZseR4qXHkckUJYq5WY3tC2GgA%2BhLOMSzdo4DuL0PG99bBg3c8L%2BrATvZyb9Zo8kBR6lg%2F3JnYHwsc%2B%2BI6p4aprbOy4La8G5gHPDrpPEEuBMxUd6uHgzFwn8azfL2iYSSqsUk2SJyu%2BarV%2FKc8cEFtvMwXs40el3zTiSm89qD5U%3D&portalId=7048931&webInteractiveId=307447041359&containerType=EMBEDDED&pageUrl=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&pageTitle=U.S.+Targets+RedLine+and+META+Infostealers+in+Operation+Magnus&referrer=&userAgent=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F130.0.0.0+Safari%2F537.36&hutk=9a1220329c9eb0bd7486cd70ce96e540&hssc=51282614.1.1730966235843&hstc=51282614.9a1220329c9eb0bd7486cd70ce96e540.1730966235843.1730966235843.1730966235843.1&pageId=182138540426&analyticsPageId=182138540426&hsfp=3377520574&canonicalUrl=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&contentType=blog-post&__hstc=51282614.9a1220329c9eb0bd7486cd70ce96e540.1730966235843.1730966235843.1730966235843.1&__hssc=51282614.1.1730966235843&__hsfp=3377520574
Title: GET A DEMO

Search URL Search Domain Scan URL

URL: https://cta-service-cms2.hubspot.com/web-interactives/public/v1/track/click?encryptedPayload=AVxigLIeUykDsY2iC7j6UJnW4BcqGDYO3R6aLsmYlxSW8Ac%2BINVhay7hapuPpl0obxGcaq8xzwUZVEvUllTmuOtkD1DpzuALfRrOPNFPlhvczcpdmZUqEuJ0fIwRtUP2ukoIJ3PsSRuO%2BxZkktsK%2B8g7aOAxQw%2FtFjA97ePYnm1vzoE%2B4EQAFwb4YoqGBrmRPvgq0CM8xxbLYJogqke%2BPjM%3D&portalId=7048931&webInteractiveId=307447041359&containerType=EMBEDDED&pageUrl=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&pageTitle=U.S.+Targets+RedLine+and+META+Infostealers+in+Operation+Magnus&referrer=&userAgent=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F130.0.0.0+Safari%2F537.36&hutk=9a1220329c9eb0bd7486cd70ce96e540&hssc=51282614.1.1730966235843&hstc=51282614.9a1220329c9eb0bd7486cd70ce96e540.1730966235843.1730966235843.1730966235843.1&pageId=182138540426&analyticsPageId=182138540426&hsfp=3377520574&canonicalUrl=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&contentType=blog-post&__hstc=51282614.9a1220329c9eb0bd7486cd70ce96e540.1730966235843.1730966235843.1730966235843.1&__hssc=51282614.1.1730966235843&__hsfp=3377520574
Title: KNOW WHO IS TARGETING YOU: GET YOUR FREE THREAT INTELLIGENCE REPORT

Search URL Search Domain Scan URL

URL: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Title: KEV

Search URL Search Domain Scan URL

URL: https://www.fortiguard.com/psirt/FG-IR-24-423
Title: Fortinet recommends

Search URL Search Domain Scan URL

URL: https://github.com/akamai/akamai-security-research/tree/main/PoCs/cve-2024-43532
Title: (PoC) exploit

Search URL Search Domain Scan URL

URL: https://www.akamai.com/blog/security-research/winreg-relay-vulnerability
Title: Stiv Kupchik

Search URL Search Domain Scan URL

URL: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-43572
Title: issued a fix

Search URL Search Domain Scan URL

URL: https://asec.ahnlab.com/en/84007/
Title: patches

Search URL Search Domain Scan URL

URL: https://rackspace.service-now.com/system_status?id=detailed_status&service=4dafca5a87f41610568b206f8bbb35a6
Title: Rackspace confirmed

Search URL Search Domain Scan URL

URL: https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28987
Title: CVE-2024-28987

Search URL Search Domain Scan URL

URL: https://thehackernews.com/2024/08/hardcoded-credential-vulnerability.html
Title: SolarWinds

Search URL Search Domain Scan URL

URL: https://databreaches.net/2024/10/29/u-s-joins-international-action-against-redline-and-meta-infostealers-unseals-charges-against-maxim-rudometov/
Title: Operation Magnus

Search URL Search Domain Scan URL

URL: https://nvd.nist.gov/vuln/detail/cve-2020-1472
Title: CVE-2020-1472

Search URL Search Domain Scan URL

URL: https://unit42.paloaltonetworks.com/inc-ransomware-rebrand-to-lynx/
Title: Lynx

Search URL Search Domain Scan URL

URL: https://www.broadcom.com/support/security-center/protection-bulletin/trinity-ransomware
Title: Trinity

Search URL Search Domain Scan URL

URL: https://blog.talosintelligence.com/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/
Title: BabyLockerKZ

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus&text=U.S.%20Targets%20RedLine%20and%20META%20Infostealers%20in%20Operation%20Magnus

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Search URL Search Domain Scan URL

URL: http://www.facebook.com/share.php?u=https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Search URL Search Domain Scan URL

URL: https://support.picussecurity.com/
Title: Customer Support

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/picus-security
Title: .st0{fill:#FFFFFF;}

Search URL Search Domain Scan URL

URL: https://twitter.com/PicusSecurity

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UC5mXhfkplWvuVW2Jx9MvOIw

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 111

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/track/view?webInteractiveId=286429421129&containerType=EMBEDDED&portalId=7048931&audienceId=null&pageUrl=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&pageTitle=U.S.+Targets+RedLine+and+META+Infostealers+in+Operation+Magnus&userAgent=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F130.0.0.0+Safari%2F537.36&pageId=182138540426 HTTP 307
https://static.hubspot.com/img/trackers/blank001.gif HTTP 301
https://static.hsappstatic.net/static-hubspot-com/static-1.270519761/img/trackers/blank001.gif

Request Chain 112

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/track/view?webInteractiveId=307447041359&containerType=EMBEDDED&portalId=7048931&audienceId=null&pageUrl=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&pageTitle=U.S.+Targets+RedLine+and+META+Infostealers+in+Operation+Magnus&userAgent=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F130.0.0.0+Safari%2F537.36&pageId=182138540426 HTTP 307
https://static.hubspot.com/img/trackers/blank001.gif HTTP 301
https://static.hsappstatic.net/static-hubspot-com/static-1.270519761/img/trackers/blank001.gif

Request Chain 115

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2042428&time=1730966235176&url=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&tm=gtmv2 HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2042428&time=1730966235176&url=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&tm=gtmv2&e_ipv6=AQIWQ1sOfKxOqAAAAZMFoKjBjmm9zQuhbDxIbP5iGVD3jEHacxlv647PN1YNHzWes83yjU_3

143 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request us-targets-redline-and-meta-infostealers-in-operation-magnus Show response
www.picussecurity.com/resource/blog/ 149 KB
31 KB 306ms
235ms Document
text/html 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dfa6926b9a37ef678729a29a6d7f9b98e913f7c6d803d3c3b2ef84e2fc1cdc71

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=7200,max-age=5
cache-tag: CT-182138540426,CG-35190412163,P-7048931,W-32488136213,W-32488279843,W-32488280065,W-34050730072,CW-106636205147,CW-113292746136,CW-127211604583,CW-153850846592,CW-154512175274,CW-157190659966,CW-158831692418,CW-161965429884,CW-39038130957,CW-41162016556,E-117283871284,E-119013969479,E-125740770973,E-153853753872,E-154512352373,E-154797347330,E-155086192011,E-158844553760,E-158846858310,E-160359389297,E-161959088385,E-32300259976,E-32300424271,E-32300424286,E-32379253675,E-32379319518,E-32497563799,E-39027126556,E-81509078165,MENU-32488136213,MENU-32488279843,MENU-32488280065,MENU-34050730072,PGS-ALL,SW-3,B-35190412163,GC-113292746618,GC-150405732755,GC-153854563894,GC-153854773788,GC-158552791130,GC-161964680253,GC-161965565511
cf-cache-status: HIT
cf-ray: 8debc56f9884e51d-TXL
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-security-policy-report-only
content-type: text/html;charset=utf-8
date: Thu, 07 Nov 2024 07:57:13 GMT
edge-cache-tag: CT-182138540426,CG-35190412163,P-7048931,W-32488136213,W-32488279843,W-32488280065,W-34050730072,CW-106636205147,CW-113292746136,CW-127211604583,CW-153850846592,CW-154512175274,CW-157190659966,CW-158831692418,CW-161965429884,CW-39038130957,CW-41162016556,E-117283871284,E-119013969479,E-125740770973,E-153853753872,E-154512352373,E-154797347330,E-155086192011,E-158844553760,E-158846858310,E-160359389297,E-161959088385,E-32300259976,E-32300424271,E-32300424286,E-32379253675,E-32379319518,E-32497563799,E-39027126556,E-81509078165,MENU-32488136213,MENU-32488279843,MENU-32488280065,MENU-34050730072,PGS-ALL,SW-3,B-35190412163,GC-113292746618,GC-150405732755,GC-153854563894,GC-153854773788,GC-158552791130,GC-161964680253,GC-161965565511
last-modified: Thu, 07 Nov 2024 07:11:17 GMT
link: </hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>; rel=preload; as=script, </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GZzRY2sMTE3sR2Z%2FruTNm6TFH3qr90NmHLLN%2Bo6TPZBytA%2FLftwU4gcgCuoyF5daeEnHN1EkZQwwgnsuwfx5%2BX4C7it0em3OSAqndfi%2BZUsNC22CmuKWsoTfuvhVQX4AiZegmxNy0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 461
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/cms-js-rendering-td/envoy-proxy-b7bf9f78b-fdwkx
x-evy-trace-virtual-host: all
x-frame-options: sameorigin
x-hs-cache-config: BrowserCache-5s-EdgeCache-7200s
x-hs-content-id: 182138540426
x-hs-hub-id: 7048931
x-hubspot-correlation-id: ad7eabdc-2df8-41a0-b882-dd502bb169d2
x-request-id: ad7eabdc-2df8-41a0-b882-dd502bb169d2

GET
H3 200 project.js Show response
www.picussecurity.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/ 2 KB
1 KB 67ms
66ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"ef84f26c310485299d6b75777414eddb"
age: 980496
x-amz-version-id: gEenO44eZUewxnIWfgj9q6LB.g9OszNv
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ebPQOq%2BaiaP6GAQ9w%2FcwBbKFag375jKmdA2X9FIUkUu4bxf47TSSjk1kCZf3vA6l4RklOHGBi%2FyAC18l73IjL4bFY5LVy3z1Wkc6ufsW5oS4dlRJuTTO%2FmJ4esaSqBTcSNl1PVPYbA%3D%3D"}],"group":"cf-nel","max_age":604800}
expires: Fri, 07 Nov 2025 07:57:13 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: hSPk6SO9DDXktzvNLDhZbwA7xTCTps1j3WU4UrX8r5RbEB2p1S-TOQ==
date: Thu, 07 Nov 2024 07:57:13 GMT
content-type: application/javascript
last-modified: Wed, 19 Aug 2020 22:24:11 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 5c5f81392ed550ce51a08ea0f3bd8dec.cloudfront.net (CloudFront)
cf-ray: 8debc5711e7ae51d-TXL
x-amz-cf-pop: MXP53-P4
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 project.js Show response
www.picussecurity.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 69ms
68ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"61ca66de658cab9587e4636894680d5d"
age: 1033161
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MrOYCy1WLeUPi%2BElqX7nsIZlILdYFG69EnYUfrg7AoOeXukDthphCw%2BGYGDmy6coX3k%2FBhn0v1LvT93QlOhZQucDlTb061QsIem7hGWnHjv9vgm%2BR0M5%2F0LxssK7RgMEUM28uERIdA%3D%3D"}],"group":"cf-nel","max_age":604800}
expires: Fri, 07 Nov 2025 07:57:13 GMT
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: SSQajRhIfsKqg9jK23TsPAEWjSg6CjjFWnvbI0lnXG1Df69Ce6FUbg==
date: Thu, 07 Nov 2024 07:57:13 GMT
content-type: application/javascript
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 295a1c8dddbbd7e309d79cf2a3017e00.cloudfront.net (CloudFront)
cf-ray: 8debc5711e7be51d-TXL
x-amz-cf-pop: WAW51-P5
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 v2.js Show response
www.picussecurity.com/_hcms/forms/ 484 KB
161 KB 72ms
70ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0200a7698afae38e9385f59706f2c5966fcd943aec1b0d47597fb65f319fa2b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-request-id: 3eb1b990-7021-4b38-b1ee-f92c97bf8bcc
content-encoding: br
cf-cache-status: HIT
etag: W/"53fa063fb1734ce6bb187c96e7665972"
age: 213
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-amz-version-id: kLVNDW8Ykh6K0rP5.B3EI30fJIwAAkz3
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YeTrTmI27EV9HPHL8fUHECk44xmlFAO45l6bv3mTNAJOSVP8Mw9NGx3CIMO%2FLoIRy9MVwtNTXBMpgiNaDjj4eRrubgI%2BRquNwUNk3REugBtrN6NzuOiBk3sQOhBMbsbFVPTPwsi4RQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: e207V_GBOkbeyXIMp6_7BqAtgM6pLHWlJNMe2EGTkTTTVQWIfs71bA==
x-hubspot-correlation-id: 3eb1b990-7021-4b38-b1ee-f92c97bf8bcc
content-type: application/javascript; charset=utf-8
last-modified: Mon, 30 Sep 2024 16:16:42 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-86c46c9777-dgkb9
x-envoy-upstream-service-time: 2
x-hs-target-asset: forms-embed/static-1.6227/bundles/project-v2.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
x-hs-cache-status: HIT
date: Thu, 07 Nov 2024 07:57:13 GMT
vary: accept-encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.6227/bundles/project-v2.js&cfRay=8d8981e8e225d389-ARN
via: 1.1 f01dafb3bec9893b47152910d47900a4.cloudfront.net (CloudFront)
cf-ray: 8debc5711e88e51d-TXL
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H3 200 main.min.css
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300424271/1729666478482/Shield/css/ 62 KB
17 KB 94ms
91ms Stylesheet
text/css 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300424271/1729666478482/Shield/css/main.min.css

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b10ed849684d1d7752b60848316f4db37f8845c68e43f07df2bef44262684b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-request-id: d7f6f633-d87f-4388-8880-a82798e01dc1
content-encoding: gzip
cf-cache-status: HIT
etag: W/"8ab3cdcf2aad0680facc56505d59a41e"
x-amz-version-id: U20t0NfT2CzmdzZG5mhPpMfTSQX5wfzk
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xse53WixRf0P5A%2FmqMJvyJIz9C6Z5HYWtTyj3SsOZxSyMFZCaWIjI5Syjx%2F%2B90mVJNKHXAMmmtt%2FvAjqczshMXBrLUMeuBJSReuCmNk3p1TBl5yArTca9BajjUS6RxlxH9kcC32XjA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: ZoGoILfQg1FPfj9cLvKfIJL09pBOdFtVQSZZGdPqbSPDmNUSBgOEaQ==
x-hubspot-correlation-id: d7f6f633-d87f-4388-8880-a82798e01dc1
content-type: text/css
last-modified: Wed, 23 Oct 2024 06:54:40 GMT
x-amz-replication-status: PENDING
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-679cd85c5c-4hrwm
x-envoy-upstream-service-time: 152
x-amz-request-id: FVC48YG3088TWXTM
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:13 GMT
vary: origin, Accept-Encoding
x-amz-id-2: v4Vy4zpbEtQrDpjou9XA1PcIoDDNl8lIqzYlsl+STd13cbgDKxva71Fsifm9TD57tgmgNhD2B5c=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.picussecurity.com
access-control-allow-credentials: false
via: 1.1 6bc1c280aeef9bbdeb102c7f4e4f773e.cloudfront.net (CloudFront)
cf-ray: 8debc5711e98e51d-TXL
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1729666479527

GET
H3 200 theme-overrides.min.css
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300424286/1711704470960/Shield/css/ 19 KB
7 KB 96ms
92ms Stylesheet
text/css 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300424286/1711704470960/Shield/css/theme-overrides.min.css

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

616a7f16e89518adbc89002f178ebfac5756fc3e96ca30a807ce65ee0e7e4530

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-request-id: 05016001-0c5f-4206-a7b2-ae7242c4bb99
content-encoding: gzip
cf-cache-status: HIT
etag: W/"07f9f0ec26d491d70da1865437d30ea9"
x-amz-version-id: n7FSIrJj.QJIuwKIz3DUmVp9IJPz6b56
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BmOtmJ5NzLEEgrkc1Zb4uURhXhh%2Fx%2B%2FzegyqVRoF7q8VRIsFMzE%2FQxn9AogvbDlbdAylP9QpPMhB3lQ4wJo1M0mMkfsIvdfIosDNRZ4hRs8Tit69K6x0j07diSvPIxJDTQeitk7RSw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: xxsOVj-eNKTTALopTDjsyj_KUxQoGctZ_rZKwizjxICAee3upPS2Zg==
x-hubspot-correlation-id: 05016001-0c5f-4206-a7b2-ae7242c4bb99
content-type: text/css
last-modified: Fri, 29 Mar 2024 09:27:52 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-679cd85c5c-x5dn4
x-envoy-upstream-service-time: 214
x-amz-request-id: QSCSXD28AB5Q8MTN
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:13 GMT
vary: origin, Accept-Encoding
x-amz-id-2: rICtaW891A9P9Nm/jTMmKocqVmRLwT8btPSRhcoyGIL5GbPjNy1t7aileDnwTlqkvJo6/o4fHjsaOTKrdqV5a2srZgkh0Rno
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.picussecurity.com
access-control-allow-credentials: false
via: 1.1 7fc4d53a17d950b206cd9fccf1108b8a.cloudfront.net (CloudFront)
cf-ray: 8debc5711e9de51d-TXL
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1711704471664

GET
H3 200 shield-animate.min.css
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32379319518/1682685745883/Shield/css/ 15 KB
4 KB 100ms
96ms Stylesheet
text/css 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32379319518/1682685745883/Shield/css/shield-animate.min.css

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ad35b390ce3898cfef7bb94973d42ab290ec56f7315e0b459f4ba017eac96f07

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-request-id: 5ef125ef-b043-4433-8ed0-35a87f34e26b
content-encoding: gzip
cf-cache-status: HIT
etag: W/"dc33969eb4c5a40ef5e6be0462874811"
x-amz-version-id: O4dE7lsH.Q5zJBakndHS_xCk2kcdIjSC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OvCGcF9sDbZbxyMMAtxI9VX3lQWHvSH%2BwGK2PfyWZCJQWaL6SUkWizDRn88%2B%2BMAp%2F1EsJA8KMYQRKEsUQedRwOFBxsP4IlwKZYW3eUiGpLmZQXJNKGJt3hsSQXnUNV5618e9gqr%2B5A%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: vQMqqzO9dGJgBCsNO9XpOloA8BnoeQKeg_xysutsQ8na7Pkg_QDK8A==
x-hubspot-correlation-id: 5ef125ef-b043-4433-8ed0-35a87f34e26b
content-type: text/css
last-modified: Fri, 28 Apr 2023 12:42:28 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-679cd85c5c-bhmwl
x-envoy-upstream-service-time: 195
x-amz-request-id: QSCVSGZ2WGR9E5SY
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:13 GMT
vary: origin, Accept-Encoding
x-amz-id-2: GbRMrt1yMeChbx+S/vLpi8T88GoIAYR0y5XSPMMVLHPozvucpeSKef6k++f06mKlso0R+SVX1lE=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.picussecurity.com
access-control-allow-credentials: false
via: 1.1 88b63cb2f8aab28c7291262ffc15282e.cloudfront.net (CloudFront)
cf-ray: 8debc5711ea1e51d-TXL
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1682685747003

GET
H3 200 slick-theme.min.css
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/119013969479/1686049622830/Picus_IL_Shared/Shared_by_Themes/asset/ 3 KB
2 KB 162ms
158ms Stylesheet
text/css 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/119013969479/1686049622830/Picus_IL_Shared/Shared_by_Themes/asset/slick-theme.min.css

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f80603874c68fef25ac9ffe412a6c6056ab267d7e4d044f090c8282ab80c4da5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-request-id: a37ef2cf-096e-481b-9909-7bdb792791e2
content-encoding: gzip
cf-cache-status: HIT
etag: W/"fa83e77758ea493769a6cef5ef0df9c8"
x-amz-version-id: QzIQ8NfUG.gmqRzMZ_BnITV8_s.CjjH6
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qO1ZkXe6jTzpgbTNe5fqypfm%2BxPR5uTlp9qH5IFvYre%2FJ4fo4kzj90xGHS7jaqdnPpLTfbfMgi28xvLLzUwMhwXkMd01bEh6Hm8olLOr8gsNVbyv%2FG8wboQ2QdQouKylWvl1mJUokg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: QS0BwWHl80CFPtp_zLjO9lQ4xApq_NvFeROnUkth8SSl2QznRrd_mQ==
x-hubspot-correlation-id: a37ef2cf-096e-481b-9909-7bdb792791e2
content-type: text/css
last-modified: Tue, 06 Jun 2023 11:07:04 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-679cd85c5c-n6klc
x-envoy-upstream-service-time: 133
x-amz-request-id: XD14KZ1RRED318G8
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:13 GMT
vary: origin, Accept-Encoding
x-amz-id-2: 1uNghTlUJy56IB+5a01Q4KIYmMoANpFIFOT/1a+4nxfZxU3k7eQqb5lJaPPxCDxqsDNZr/A6ImA=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.picussecurity.com
access-control-allow-credentials: false
via: 1.1 7fc4d53a17d950b206cd9fccf1108b8a.cloudfront.net (CloudFront)
cf-ray: 8debc5711ea2e51d-TXL
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1686049623451

GET
H3 200 module_113292746136_Announcement_Bar.min.css
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/module_assets/113292746136/1718373690090/ 2 KB
2 KB 162ms
157ms Stylesheet
text/css 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/module_assets/113292746136/1718373690090/module_113292746136_Announcement_Bar.min.css

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dab4ed514d39f2a7cf4ccf6215d9cd4c851d24c9ccf85839cc73e4097d38df61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-request-id: 6ba67587-1e53-4931-9ad2-f4d3d4f3e51e
content-encoding: gzip
cf-cache-status: HIT
etag: W/"79fa9e889ffd3ba71b4c382b42cec4bc"
x-amz-version-id: DlVKubb8m9tNJJbjBr5gyu5yWs3XFFwv
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WnvtfYl%2BCs%2Bh6HSIa5YfwgjwBEoEVPlF2LxcBnrDWpvGh1x8G%2B8OBTcsQHODMVfzHXOwWUyKXG4ynNLyFk2VJqNk5s0oUVM2HU4GPEfsuBziH1qVTtMSCg0d81Kwz0T7uxoajjMd6g%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: bo2-1PlOvJzFvZ2wNX_3sCx5SXKmAtDjnQWvG2VEgv0PWt3mSgmeZw==
x-hubspot-correlation-id: 6ba67587-1e53-4931-9ad2-f4d3d4f3e51e
content-type: text/css
last-modified: Fri, 14 Jun 2024 14:01:31 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-r6w2c
x-envoy-upstream-service-time: 189
x-amz-request-id: JPMPKPG11TX4J092
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:13 GMT
vary: origin, Accept-Encoding
x-amz-id-2: 4QJPSeSvOdH9JEdtnRMEZaP7kTOFMXs+lw8WTnHOaU7tPI6dqKVsqeYBkbycrol4W8Thq22El5dvhrOrfhyY9D/Qp9F0YZc9
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.picussecurity.com
access-control-allow-credentials: false
via: 1.1 2e50d9b1ee017f302768660f02b7418e.cloudfront.net (CloudFront)
cf-ray: 8debc5711ea7e51d-TXL
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1718373690090

GET
H3 200 slick.css
www.picussecurity.com/hubfs/ 2 KB
2 KB 163ms
158ms Stylesheet
text/css 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hubfs/slick.css

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"f38b2db10e01b1572732a3191d538707"
age: 1013768
cache-tag: F-88652463641,P-7048931,FLS-ALL
x-amz-version-id: POcUM6CkvZEPNg.2EBNI3HQQEk16JIcL
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=szsReU5zV5dakvOV%2BuMMTqZJwAHqUFbWne%2BNDD98cGJLKlz3G5jFgGZpJO8ehaKet%2B42siqSXFN%2BEaOG2yD%2FBdxrsBLT%2B9gw3Xmp5XaMFC9UUkpJbOlfInO32Cb9npH7waOjFcggvw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: dlzpObbuaSC6olE8GvM2CnwBIOCigrzfbphESLTAWu93s7ic9P1nWA==
content-type: text/css
last-modified: Wed, 19 Oct 2022 07:14:40 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-88652463641,P-7048931,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: K20C5REZK3C5FYR1
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-88652463641,P-7048931,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:13 GMT
vary: Accept-Encoding
x-amz-id-2: hWg5OCwzRMARQN29O/HNBA2XNffJ1BoaDNqKzHO3cysRFczhYi/xmZkBBg/5CTdEh10nONBDIMw=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 119f1de9910710178454184ca951fe8e.cloudfront.net (CloudFront)
cf-ray: 8debc5711ea9e51d-TXL
access-control-allow-origin: *
x-amz-cf-pop: WAW51-P1
x-amz-meta-created-unix-time-millis: 1666163679669

GET
H3 200 slick-theme.css
www.picussecurity.com/hubfs/ 3 KB
2 KB 163ms
158ms Stylesheet
text/css 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hubfs/slick-theme.css

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b7290b38b86182592c3a60c491c3a977318c034959142a61d92a75025b3c334

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"70713b38259ac3a32f8157845e0701f3"
age: 623314
cache-tag: F-88672063121,P-7048931,FLS-ALL
x-amz-version-id: beuNhPPn9XCcdaYz_J0NljSiu1XSNKQi
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RSedPLaZydSqvhFNCGR2g5bq0DxR9%2B9bUhNNXyEd7vYLUHzT6JiNuLjQQ2s4wcJNmxCc63YmoRhW%2FjaqsRufVCcAEWg%2BeUXsdgU5ZvZimfAILUtRp%2BTNaYDPBvqGPWc40HijzlkJCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: 6fYlE2g7RanU4ghPN8hq8_tXWjcuiFR7Hc40NGbU7FV5MLYrSQ-eHA==
content-type: text/css
last-modified: Wed, 19 Oct 2022 07:16:45 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-88672063121,P-7048931,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: A98AGRVCBJDZBT8T
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-88672063121,P-7048931,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:13 GMT
vary: Accept-Encoding
x-amz-id-2: WmO6czOYsOFkmgSoGGz+B6kg9hUxYrjgCBaF9OemlyDZlNJlkoUG/I5zAbFzUbdBwjGxpVOKjI8=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 3b94d7a16ccc58f1a6ce634d854f014e.cloudfront.net (CloudFront)
cf-ray: 8debc5711eaae51d-TXL
access-control-allow-origin: *
x-amz-cf-pop: WAW51-P1
x-amz-meta-created-unix-time-millis: 1666163804020

GET
H3 200 buttons_24_live_temp.min.css
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/155086192011/1711467339040/Shield/css/elements/ 2 KB
2 KB 163ms
159ms Stylesheet
text/css 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/155086192011/1711467339040/Shield/css/elements/buttons_24_live_temp.min.css

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

633600072534f800c00ce54b60270678545462434c28e1865dde26273d8b00d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-request-id: 975015ab-49bc-4902-806c-c211aa4e5cc1
content-encoding: gzip
cf-cache-status: HIT
etag: W/"57dd5c7e70071fad5326af68ed136256"
x-amz-version-id: 7OWdRx4_wRnZy_TqVwi.z5ut8ubwppC5
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w6wgOAFs24qdmDczWKuvUXT6SXkDwAEF7aO5VFw7R1atwtIwXSeZvQmXg%2FY26H3zGgnPiX7%2FdQ2GYsP3sehSiXca04Ha4ZRb2iX4e3JzBnRimhzO%2FB%2F%2FmpQRNVi2w4mPwO%2BlHu8dig%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: stEpWiKITj4hbGvESbp3_fT2wkXpB1rPr3P3Ydz7ZSKOQFPoAoG_tQ==
x-hubspot-correlation-id: 975015ab-49bc-4902-806c-c211aa4e5cc1
content-type: text/css
last-modified: Tue, 26 Mar 2024 15:35:40 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-679cd85c5c-sf8l8
x-envoy-upstream-service-time: 375
x-amz-request-id: 163QRQWZ5RQS1HW1
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:13 GMT
vary: origin, Accept-Encoding
x-amz-id-2: DncqYzQ9w/CkxqAmfcYV6CvYKDu49tSpl/u+tr9OyYCTlyrddJMCkhVrG1Jb8JjGHr0DEALRw5E=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.picussecurity.com
access-control-allow-credentials: false
via: 1.1 b5e757a7da6f6fe6261f56a8a9646880.cloudfront.net (CloudFront)
cf-ray: 8debc5711eace51d-TXL
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1711467339681

GET
H3 200 module_39038130957_Lead-Magnet-Banner.min.css
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/module_assets/39038130957/1608575808109/ 521 B
2 KB 163ms
159ms Stylesheet
text/css 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/module_assets/39038130957/1608575808109/module_39038130957_Lead-Magnet-Banner.min.css

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5458bb001fbaee0822a06901d6989a7568457bc97c78ce726d8884c34f665910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-request-id: 67a76c45-f112-4ac4-a3f4-6b9685986e69
content-encoding: br
cf-cache-status: HIT
etag: W/"b598cb9f535e9d39bea6fb4c7afc98a2"
x-amz-version-id: _6kG0Z6N7nb2Amvf0P3QvVEgQec_PKrh
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4v4kWEtmqkpcTSXZ2c7AkjAhIHjWV0ugRRXX0tpSAeAgtdHhpgQZlIxBgKrl4ggKF%2Bri4ljWzdipi44QzFToCUM5GjDl35bQjjGG62tifW3DCHTu3UGoUaC1s1yqSCQEpi5Dtg%2B1Ww%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: 0AcYqzavYVHEMNQOxQT_9tsyM2U8vY2gpW_ZgfQHq-NztONEPUlkQg==
x-hubspot-correlation-id: 67a76c45-f112-4ac4-a3f4-6b9685986e69
content-type: text/css
last-modified: Mon, 21 Dec 2020 18:36:49 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-j4svf
x-envoy-upstream-service-time: 233
x-amz-request-id: DR2WXHT750ATQHKP
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
date: Thu, 07 Nov 2024 07:57:13 GMT
vary: origin, Accept-Encoding
x-amz-id-2: Ul65vAQ3E9XqyOIxGZg1QqbkDDtobxCLy6WBT+YYrnv/Gy9ipxytMOGmBAHamsey15C0iOqc35cuS9RM2BW8b3q2333E1Cc9HY38zPQNqnI=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.picussecurity.com
access-control-allow-credentials: false
via: 1.1 f2c051917a765f1d1a1cd2ce1622adb8.cloudfront.net (CloudFront)
cf-ray: 8debc5711eaee51d-TXL
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1608575808109

GET
H3 200 main-blog.min.css
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/158846858310/1718643038303/Shield/templates/partials/blog-post-layouts/css/ 746 B
2 KB 164ms
160ms Stylesheet
text/css 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/158846858310/1718643038303/Shield/templates/partials/blog-post-layouts/css/main-blog.min.css

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d042ae177f7d076320fa923d0bfc2d3f831e3dacec0ff6fffc1328d4e36f2f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-request-id: 3caf8a8d-6288-460f-83b3-cf0a54fc5639
content-encoding: br
cf-cache-status: HIT
etag: W/"c8a0733f23e3d47a998103c206215b1c"
x-amz-version-id: 67zOSufRDoTrJsiIpgZ.VHGK38h9xBf_
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W9yj7OoL3tK3xAptC7tl0eJWa3Yqvq4H7nc53jR3RR9%2BJ0DxO9Hg3RoPcGf5nxQPnEfBRTUt1Eg9vV%2FY28%2BcEEU3wMtHF1GM%2F22LdaYHe5zmq7El3E%2BHj0xRRUEPOOhoQH8kubKTig%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: idm-xLbzUc0GOqbRf_gPX5a6538QXwvEW2pxVP_c3cbo5lDLMssfjw==
x-hubspot-correlation-id: 3caf8a8d-6288-460f-83b3-cf0a54fc5639
content-type: text/css
last-modified: Mon, 17 Jun 2024 16:50:39 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-tn96w
x-envoy-upstream-service-time: 213
x-amz-request-id: 5H7BGB6QKJB2KABF
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:13 GMT
vary: origin, Accept-Encoding
x-amz-id-2: hdmcdkkJEYw5P5omXXYM/WUiQsefLK2+2JowceJZjpVD+lI0snQ61ZMkzFgasABHWnWVK30lVbQ=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.picussecurity.com
access-control-allow-credentials: false
via: 1.1 8fc9659fc06389e49927f68638e9bc94.cloudfront.net (CloudFront)
cf-ray: 8debc5711eafe51d-TXL
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1718643038991

GET
H3 200 module_158831692418_promotion-box-v2.min.css
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/module_assets/158831692418/1722507877768/ 265 B
2 KB 164ms
160ms Stylesheet
text/css 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/module_assets/158831692418/1722507877768/module_158831692418_promotion-box-v2.min.css

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

041685b0e5a31c63c4c06ffc86484bdd0c56100f1f0b36c91571e6a00bcec715

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-request-id: b23a51e0-da01-4319-bc5e-014bc2c63a5e
content-encoding: br
cf-cache-status: HIT
etag: W/"24d6a4097278d1fd6d98de8011279fb7"
x-amz-version-id: R2tkIutFE4R55yodW8QuYHz4reXF6E66
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tUTP4H%2BDV09xnmmBsnCbN7eaMOEl6oX38%2FpzOMSYACe5lzmiWeKUcLeyrMvZNq40Gc1GivetXdl8RGwPxts6BFKRy%2BR8D0cG%2BpoL5l%2BWdIYwZt0eLJMAfWyhnjpec9hIx3dh%2FnyrOA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: proUVIAJ_j_fuqh0n7TKS_QzQnyUTA-ACWvKQivXQvHEFmZM5OOB_A==
x-hubspot-correlation-id: b23a51e0-da01-4319-bc5e-014bc2c63a5e
content-type: text/css
last-modified: Thu, 01 Aug 2024 10:24:38 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-2f4x4
x-envoy-upstream-service-time: 111
x-amz-request-id: DWYBBEMA5RTCNWPP
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:13 GMT
vary: origin, Accept-Encoding
x-amz-id-2: asPTurJTKiM13hcoYr+iAoPTPtrZI/H1yY1l/J7UMypQsKQUIFuf2Jw8y9T2cztxqLQxSu5xH80=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.picussecurity.com
access-control-allow-credentials: false
via: 1.1 55b6418a8a2f714a67d8e4d292154ef2.cloudfront.net (CloudFront)
cf-ray: 8debc5711eb1e51d-TXL
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1722507877768

GET
H3 200 s2-slick-style.min.css
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/154797347330/1729693014912/Shield/css/components/ 2 KB
2 KB 164ms
160ms Stylesheet
text/css 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/154797347330/1729693014912/Shield/css/components/s2-slick-style.min.css

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ffba9a52471b5e7d35690f8297267837b94bdce89a67fa3ab13e5574d686a546

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-request-id: d5acbb16-6e7f-4b1f-b7d3-c9b4b26869a4
content-encoding: gzip
cf-cache-status: HIT
etag: W/"d6dc4e832b6b870e023ff0d6ef6b2b39"
x-amz-version-id: bN7b2z5R61z9bPWhzSSKI3SRUbuSSZRx
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=11POrxu0AhJ4NcYx%2BhxwddlcK3WSXD%2BkgJemGBy0ufLhA8bfiToWDM4nePP4GOLZklAoJQPJWJF8vpChNNnEaHfMFRBMmOs%2BTU9CCwDxCdEzwcELd%2BWVg9hQePcxM2n2u1YvJkq0Qw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: QB2c3xRobOb2mwBIcilLgzEtx7JntSRnL6SSGunWtLM5p_zv3Lq75w==
x-hubspot-correlation-id: d5acbb16-6e7f-4b1f-b7d3-c9b4b26869a4
content-type: text/css
last-modified: Wed, 23 Oct 2024 14:16:56 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-679cd85c5c-4cwxm
x-envoy-upstream-service-time: 239
x-amz-request-id: ZHRJ52EPT2DRP6GG
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:13 GMT
vary: origin, Accept-Encoding
x-amz-id-2: c7D8G+cr1tooud7Xu3984IhdsRCVuMYS3pe4SxPX+f10HIM2uhSXSRxvzPhDGLsHVAnUoFgXTtQ=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.picussecurity.com
access-control-allow-credentials: false
via: 1.1 ed8e6c4476f2632eef2c7ce856161af0.cloudfront.net (CloudFront)
cf-ray: 8debc5711eb4e51d-TXL
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1729693015688

GET
H3 200 s2-generic-2024.min.css
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/154512352373/1727789447438/Shield/css/templates/ 15 KB
5 KB 164ms
161ms Stylesheet
text/css 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/154512352373/1727789447438/Shield/css/templates/s2-generic-2024.min.css

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7cc1ff7f9b57caf071c85b50968032dea1fa2ff1dc8a84da9d248d70a7820ffd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-request-id: ead8ac4b-658a-4a0f-aea3-8059ed2b02a6
content-encoding: gzip
cf-cache-status: HIT
etag: W/"4b2acceb7f22fa88055b1b6ea68f43f6"
x-amz-version-id: P6D8I2IPwV0ppjV6J83azg6P8d4.ZgZ9
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QHg%2BNz4MJzZy8VT6joi%2FhNgnBZFVNlLflhlcQ66Pnt1RYocqscoeiA2y43tNBvpfg21Jo1LveDtyELdgEnXARcerhflwwfntgFxPzcCLu5XHgvh%2B4yyk%2FhUgCPgwXB0nJ94Xr07Bhg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: 6x-dFvVnpL1wl-71l3rxSC57mpUcuU-Zjjb6qsppwjrWSEsep876Mw==
x-hubspot-correlation-id: ead8ac4b-658a-4a0f-aea3-8059ed2b02a6
content-type: text/css
last-modified: Tue, 01 Oct 2024 13:30:49 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-54797cf595-bj2qm
x-envoy-upstream-service-time: 154
x-amz-request-id: FYR1HP7QP74QEZ1W
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:13 GMT
vary: origin, Accept-Encoding
x-amz-id-2: paamTXiY3Y2WvfIAx/AIrj3JFgdAMFc5xWnrow5wQX66sJPx9nfDuKvu0fWgXRgzrg3I9KU1Mtv4ZQsPqQReptd6s75AGNpp
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.picussecurity.com
access-control-allow-credentials: false
via: 1.1 5084a25d91022b55b5acf281581c6444.cloudfront.net (CloudFront)
cf-ray: 8debc5711eb7e51d-TXL
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-amz-meta-created-unix-time-millis: 1727789448244

GET
H3 200 module_153850846592_footer-subscribe-column.min.css
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/module_assets/153850846592/1711461276903/ 2 KB
2 KB 165ms
161ms Stylesheet
text/css 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/module_assets/153850846592/1711461276903/module_153850846592_footer-subscribe-column.min.css

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

794559db00f5a68a8a82dc14f100cd1f9a970cbea66701ca8a43dee9919ffe03

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-request-id: f00cea74-84c8-4963-ac3c-5a3420f0946a
content-encoding: gzip
cf-cache-status: HIT
etag: W/"f0bb9c2921cb8261ba425f19ee6a96cf"
x-amz-version-id: eXne9q1JzSZgmx3FIoxMEAYoI0TuCmV.
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a0GVQPW8qqU4uBADoT23WK%2Bij42QP3gaFkwViV6Sp9%2FkqyvIwKI0E3LRBzi1byevRQz0q8BIbrtmRp%2BT4HRdy2njbMSU0vkxYN%2FnOJJzpd3%2BP1fS0ZUjp9b%2BCRs5OIMa4ykd3iWEug%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: Sk0bqUkPM5peC7V5yUaeVuqXMOsFkd0YkxkRunvRpsjohUZZKdG2iw==
x-hubspot-correlation-id: f00cea74-84c8-4963-ac3c-5a3420f0946a
content-type: text/css
last-modified: Tue, 26 Mar 2024 13:54:37 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-54797cf595-ccrqb
x-envoy-upstream-service-time: 175
x-amz-request-id: 4XTWS0PY3CAQXA53
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:13 GMT
vary: origin, Accept-Encoding
x-amz-id-2: z2lbTl9GvIFns+kQhKNn//jEnBz2GehixHQCuqlrtF088xP3ouSfZBvMEPd9XlYFtY6QXoUex/Q=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.picussecurity.com
access-control-allow-credentials: false
via: 1.1 be4fef3f6c1b2c76e0341ff49a27ce40.cloudfront.net (CloudFront)
cf-ray: 8debc5711ebae51d-TXL
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-amz-meta-created-unix-time-millis: 1711461276903

GET
H2 200 TrackPlayAnalytics-b0403829.css
39666904.fs1.hubspotusercontent-na1.net/hubfs/39666904/raw_assets/media-default-modules/master/391/js_client_assets/assets/ 6 KB
2 KB 173ms
73ms Stylesheet
text/css 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://39666904.fs1.hubspotusercontent-na1.net/hubfs/39666904/raw_assets/media-default-modules/master/391/js_client_assets/assets/TrackPlayAnalytics-b0403829.css
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b0403829bc66fd1f26c7ad7f42a2560787fe44f34417d357ed83d107ab32d983

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: none
content-encoding: br
cf-cache-status: HIT
etag: W/"65806cc0ba70516e6b234221657321ef"
age: 453719
cache-tag: F-181465718431,FD-181470571335,P-39666904,FLS-ALL
x-amz-version-id: nQtMBv1epydaX_IVuEGHxRdir527gSwt
x-cache: RefreshHit from cloudfront
x-amz-cf-id: MtSdaWLIsAbU3Rx_7ENbW1ULOpAVPWg41ukk6iLd-rg5H55IVnYKqg==
content-type: text/css
last-modified: Fri, 18 Oct 2024 18:12:34 GMT
x-amz-meta-index-tag: none
x-amz-replication-status: COMPLETED
edge-cache-tag: F-181465718431,FD-181470571335,P-39666904,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: Z6CK0V6HNB9D0MDM
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-181465718431,FD-181470571335,P-39666904,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:13 GMT
vary: Accept-Encoding
x-amz-id-2: XCGYXA32FXq6G5S8c5MfvvC8acaCI9ajLlf2dcwbVMBHP+oKG+i9fzzJSK9gCrKQkbt+danEN+g=
x-amz-meta-access-tag: public-not-indexable
timing-allow-origin: 39666904.fs1.hubspotusercontent-na1.net
via: 1.1 96f7375d4633bdc30f727db82897e3b4.cloudfront.net (CloudFront)
cf-ray: 8debc571cb671c38-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1729275153317

GET
H2 200 Tooltip-4a948cad.css
39666904.fs1.hubspotusercontent-na1.net/hubfs/39666904/raw_assets/media-default-modules/master/391/js_client_assets/assets/ 3 KB
2 KB 171ms
72ms Stylesheet
text/css 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://39666904.fs1.hubspotusercontent-na1.net/hubfs/39666904/raw_assets/media-default-modules/master/391/js_client_assets/assets/Tooltip-4a948cad.css
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4a948cad1525b333f4615fb0203e3dcf4a5fdef9409adb657fceeab1dcb37f7d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: none
content-encoding: br
cf-cache-status: HIT
etag: W/"983d8d84588e7c3f88e069694360be07"
age: 89654
cache-tag: F-181470483583,FD-181470571335,P-39666904,FLS-ALL
x-amz-version-id: eWWaFQ5zw4VF3x3gl1LshUH3cQN5_ghv
x-cache: RefreshHit from cloudfront
x-amz-cf-id: HHaDFcM7wB8-qAr5qjjgd1U2yBVusvJa7jIS9K-kRGrKVccKA7cbNQ==
content-type: text/css
last-modified: Fri, 18 Oct 2024 18:12:32 GMT
x-amz-meta-index-tag: none
x-amz-replication-status: COMPLETED
edge-cache-tag: F-181470483583,FD-181470571335,P-39666904,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: HGSNNPB88XPZM6Q4
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-181470483583,FD-181470571335,P-39666904,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:13 GMT
vary: Accept-Encoding
x-amz-id-2: GMRzJwfJQm85oq/FaOnth2eA2rKUg4alML0FzcRcFUNo+hw8yXdGGqVmW4E0bGLtkkEa38T3ds8=
x-amz-meta-access-tag: public-not-indexable
timing-allow-origin: 39666904.fs1.hubspotusercontent-na1.net
via: 1.1 12dba18ae3d66aa7dad74e664431ae9a.cloudfront.net (CloudFront)
cf-ray: 8debc571cb691c38-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1729275151580

GET
H3 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 87 KB
28 KB 97ms
50ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "603e8adc-15d9d"
age: 783764
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aIgIli0KuEhEZq61OQ%2B8OdRPmIe0%2BC0eHLd84Pn%2FDRmwMqiaeSjWqn8yb9Qp%2FPnf16rn8VaFP0lUe34ZHxBjdcsX0It%2FFjv%2B0gmuiZDyGahbETSnKrDKf5JYoLKi6nsKTHC%2FGw7b"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Tue, 28 Oct 2025 07:57:13 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 07 Nov 2024 07:57:13 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8debc571786c695e-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27938
server: cloudflare

GET
H3 200 jquery-migrate.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.2/ 11 KB
4 KB 96ms
49ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.2/jquery-migrate.min.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

106fcd8d723eda7d92a26893a439ccef998e5fc68ad228253607143d801e8cd8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "5fb4701e-2c03"
age: 441849
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T5C7bBrjFb5OtcEdoCjCWKI%2B4GzVE1A8h%2B0b4aSq7WRuYWi%2FpM4N%2FCDezhMPGJZFT3FZ%2F6k9j%2BeE5JgSCuCn5PV0grAbdhQbf0QIjYD09I8CdofHvsVkxGQuvzAcoawTbuqW6ztE"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Tue, 28 Oct 2025 07:57:13 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 07 Nov 2024 07:57:13 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 18 Nov 2020 00:51:42 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8debc571786e695e-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 3718
server: cloudflare

GET
H2 200 css
fonts.googleapis.com/ 8 KB
1 KB 138ms
49ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Ubuntu:400,400i,500,700&display=swap

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

82fadff367a12e614a5ec145bec6ea58ab214367c8c6f3186ca07353b0bbf16b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 07 Nov 2024 07:57:13 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 07 Nov 2024 07:57:13 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Thu, 07 Nov 2024 07:57:13 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H3 200 pixel.js Show response
cdn.popt.in/ 228 KB
52 KB 154ms
82ms Script
application/javascript 172.67.166.202
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.popt.in/pixel.js?id=64d678615e3d0
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.166.202 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8cda9cd43d4127342ef2bd26c9a89e80fcfd2cece43b6e9fe51c8f4c9fc10d8e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"bb1d47dd9307511c812e97057f206676"
x-amz-version-id: TRyTGFa_rwGe4OIYv562jC.ovfSaHQHx
age: 1894
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IaqthtLwLiNmTrhnGhQKPuQE47%2FvwWtprlXeYDu6v1WVOYylMV00AcQ%2FNYfdYgCC6xgZ8NMlcpQe9jMmrzbp151dQhOlDCVuvxPtP0IvEnsbgPIDC0NsJ%2BFtjYOwmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: 5DeSHoys6BsdLqXdlEugUgrdsXfVYmTC8Gnu5NPym3kQu2_vgPyjow==
date: Thu, 07 Nov 2024 07:57:14 GMT
content-type: application/javascript
last-modified: Thu, 07 Nov 2024 07:25:38 GMT
vary: accept-encoding
priority: u=3,i=?0
server-timing: cfL4;desc="?proto=QUIC&rtt=48506&sent=12&recv=7&lost=0&retrans=0&sent_bytes=4124&recv_bytes=4291&delivery_rate=65426&cwnd=12000&unsent_bytes=0&cid=8d480f843ae0f664&ts=65&x=1", cfExtPri, cfHdrFlush;dur=0
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via: 1.1 0bad7b24b2c9dfacca95c8ce0c8c3706.cloudfront.net (CloudFront)
cf-ray: 8debc5750b0d034c-CDG
x-amz-cf-pop: CDG52-P1
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 67ab0ee7-fcba-400b-8cb3-db7bb1cc0033.css
p.visitorqueue.com/styles/ 0
118 B 421ms
122ms Stylesheet
text/css 99.79.185.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://p.visitorqueue.com/styles/67ab0ee7-fcba-400b-8cb3-db7bb1cc0033.css
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.79.185.91 Montreal, Canada, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-79-185-91.ca-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

access-control-request-method: *
access-control-allow-origin: *
content-length: 0
date: Thu, 07 Nov 2024 07:57:14 GMT
content-type: text/css
access-control-allow-headers: *

GET
H2 200 8aaca2fd-5cd9-4888-ba4c-a92130465f35.js Show response
j.6sc.co/j/ 1002 B
891 B 553ms
433ms Script
application/javascript 2.17.100.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/j/8aaca2fd-5cd9-4888-ba4c-a92130465f35.js
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-184.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 4c92a856ef5f00e2ac59b76a4960d24a2dc57e80fe559acaabf141494ef00081

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

content-encoding: gzip
etag: "8bac6645b92976ce9ddc83f7e77c4cfc"
x-amz-version-id: JLNEtGotk8b6dmhKDZy.dxdNRH2fgtRS
expires: Thu, 07 Nov 2024 08:27:14 GMT
x-amz-cf-id: MLHATUlF4GfQOoV6TRJ90GKzPCbNYQZ6sL2MR7F7mQdCQMahtHqFGA==
date: Thu, 07 Nov 2024 07:57:14 GMT
last-modified: Thu, 30 Nov 2023 08:48:17 GMT
vary: Accept-Encoding
content-type: application/javascript
x-amz-meta-content-type: application/json
cache-control: private, max-age=1800
accept-ranges: bytes
content-length: 507
x-amz-cf-pop: FRA60-P8
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 in.js Show response
platform.linkedin.com/ 510 KB
160 KB 186ms
38ms Script
text/javascript 2606:2800:233:66b5:799a:7cd3:f74d:7071
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:66b5:799a:7cd3:f74d:7071 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CE6) /

Resource Hash

632ae2a19dd0817549172e38d37d628124c089c4466c0dca78378c8a78e3f1e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

content-encoding: gzip
age: 2273
x-cdn-proto: HTTP2
x-li-fabric: prod-ltx1
x-content-type-options: nosniff
expires: Thu, 07 Nov 2024 08:19:20 GMT
x-li-proto: http/1.1
x-cache: HIT
date: Thu, 07 Nov 2024 07:57:13 GMT
content-type: text/javascript; charset=UTF-8
x-cdn-client-ip-version: IPV6
vary: Accept-Encoding
last-modified: Thu, 07 Nov 2024 07:19:20 GMT
x-li-pop: prod-ltx1-x
cache-control: public, max-age=3600
x-cdn: ECST
x-li-uuid: AAYmTXP5NTT/XZzmhDSnRA==
accept-ranges: bytes
content-length: 163631
server: ECAcc (frc/4CE6)

GET
H3 200 light_logo-original-SVG.svg
www.picussecurity.com/hubfs/ 3 KB
3 KB 49ms
49ms Image
image/svg+xml 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hubfs/light_logo-original-SVG.svg

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

21036da1013e88ad1be39946746a916786b081557a7a72b6a194c153c175aa59

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"48ed4add03225d471676e998d8262bb9"
age: 1013769
cache-tag: F-75149788735,P-7048931,FLS-ALL
x-amz-version-id: 2bbLkTbvsvFQW3gHMJyxn2VjG1fJz2sZ
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kTNEarUiXQNinoUKV61KhDTH8lNkWfKU9al2G6vCGAFhDT8NVYB5Z4N%2BFKSfSNpKQ4Yn23dvTL5n8MYKZEhg3DM4onHaOuQeO1ctGYrf7zU%2Bu1XS3NpvYSZGOdD8i29Wvc2WVHJVRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: t4d3J5B2ONZUDtBt_a9h-kt0M3XAoj3Arb_2eTFJw4ppvCxKFyhR3Q==
content-type: image/svg+xml
last-modified: Thu, 21 Mar 2024 08:53:36 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-75149788735,P-7048931,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: D1Q5RB566MT6WKP7
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-75149788735,P-7048931,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:14 GMT
vary: Accept-Encoding
x-amz-id-2: o2wGcwBt4EJRGmLDICzWLI47XREAyeWwyXN5w46U99R+++tulG22x4B0LKlPKalIFg+aynpk0sU=
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-meta-access-tag: public-indexable
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 847dfd2661863b769933ca092b0ccc4e.cloudfront.net (CloudFront)
cf-ray: 8debc5749da6e51d-TXL
access-control-allow-origin: *
x-amz-cf-pop: WAW51-P1
x-amz-meta-created-unix-time-millis: 1654140894047

GET
H3 200 report%20(1).svg
www.picussecurity.com/hubfs/ 5 KB
4 KB 151ms
151ms Image
image/svg+xml 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hubfs/report%20(1).svg

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf773224fb7b3fd5978d7b527d003387334f71f37ed57e9ea50fe7b9bf4d6a76

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"9e7e94a90a4311547fb36c1f1dd7ef9c"
age: 1013768
cache-tag: F-162786143818,P-7048931,FLS-ALL
x-amz-version-id: .CzJW_cs2EkiJ0JohZpoME2Kp1Jni00a
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VO6r8u8Z2MPGz0R6WQDfUOwGo1T99lviKuWXr0OMaQBE8pKNdgu%2B86hTqroDogS5f1sdw%2FGX0QXt%2FSIjV1lr73sZieZYKKVSn64uAyClBIZKTxKUyYQ1%2B4JLRrLc34DfOmWm9gSZqw%3D%3D"}],"group":"cf-nel","max_age":604800}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=et.9JFUECL2SnQY0xXBxX8WPvyfyBE9oBUDW.BsviLI-1730966233-1.0.1.1-1Ifgek75tsK6pmrFIaR7j5VegZPlH2C0YP0KD67XW.FZzFvqjWIAiK2mmrBc4sgAR.wZRi31bA2wZEce88hNfoVH.AdbtuG1AxrKFLTT79E7gGiHK4Ac2_bMBmgQwdFxT9TUouXvzxdP2iU1bEgbn98.XHyAqs5Fy2Djw.HrnC4"}],"group":"cf-csp-endpoint","max_age":86400}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: VPRPQpGHvUD89tHrHDptwCIo3wgPymtAOOUpuME42AMLbuMSDkSfCw==
content-type: image/svg+xml
last-modified: Mon, 01 Apr 2024 11:45:25 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-162786143818,P-7048931,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 5G9B4N1Y23MGTCSW
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-162786143818,P-7048931,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:13 GMT
vary: Accept-Encoding
x-amz-id-2: 9ZuMewB4FW4Lx6426Pd0K4Tq/N6/ys0vsc98EyCKO59ujnHqbxwN3xYy87qUDG+XFH0Jqwl391Cu9qSP5L0R/3oC0+M4/Ol3
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-meta-access-tag: public-indexable
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
content-security-policy-report-only: script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=et.9JFUECL2SnQY0xXBxX8WPvyfyBE9oBUDW.BsviLI-1730966233-1.0.1.1-1Ifgek75tsK6pmrFIaR7j5VegZPlH2C0YP0KD67XW.FZzFvqjWIAiK2mmrBc4sgAR.wZRi31bA2wZEce88hNfoVH.AdbtuG1AxrKFLTT79E7gGiHK4Ac2_bMBmgQwdFxT9TUouXvzxdP2iU1bEgbn98.XHyAqs5Fy2Djw.HrnC4; report-to cf-csp-endpoint
via: 1.1 3160ad16fcbe86f76443069b6ea68052.cloudfront.net (CloudFront)
cf-ray: 8debc5713f1be51d-TXL
access-control-allow-origin: *
x-amz-cf-pop: IST50-P3
x-amz-meta-created-unix-time-millis: 1711971924316

GET
H3 200 white%20paper.svg
www.picussecurity.com/hubfs/2023%20-%20Optimization/logos/menu-featured/ 2 KB
2 KB 148ms
147ms Image
image/svg+xml 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hubfs/2023%20-%20Optimization/logos/menu-featured/white%20paper.svg

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3ca2178c03aa90413665605224901388a8a7694be710ccf31d1c9546f6bb558

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"66405d9753202d06b0b9b8c0731c122e"
age: 1013768
cache-tag: F-162784353194,FD-162786929972,P-7048931,FLS-ALL
x-amz-version-id: qKWviCmcUVpCSakC.wZPgGk71W9rF9zO
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i0rwVRbZ0u35p%2FZgUFpVWkiqvD2C4YU9daGsq99c26CAIXyw2CpG1Lp2fouqXN04MmCi%2Bot8fvmW74gSrxrcv%2BPC%2Bjxw67SlgoJLU%2FtwoVkeNo1rYPirptsD44%2BAVo4Yii%2FbnRhnCg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: pdRf5gnk_iKXnU494lJN3lmX4x8D0csJxwSAAMJnFclo-49AChPrUg==
content-type: image/svg+xml
last-modified: Mon, 01 Apr 2024 12:08:04 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-162784353194,FD-162786929972,P-7048931,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: B99E2BSYRCRT8DZD
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-162784353194,FD-162786929972,P-7048931,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:13 GMT
vary: Accept-Encoding
x-amz-id-2: ElmE6wpNnfupcrk+Ts8cY2b/khLgwC9xCjgw1U9b0HUWA19pCtJRFXTEPF3m4WR++BQq+0vuJICmKAq/bED/2hJ+d4CDdbEWJGI0/uZ5d0U=
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-meta-access-tag: public-indexable
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 3b94d7a16ccc58f1a6ce634d854f014e.cloudfront.net (CloudFront)
cf-ray: 8debc5713f1de51d-TXL
access-control-allow-origin: *
x-amz-cf-pop: WAW51-P1
x-amz-meta-created-unix-time-millis: 1711973283545

GET
H3 200 Group.svg
www.picussecurity.com/hubfs/2023%20-%20Optimization/ 2 KB
2 KB 66ms
63ms Image
image/svg+xml 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hubfs/2023%20-%20Optimization/Group.svg

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

228f08d7d79b9a75e9df18997ee260c139fe2d538924d5f05037e047d3f41d38

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"8f574252daab27008baf3457366fe0bc"
age: 1013768
cache-tag: F-161968113191,FD-106424384934,P-7048931,FLS-ALL
x-amz-version-id: Y4m6PvMsT0hDs0VfCSSE5aTeXjUonr7R
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bp3yjgADt0BRouQS2j7pqCfy1RED09VuHEePxXux%2FsmJsx2VBOz5bZ1DV7RLQs119psT6CRvcK3OogwTij2b27zZG50sqp4vLgs5wQ%2Bi7o5mR%2FXYqIumxpgX7DRTFm6qIBYZqPBSfg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: 4ooegboCKhPkWOxs3AvUph-IfRldDeu9ZU7CuYRicS2u3MGGiWsZsQ==
content-type: image/svg+xml
last-modified: Mon, 25 Mar 2024 09:47:07 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-161968113191,FD-106424384934,P-7048931,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: SP2KNG5V5QC271VF
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-161968113191,FD-106424384934,P-7048931,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:13 GMT
vary: Accept-Encoding
x-amz-id-2: ExkyK+ZGxJOkAr/dQhhj7VvD5jfNWNSLreTan0akaXl0uoz0iVj9bLQH64+whtAKD+cPdHVUohs=
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-meta-access-tag: public-indexable
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 d8006f736d3dc32a20a91813f2f50fa2.cloudfront.net (CloudFront)
cf-ray: 8debc5723b66e51d-TXL
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1711360026267

GET
H3 200 Paper%20Icons.svg
www.picussecurity.com/hubfs/2023%20-%20Optimization/ 3 KB
2 KB 56ms
56ms Image
image/svg+xml 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hubfs/2023%20-%20Optimization/Paper%20Icons.svg

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e8762831ff219f8b76b3479d9ffb9da218a058d059993123584cdbb5da6c079b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"af898a1c995d79d5de9c5bbd71bda7b7"
age: 1267807
cache-tag: F-161967644941,FD-106424384934,P-7048931,FLS-ALL
x-amz-version-id: G6aTXUudX1thnchIZCO_zEyjoyxJwiGR
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sezIbIN0IO9CRAnmeTcJZGG%2F%2FGb8tFFt%2FLv5kCvQFMQkdDT9Cf9liVZrJidIgmckdG%2BtdA1CS7nODKSDbQ%2FB3de%2BYIHAOlg6VCNgT58gszDwCRkLaBt3eP4bsnGWet7VGA%2FBVxekaA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: Qy1dP88-ruu7IEN1_8SjXAfjmGNHqaLeJTLrxeLypRBGfkI2_pnvQw==
content-type: image/svg+xml
last-modified: Mon, 25 Mar 2024 09:51:40 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-161967644941,FD-106424384934,P-7048931,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 85PFFNHDMBAZWTES
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-161967644941,FD-106424384934,P-7048931,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:13 GMT
vary: Accept-Encoding
x-amz-id-2: kfbrcaYUtG/+UHP+yKOkBlx32jmfYGBWFrLOrXVsE4RjVeb2KKcfbeo26eah/gloO0/UpwSdTkcFdDYO0sMWUF0S6ZuOmiMS
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-meta-access-tag: public-indexable
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 69a10b66d89f36667ccbb3842b1892d0.cloudfront.net (CloudFront)
cf-ray: 8debc5723b69e51d-TXL
access-control-allow-origin: *
x-amz-cf-pop: IST50-P3
x-amz-meta-created-unix-time-millis: 1711360299644

GET
H3 200 report%20(1).svg
www.picussecurity.com/hubfs/2023%20-%20Optimization/logos/menu-featured/ 5 KB
3 KB 48ms
46ms Image
image/svg+xml 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hubfs/2023%20-%20Optimization/logos/menu-featured/report%20(1).svg

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf773224fb7b3fd5978d7b527d003387334f71f37ed57e9ea50fe7b9bf4d6a76

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"9e7e94a90a4311547fb36c1f1dd7ef9c"
age: 1030297
cache-tag: F-162786139288,FD-162786929972,P-7048931,FLS-ALL
x-amz-version-id: vLyxAfyxINwLbl8l.uvRN1DJ6FrzhUON
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bF8wofRf9J4avIo81pgC9qj9Ol2Cvk4bNMtk0xQ53opD2pYq7GoscHWmJKxMYkrj0095xnuwS3avQQI56UNM8BwnIcWEfqMaEoQeR0MLhV35PREWi00KL7mi1KL0C8xz6ZrkSkZ0qw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: WIJGML4gsHXz-N8K4WpmukI3xf-zXNYn7g2U3-GRliPV-j5eXzNXVg==
content-type: image/svg+xml
last-modified: Mon, 01 Apr 2024 12:08:04 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-162786139288,FD-162786929972,P-7048931,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: BH1G6G6MRJGR5786
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-162786139288,FD-162786929972,P-7048931,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:14 GMT
vary: Accept-Encoding
x-amz-id-2: LiHEPYKBudEWFyWRJjuSEZyFpzcsD4gARvkNvcobjGFY76yqo0uz7tU1jcs/v7xGzdw0DVHRPJPqz429r4lp9wMKwUyd29CiK2yRGeJiE/E=
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-meta-access-tag: public-indexable
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 9a5a7a128fa33b5594ad1cc4824deb8c.cloudfront.net (CloudFront)
cf-ray: 8debc574be04e51d-TXL
access-control-allow-origin: *
x-amz-cf-pop: WAW51-P1
x-amz-meta-created-unix-time-millis: 1711973283596

GET
H3 200 webinar.svg
www.picussecurity.com/hubfs/2023%20-%20Optimization/logos/menu-featured/ 2 KB
2 KB 58ms
55ms Image
image/svg+xml 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hubfs/2023%20-%20Optimization/logos/menu-featured/webinar.svg

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4071465b2c0223da0e296a2d9ed8fbec379caa2d8eccacf96113afa481d7714a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"1870d43d00ab230724e0509f1d40c007"
age: 1030297
cache-tag: F-162787310732,FD-162786929972,P-7048931,FLS-ALL
x-amz-version-id: Wb4ah8A.92KNq.UjMkeG8TpLY3dVHhNK
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QIlYsBaqTlrw5hKo4g3xY3qKgmGHoFR5QWpOCNCSF5bIFhv%2FaWkLAjIRU%2FZr5SCt6WwFf5vmeuJFeUGnwYUSZC%2FD8vWOsXZp3IiThwCBCcgjCnbAX6f3tXsBIOkW3bMlGut0OpxWIA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: 0swtgVFztkGnXfEBiGSPT_Q34C6lH8CpzDv-jjZ6ncy5__d5KZmiLg==
content-type: image/svg+xml
last-modified: Mon, 01 Apr 2024 12:08:04 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-162787310732,FD-162786929972,P-7048931,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: SP2NWQGG5MBMRQZV
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-162787310732,FD-162786929972,P-7048931,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:14 GMT
vary: Accept-Encoding
x-amz-id-2: jGeh/zrrpDp9eDFK+21ArsJMqG8ZijTyIOj2AXmQJwItkkA2Z8iA4Jm33xfjfpJi+r8jtOByYFI=
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-meta-access-tag: public-indexable
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 bbd64aca0b829769b2db2050bd5350dc.cloudfront.net (CloudFront)
cf-ray: 8debc574be10e51d-TXL
access-control-allow-origin: *
x-amz-cf-pop: WAW51-P1
x-amz-meta-created-unix-time-millis: 1711973283530

GET
H3 200 Data%20sheet.svg
www.picussecurity.com/hubfs/2023%20-%20Optimization/logos/menu-featured/ 2 KB
2 KB 59ms
55ms Image
image/svg+xml 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hubfs/2023%20-%20Optimization/logos/menu-featured/Data%20sheet.svg

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d24d7930883c81a956a8d25026d6befdf264a901da8570a7fa27b6db580c2bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"2978bb799a23d124f5407472f883155a"
age: 1013769
cache-tag: F-162787304607,FD-162786929972,P-7048931,FLS-ALL
x-amz-version-id: aGCl_khANGAehik.SERmQr2ajrV713hJ
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YpTbscxM8VhLTiovujZoehDrd4V7cSR0csmFexmn8t4p%2B2pOvxrssGT8SL0WBD9mBx73YP8BwVGveXLToCX4WpPgfZ7NeGtl5YXrgoCXs8UTVFCnznRqm2KLEvTJTjdahSgKxFIE8A%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: JonTXBDSZ4dcaPpZfOHReid0a0f5s5eft1jhAZ5wC5ufrfw7z5LOoA==
content-type: image/svg+xml
last-modified: Mon, 01 Apr 2024 12:08:04 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-162787304607,FD-162786929972,P-7048931,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: XW0H458BRREHM023
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-162787304607,FD-162786929972,P-7048931,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:14 GMT
vary: Accept-Encoding
x-amz-id-2: uv8J+UUq7Mn8DWoPW+TsPfzf554rTsKWuNfLuACO+mgboDs8XGA289MND4n9cCcnFG4WD8pG61U=
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-meta-access-tag: public-indexable
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 01508c56da60b38ed14eba678e55a38c.cloudfront.net (CloudFront)
cf-ray: 8debc574be12e51d-TXL
access-control-allow-origin: *
x-amz-cf-pop: WAW51-P1
x-amz-meta-created-unix-time-millis: 1711973283543

GET
H3 200 linkedin_black.svg
www.picussecurity.com/hubfs/ 1 KB
2 KB 58ms
54ms Image
image/svg+xml 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hubfs/linkedin_black.svg

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

34350dee947083733dcd88d858cf65df7a4f282846c465b8f9627090aa5da3c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"cb53f1d14fd4d15a3313d2a24a524fb8"
age: 599093
cache-tag: F-26106634639,P-7048931,FLS-ALL
x-amz-version-id: cxF8LRaoHAeGt3BhM7bUzN7AlCshNAnL
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7vRt30q%2FmBiplPEKT%2FDVCDm6MOgWz7t6XcEr7cg7WOFH%2BNFunH7i1fMtwKkWNQG2QcRp9vVmQmFuvA3AGTnli8GDRP60P7wxUJJVnq%2BWghcLhRanDFFAaJK14KVWHKKUUhXQS%2BULeA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: dFAxHxbcA8_sQYzZ6FCtkA74ayRi4uje3arolRMmocE46YMMFRIs6A==
date: Thu, 07 Nov 2024 07:57:14 GMT
content-type: image/svg+xml
last-modified: Thu, 20 Feb 2020 04:30:55 GMT
vary: Accept-Encoding
x-amz-id-2: 8VYN0+XzuNsxeisOSJNEhUS1SY9z+X6hefxNLexhKW0P3rst1NsQKhNCu4VZaxhi14r2bdVL2a8=
strict-transport-security: max-age=31536000; includeSubDomains; preload
edge-cache-tag: F-26106634639,P-7048931,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 69bd99223bbe7be5d36f0fa13d71bf84.cloudfront.net (CloudFront)
cf-ray: 8debc574be13e51d-TXL
x-amz-request-id: T5T7W0362F8DHWF1
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
access-control-allow-origin: *
x-amz-meta-cache-tag: F-26106634639,P-7048931,FLS-ALL
x-amz-cf-pop: SOF50-P1
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3

GET
H3 200 facebook_black.svg
www.picussecurity.com/hubfs/ 669 B
1 KB 64ms
61ms Image
image/svg+xml 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hubfs/facebook_black.svg

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8acd930d7a72da64980a950dea0c1507411900cb1459aa8c743e003df27444dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"655ebdf8c830e8540b691af2f06d81c4"
age: 1190863
cache-tag: F-26106634638,P-7048931,FLS-ALL
x-amz-version-id: 8CJrjrvqFB2TaFMkKGP3y_iXgtaroa19
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mrSK%2BhxJgmslFdhF9CTjqahKRswEo42HUuIbF%2FQkCW23YSlQx4HrwGvRQwvNNYe2NhL6l6djVJaGZFjpqvCnlxeveErAEQWXOXJ04fckF%2F8VH00EncZorb20pHz6i1UwZthkX%2BA2pg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: OEhlbzdivuAE_TfrKLSuIozQ8Qd7wJuVCdvBOD_Uor-PE3FRzgF2Tw==
date: Thu, 07 Nov 2024 07:57:14 GMT
content-type: image/svg+xml
last-modified: Thu, 20 Feb 2020 04:30:53 GMT
vary: Accept-Encoding
x-amz-id-2: hKyuIG+54sLzjoS0DmDPObslqauYh6I0mQv9V882fJDuVp48BHvSXvg5MrSwdX8hQc/+dunD24+yrDUAbnR8QWWQQhpJde5G
strict-transport-security: max-age=31536000; includeSubDomains; preload
edge-cache-tag: F-26106634638,P-7048931,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 cb67ab2ecd69029ff52ff7bdcef2f6e0.cloudfront.net (CloudFront)
cf-ray: 8debc574be1ae51d-TXL
x-amz-request-id: 1Z9J1QY5MCD4VJAV
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
access-control-allow-origin: *
x-amz-meta-cache-tag: F-26106634638,P-7048931,FLS-ALL
x-amz-cf-pop: SOF50-P1
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.1293/ 13 KB
5 KB 175ms
53ms Script
application/javascript 2606:4700::6811:b05b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.1293/embed.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b05b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb5224674e43d02db0037517f4aa29ba5ce9ddd0672e513cc7289714ba657522

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"f667e53d5752ee2e5759f3dfaf20d330"
x-amz-version-id: AFGFBaAC1397GFbOapH2DRIkjQ_NaZzY
age: 179203
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BZHeTIN442F0lr7YE7VXMCj%2Bm3pV18XPwYoGKYzhfbEThBP0lGHErRtSJJT9th07K0EAV8P48TY0bhcnm%2Fp1CuoLAoznUlmIgpbpbU6QtlOhjtxx%2BFMaY%2FKo08PgUnFBx5OS%2FqwCYntJX78PYUhi8o01zLc%3D"}],"group":"cf-nel","max_age":604800}
expires: Fri, 07 Nov 2025 07:57:14 GMT
x-cache: Hit from cloudfront
x-amz-cf-id: Ou-sFMOKDY1ueRHDlKtx-6Q-4URhNnD4Vmd7fS0abhITOtlB3DZlIA==
date: Thu, 07 Nov 2024 07:57:14 GMT
content-type: application/javascript
last-modified: Mon, 23 Sep 2024 19:59:06 GMT
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 1c3c1c03f4bbd4e68725363918cb3454.cloudfront.net (CloudFront)
cf-ray: 8debc5758afb3a84-FRA
x-amz-cf-pop: FRA60-P6
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 main.min.js Show response
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300259976/1729690095644/Shield/js/ 3 KB
3 KB 70ms
69ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300259976/1729690095644/Shield/js/main.min.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe6ee10b03114d58ae3552f76f67608965f961c9d2743a003b3c8da7e5ff4f7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-request-id: f9795642-b6c9-49bb-9052-f85a79c16f49
content-encoding: br
cf-cache-status: HIT
etag: W/"4042981d0fd53bd731911bfb42a40b61"
x-amz-version-id: ePExGe_G5Tnc9w7AEPf3KqlYIIH7Mdzl
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nx3rd2Q75s%2Fv1yxlyo80Y%2FjUstVBxulpyEwW3gcmNZjaLNY1kys98wT6ghD4pn4Ay1yqefgOMWo%2FNpk6xI3pm9gHudM2mAcFjZ%2FgD%2BqtG3rncD75p6A7G%2F%2F%2BHVkuucoRqRlXrvnkRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: 7pkBXOVF8SH9Ui_jWM9bmGXCLUX0iGyU6UJGm7fkF4orUGTMDcV4HA==
x-hubspot-correlation-id: f9795642-b6c9-49bb-9052-f85a79c16f49
content-type: application/javascript; charset=utf-8
last-modified: Wed, 23 Oct 2024 13:28:16 GMT
x-amz-replication-status: PENDING
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-679cd85c5c-sf8l8
x-envoy-upstream-service-time: 159
x-amz-request-id: BZ73JRAYX801X636
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:14 GMT
vary: origin, Accept-Encoding
x-amz-id-2: g10QxlXAFCeZ4gu95YlyQ2QMMJM8z3tukViXQlsgIoQWvKmmzKo5EG/JEfZEggvCppcpG28pLSd+E0p7ZgxTT1aqhZmpctCu
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.picussecurity.com
access-control-allow-credentials: false
via: 1.1 7dc4818c830423900ae855831181d2b8.cloudfront.net (CloudFront)
cf-ray: 8debc572ad48e51d-TXL
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1729690095835

GET
H3 200 shield-wow.min.js Show response
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32379253675/1682685740703/Shield/js/ 8 KB
4 KB 95ms
95ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32379253675/1682685740703/Shield/js/shield-wow.min.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4efcc099f128e3655108f269adb8e838c24ee54d98c3903a22dec225e3e1221

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-request-id: e82faf03-6994-449f-b2bb-f2b505b4b557
content-encoding: br
cf-cache-status: HIT
etag: W/"6309bf850dea6345af0b537f2e628964"
x-amz-version-id: 3Y6ojRbIJ3_a2L0i1cyLjVOzG5krJ8PT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZCxzGgBI03qXKUyLf2ljKa2DaJRG%2FPrMaRirUVvq078kr5wtzpN3%2BBu5gjJre78lCavEZsUL9BwYr7sqLG1ZYovxbOpgdh2xnyDCg6f9cA1EVfbzAx5uIyR62MEjXh%2BJvxkseW8qjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: nfVh0VE5fiDSIapr4duRaMn4yTGpJ5HZ3f60gtuJgz45RmQLtQ91iA==
x-hubspot-correlation-id: e82faf03-6994-449f-b2bb-f2b505b4b557
content-type: application/javascript; charset=utf-8
last-modified: Fri, 28 Apr 2023 12:42:21 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-xzd77
x-envoy-upstream-service-time: 188
x-amz-request-id: 9VPJ22623V5W2AWW
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:14 GMT
vary: origin, Accept-Encoding
x-amz-id-2: v+cytHbhtlc4ZhyixwjZ1bzFtEJHpe4vnW4vQgTtAV0wgQiHZB/B0aVlm3eSr3e/Q2d0oz1hhWRk/4QnJzr6t3TWtJ7lwOBVNkkiXdkpB+s=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.picussecurity.com
access-control-allow-credentials: false
via: 1.1 8fc9659fc06389e49927f68638e9bc94.cloudfront.net (CloudFront)
cf-ray: 8debc572ad5ce51d-TXL
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1682685740979

GET
H3 200 slick.min.js Show response
www.picussecurity.com/hubfs/ 42 KB
12 KB 64ms
64ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hubfs/slick.min.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"d5a61c749e44e47159af8a6579dda121"
age: 1030298
cache-tag: F-88670129552,P-7048931,FLS-ALL
x-amz-version-id: rscA3GqdMhf_6Xt5rKM52hFVPQ.2lsXw
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kz6n14UDPFp%2BTVbwaF4hGmiXRFAfdwgwG0mZkSSEB2Mc8GnjpejFo1LPkV4pNWUc7B%2FZmksO4zEnPXthcBpz5RVs%2BXxV4kt7Yyu98i3vDmIDWT1Aj8E7cdKmGw9UolfTESyeDkfQag%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: e38GKm99eyVkPNn6KP7-DTMiiz9BHeOjwQhYSeSYCb7h3XVxYd1AFw==
content-type: application/javascript
last-modified: Wed, 19 Oct 2022 07:03:01 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-88670129552,P-7048931,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: Q8HRMVPG3W7024M6
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-88670129552,P-7048931,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:14 GMT
vary: Accept-Encoding
x-amz-id-2: t3RayFMuTL/Xz+TOI4EIwsu8EK9TFp5hTwKSI6atHi+zQvHvA1swrkagAaLaHGQBDLjsV3gP2tc=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 c98f7b0e51b5c113c329ba80a59a2026.cloudfront.net (CloudFront)
cf-ray: 8debc5731ef9e51d-TXL
access-control-allow-origin: *
x-amz-cf-pop: SOF50-P1
x-amz-meta-created-unix-time-millis: 1666162980835

GET
H3 200 module_161965429884_Mega_Menu_24.min.js Show response
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/module_assets/161965429884/1729596799426/ 3 KB
2 KB 75ms
75ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/module_assets/161965429884/1729596799426/module_161965429884_Mega_Menu_24.min.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

43ffc04fc9feaf3e018ef29811c774bd365508ef79d33f9e63c5156a6fc90bf8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-request-id: 8cfb5eb0-3323-40fc-9d1a-84d32853c4e3
content-encoding: br
cf-cache-status: HIT
etag: W/"5e8e1af8b761868a7a5d5620027358a8"
x-amz-version-id: dRtkwHLueS9If9ju4jbwtB2njPQROC1o
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PgxyT4PLyOQ%2BJGyERIW2JWvfci6LpGx%2BCtyUPFvksmz5LTg2slAuDeTidjOiW9s%2FBx390LAW9stBi%2B%2BIMMKCnHAo1yNjZHzw6rDKz2vrXFo32hXtwZeEgY2HpGozocveB3yiFlM8jg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: E8ja_lLhxUmkebuzNWQCWAUD0Kywm__86c6pq8TLNrC20m78GN53Rw==
x-hubspot-correlation-id: 8cfb5eb0-3323-40fc-9d1a-84d32853c4e3
content-type: application/javascript; charset=utf-8
last-modified: Tue, 22 Oct 2024 11:33:20 GMT
x-amz-replication-status: PENDING
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-679cd85c5c-q9n7k
x-envoy-upstream-service-time: 575
x-amz-request-id: X8YZEPD136D2AF4K
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:14 GMT
vary: origin, Accept-Encoding
x-amz-id-2: zi4pY3bbr4PZpctglczm3qv0N+mLje4DROU6xyAGMtXyQLS2elSwMyQYVGqhRH/6tl8GIfdYu6E=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.picussecurity.com
access-control-allow-credentials: false
via: 1.1 0fbab52df0695e2a561cd26eb7f9484c.cloudfront.net (CloudFront)
cf-ray: 8debc5734feee51d-TXL
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1729596799426

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 83 KB
24 KB 175ms
51ms Script
application/javascript 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb60114d01e18846fc0570ef5b0c637ff1cf5f96b3cea88dd7a7a56bc587d726

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-request-id: 14012712-b269-4c0a-bbe8-f6686d7bf9d3
content-encoding: gzip
cf-cache-status: HIT
etag: W/"83516cb36bba59046b931d3496c56b0c"
x-amz-version-id: CxKDbkLWIG8oARp7ZgYVTZrOz3tr7GRC
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
age: 151
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=95qZAItwIRYhpHVWMEC%2FXqr2BmI25czFLB54abQ64u7LF%2BV0UDrwyeLdz1a1LjTyWrGDxsjYfck2eQ%2FH%2Fby93G5PVq60O5C3usA6qAmeV6%2B73Jttzna47C17BugduuTX6A7JUEuFqvVfSwsM"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: um-xWrQ8Svfr3-9u_pA4tVn8zSd6m-QXNDr7okPiPAP0HybDgHpkUQ==
x-hubspot-correlation-id: 14012712-b269-4c0a-bbe8-f6686d7bf9d3
content-type: application/javascript; charset=utf-8
last-modified: Fri, 01 Nov 2024 15:51:22 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-86c46c9777-t5nl5
x-envoy-upstream-service-time: 0
x-hs-target-asset: web-interactives-embed/static-2.1648/bundles/project.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
x-hs-cache-status: HIT
date: Thu, 07 Nov 2024 07:57:14 GMT
vary: accept-encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1648/bundles/project.js&cfRay=8de3734799432d65-ARN
via: 1.1 7375f2360b80ec8c602f04aa2cc7a57c.cloudfront.net (CloudFront)
cf-ray: 8debc5758844dcad-FRA
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H3 200 header_height.min.js Show response
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/117283871284/1723556727031/Shield/templates/assets/shared/ 738 B
2 KB 76ms
76ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/117283871284/1723556727031/Shield/templates/assets/shared/header_height.min.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f16de7b1b4aaefe1a073fd179d639c5264e6451ea208b8b9cf72ef0d846b308f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-request-id: 4148c5ff-8342-43c2-adc5-c8aa656894b2
content-encoding: br
cf-cache-status: HIT
etag: W/"92119b8f6e821b04443cc2c8f724a1aa"
x-amz-version-id: qOltGM6xekzHdTLGg5xGyd_.gll1rzUO
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w0ck6EWvprB2dX1Kcss0vcqNWr6cXhLjFQS4BLcMM3GqPw9EfRZ%2BN3bHCWkWWxm7Cmxt7flyjvh00sVME9pJ2KmioFqk72NkExuHfw0hW9ZV3pzj03EfqgP0%2Bt%2BITn%2Fv5VcEyjZOEA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: KPho9Go7oaNQf1-Iq0vxg5LWMtANIKymGS6AXqQSvCPC1VQX41iA0A==
x-hubspot-correlation-id: 4148c5ff-8342-43c2-adc5-c8aa656894b2
content-type: application/javascript; charset=utf-8
last-modified: Tue, 13 Aug 2024 13:45:28 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-54797cf595-k2wrb
x-envoy-upstream-service-time: 179
x-amz-request-id: QACZ9G5GRWT9261Q
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:14 GMT
vary: origin, Accept-Encoding
x-amz-id-2: Fi+Ug3N3l8JxmAIvsBr9q2No2rE46KIYuooqCjT0tOAOMsyo+xT6gqqNLjJFvGsMVWV2DmCeqJrBsZe+SQ+fWNZURbGdH5gQ
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.picussecurity.com
access-control-allow-credentials: false
via: 1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
cf-ray: 8debc5738926e51d-TXL
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-amz-meta-created-unix-time-millis: 1723556727202

GET
H3 200 main-blog.min.js Show response
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/158844553760/1727782857967/Shield/templates/partials/blog-post-layouts/js/ 2 KB
2 KB 67ms
67ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/158844553760/1727782857967/Shield/templates/partials/blog-post-layouts/js/main-blog.min.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c2591f422aa5cfb1f8bf00a5db7c9407e81037dbeaf22b2e8a791e56468cdf3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-request-id: 6498906b-269c-4ab7-a06a-d96744cdc555
content-encoding: br
cf-cache-status: HIT
etag: W/"8f1dca59f4a10730aace2d8c45529cab"
x-amz-version-id: QZiKZKg8tx7TF06UX1gXrwkYWSUUQRrD
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PQaQAlddc2GBLTMAvwszWmN%2FH%2FWpD8zRifcgjP5ilIdeM9W04jVSPhTL6kZFQM%2Fb2cfWgrTOjynf5PvurpHVWPpOiRO3DUgnJNr%2F5JvNKMe9UG41Ayy8UfRklulPhspC1U7ryDen6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: 5jR-VOpby_N_mZzSqGAOZNgbRInb_z0wmqT4VySdowlXQ9GurUf9Dg==
x-hubspot-correlation-id: 6498906b-269c-4ab7-a06a-d96744cdc555
content-type: application/javascript; charset=utf-8
last-modified: Tue, 01 Oct 2024 11:40:59 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-54797cf595-gdtt5
x-envoy-upstream-service-time: 197
x-amz-request-id: R4A0GRVCSEMC3A4S
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:14 GMT
vary: origin, Accept-Encoding
x-amz-id-2: a/gWYy3UfBmR09CKZbbHahCOAuRwfYD8q1e4obxcA3XJUEpFVdhLvPN5qsbWbyAChZA8ophgVMY=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.picussecurity.com
access-control-allow-credentials: false
via: 1.1 40b60aeaf88b52755048e453b78f096e.cloudfront.net (CloudFront)
cf-ray: 8debc573ca26e51d-TXL
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-amz-meta-created-unix-time-millis: 1727782858138

GET
H3 200 slick.min.min.js Show response
www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32497563799/1619786241508/Shield/js/ 42 KB
12 KB 73ms
73ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32497563799/1619786241508/Shield/js/slick.min.min.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d875f9a2038e25a599452c9e774403240c3bc83df261ed41188bd7ecdf71fee0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-request-id: fae0b256-5a28-4305-9c3e-e80d38ab10be
content-encoding: br
cf-cache-status: HIT
etag: W/"a8efc8a1f019dce7f17886f4d81411ca"
x-amz-version-id: ZPb_r_lrZScln9b_.gUpWD_pgBVu7aX9
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HWxuLRB89egst4sGjaG09U7HYu03WuR9jBCEmMmlyuGhtUN2HSRLYZwePG4FMjjwVF7FnOtVBB%2BbVfvGb4FjmHOgAFHw8%2BG3oGHh6s2a6GyIgbdHcRp3%2FNGLQ2vHRQxGP9J94fZxkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: nYXJQmh57K4JS_IzMelLBdYZpSGuMI592tg9yc44QSMWuRRRjmA61w==
x-hubspot-correlation-id: fae0b256-5a28-4305-9c3e-e80d38ab10be
content-type: application/javascript; charset=utf-8
last-modified: Fri, 30 Apr 2021 12:37:23 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-ts7f8
x-envoy-upstream-service-time: 202
x-amz-request-id: DAYFGAR66X2S86BW
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
date: Thu, 07 Nov 2024 07:57:14 GMT
vary: origin, Accept-Encoding
x-amz-id-2: 09SA3iQuvExsg/mbuH2y/tmFAte/KzlH0K4sMwMHY6tt58tJ9+vv72L2TniJEvOZDvLkatBoQa09P1ENS6c+vU6xy7RMXvJBtuD2pX7ABAA=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.picussecurity.com
access-control-allow-credentials: false
via: 1.1 8fc9659fc06389e49927f68638e9bc94.cloudfront.net (CloudFront)
cf-ray: 8debc5740b1ee51d-TXL
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1619786242195

GET
H3 200 7048931.js Show response
www.picussecurity.com/hs/scriptloader/ 3 KB
1 KB 92ms
89ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs/scriptloader/7048931.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e501f1e36f93ed8160ba31a236aa28c8c438073ab228f839ed336a671a17c99

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

access-control-max-age: 3600
content-encoding: gzip
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SetpHQ%2BFlhjCXG8pYge8gbST12jWhDKTI%2FYiHU1SpM2ug5681jgEXB5jBlnrYizZfxrJMh3NpIakyAx8A3P5sN%2FzBrIjtDCwOFpQ%2FkL9TgDKMoaQrgC7txbZOyB0KOLVXLNZfcwWnw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 07 Nov 2024 07:58:44 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 07 Nov 2024 07:57:14 GMT
x-hubspot-correlation-id: cd435a38-54c1-44b4-b6f2-b7f4d18efb56
content-type: application/javascript;charset=utf-8
last-modified: Thu, 07 Nov 2024 07:56:10 GMT
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=90
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 8debc574be1ce51d-TXL
accept-ranges: bytes
access-control-allow-origin: https://www.picussecurity.com
content-length: 735
server: cloudflare

GET
H3 200 index.js Show response
www.picussecurity.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/ 12 KB
5 KB 57ms
55ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/index.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

42c7e51d284cd7256caf3bfebf641141876657ea0d6e5588ac7e69dce1e9cf7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"3ef0deda0631561665e95645daf500a2"
age: 972615
x-amz-version-id: O3iI8Pl3bd7LIBbSsE98q3XHW8vfw5hp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ca%2BaWYdkDEmt5NkhFrYAmWjmIR2r%2BkYipCwFRpDOtHMFn9U9m9tCH9%2Fhdv8nOzIg31Tc5L7%2B5%2Fqufk69Qe7U9aLUpKAHuemNadhuWcVyKAwaxwor25H1bN4AJFAgtMXG97mq0Pglzw%3D%3D"}],"group":"cf-nel","max_age":604800}
expires: Fri, 07 Nov 2025 07:57:14 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: wpbA_vViVYjSwysreIXWkCKOMZKeVoda1v6kok27TSc4m9eNqDX7nQ==
date: Thu, 07 Nov 2024 07:57:14 GMT
content-type: application/javascript
last-modified: Wed, 21 Aug 2024 20:24:20 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 2fb3ffc33eb22f3ef34dcbe535744fea.cloudfront.net (CloudFront)
cf-ray: 8debc574be1fe51d-TXL
x-amz-cf-pop: MXP53-P4
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 css2
fonts.googleapis.com/ 12 KB
859 B 61ms
46ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;800;900&display=swap

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300424286/1711704470960/Shield/css/theme-overrides.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d1b07feb8dacb85eaa974e4da4e4268679888a74f92ed43e15123ac701717ec6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300424286/1711704470960/Shield/css/theme-overrides.min.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 07 Nov 2024 07:57:13 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 07 Nov 2024 07:57:13 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Thu, 07 Nov 2024 07:57:13 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 css2
fonts.googleapis.com/ 3 KB
738 B 48ms
48ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Inter:wght@600&display=swap

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/154512352373/1727789447438/Shield/css/templates/s2-generic-2024.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5f2662d3a952503f1a49334a9436df710115bffcb783697a5c6e85f8d5883d1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/154512352373/1727789447438/Shield/css/templates/s2-generic-2024.min.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 07 Nov 2024 07:57:13 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 07 Nov 2024 07:57:13 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Thu, 07 Nov 2024 07:27:32 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 w.js Show response
d10lpsik1i8c69.cloudfront.net/ 5 KB
3 KB 207ms
85ms Script
application/javascript 143.204.205.185
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d10lpsik1i8c69.cloudfront.net/w.js
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.205.185 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-205-185.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6cb6821219dae9fa9a21519d86d7ec7acaf0c4dd61463eb336eb92964feebef3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

vary: accept-encoding
cache-control: max-age=3600
content-encoding: gzip
etag: W/"e31293f40e8a324de552ff593ee76a9b"
age: 2883
via: 1.1 d01ad8df731d3f120823f9e20df55146.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: i-yN4lkuiXaUcqcUeht3Zh1OGRfMbWL61U2OL7BbHnWk7nQwINB2cw==
date: Thu, 07 Nov 2024 07:09:12 GMT
content-type: application/javascript
last-modified: Thu, 25 Jan 2024 18:19:40 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 350 KB
112 KB 196ms
75ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N3KD4ZR

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

690402827f42db73cc7c65eaf2749f2e179e9f580b1b74082d70b18bfeff2f00

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Thu, 07 Nov 2024 07:57:14 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 07 Nov 2024 07:57:14 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 07 Nov 2024 06:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 114318
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 6si.min.js Show response
j.6sc.co/ 68 KB
19 KB 45ms
43ms Script
application/javascript 2.17.100.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/j/8aaca2fd-5cd9-4888-ba4c-a92130465f35.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

d5ecf2f6d5b7937dd1aa50165b89193436347d55cb130951d41e028b1f09d3af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

cache-control: private, max-age=10800
content-encoding: gzip
etag: "66fb91ae-111bb"
x-content-type-options: nosniff
expires: Thu, 07 Nov 2024 10:57:14 GMT
accept-ranges: bytes
content-length: 18819
date: Thu, 07 Nov 2024 07:57:14 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx/1.14.0 (Ubuntu)
last-modified: Tue, 01 Oct 2024 06:07:42 GMT

GET
H2 200 hotjar-2366058.js Show response
static.hotjar.com/c/ 13 KB
5 KB 195ms
75ms Script
application/javascript 18.66.102.53
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2366058.js?sv=6

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.102.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-102-53.fra56.r.cloudfront.net

Software

Resource Hash

3915bef88dd05f9c52427af8b187eaf88881c38d165e6affef86ae6efe799ab9

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=60
content-encoding: br
etag: W/86a19967a19d47a260d18ff7788da2ef
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-cache-hit: 1
via: 1.1 3f3b012fad703fdac0f14efdb7b78b6e.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: RefreshHit from cloudfront
x-amz-cf-id: Rq_J8zqwlvSH-Y_w6RvbexPVa2hdLJ8XikcWbcverSea4GxVb3aN1A==
date: Thu, 07 Nov 2024 07:57:14 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-amz-cf-pop: FRA56-P2

GET
H2 200 tracking.min.js Show response
t.visitorqueue.com/p/ 10 KB
5 KB 160ms
46ms Script
text/javascript 2600:9000:2490:9400:c:77c4:d500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://t.visitorqueue.com/p/tracking.min.js?id=67ab0ee7-fcba-400b-8cb3-db7bb1cc0033
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:9400:c:77c4:d500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ccee1682963a5d9deecdb1dcf9f8e00135cf80c850f2e3309637aa0b14a47938

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

vary: accept-encoding
content-encoding: br
etag: W/"1a589f09f32aebb87ae510d59061222c"
x-amz-version-id: JxdgYfCT4cq74i5RocdKtDF0l2HXeH7n
age: 21377
via: 1.1 dd09b3b5f5b8dc626e1ba6804a73af40.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: MrBvo7fQjUTgygsTh6EM42iieMLctYddz3sal27X9gNmoB_JiVn9Yg==
date: Thu, 07 Nov 2024 02:01:09 GMT
content-type: text/javascript
last-modified: Fri, 25 Oct 2024 15:37:23 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P6
x-amz-server-side-encryption: AES256

GET
DATA 200
OK truncated
/ 160 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d1af850eed9d8f478503ae0d24ebdd78691a15ed523db6f16df44b9da327c0d5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H3 200 mega-menu-down-arrow.png
www.picussecurity.com/hubfs/Shield/Images/ 98 B
1 KB 56ms
55ms Image
image/webp 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hubfs/Shield/Images/mega-menu-down-arrow.png

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

387fafc4558eb44d4303fb1710ec85e39755ffa9378b8cdf982c7e66db79c463

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "8e2b3f8a9be7c266f20ac70b5ef7c9ef"
age: 1013769
cache-tag: F-39029899220,FD-32586780943,P-7048931,FLS-ALL
x-amz-version-id: oVZ1tmPGae_LgGyoO.g0kL81yj6KC.HE
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t7CzdDYdGflDvXcJJrejZ9%2BShmcjqrq2TzBevTrmzBFedaA7AGsbGfv9m6%2FvvkDe3tx3IAVgIHSlvKggsx0lfcR7ga4OiuTxkZp0f9FXSnl1hDdEfHkXACNrdOh3NiWREeH7wExc3w%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: aSSzmrUqVNhP-iKGEmCN7c8cP8QXFkdfcSVQFOsAFyrsfBkwTzEkfw==
content-type: image/webp
content-disposition: inline; filename="mega-menu-down-arrow.webp"
last-modified: Mon, 21 Dec 2020 15:20:35 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-39029899220,FD-32586780943,P-7048931,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 8DGZSC154JZ8WBRT
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-39029899220,FD-32586780943,P-7048931,FLS-ALL
content-length: 98
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-server-side-encryption: AES256
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET
cf-polished: origFmt=png, origSize=121
date: Thu, 07 Nov 2024 07:57:14 GMT
vary: Accept, Accept-Encoding
x-amz-id-2: +n6ZRKq8YF5ev6KBGkCOAxd1LOTZ3vM9RAMN6VDod5bfJHkIDi8sjPdC9lAdNmN1ax4cuGsTfU0=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 a49b989a1c88787f19380a9f833baede.cloudfront.net (CloudFront)
cf-ray: 8debc574ce64e51d-TXL
access-control-allow-origin: *
x-amz-cf-pop: MXP64-C2
x-amz-meta-created-unix-time-millis: 1608564034330

GET
H3 200 dropdown-bg.svg
www.picussecurity.com/hubfs/2023%20-%20Optimization/ 31 KB
15 KB 80ms
80ms Image
image/svg+xml 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hubfs/2023%20-%20Optimization/dropdown-bg.svg

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4bf7bbe2ff34569ca8208b5df957ae1bd37d2403d378146fb4e993155cb9820d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"9f9d4423178b24188abc6b47edb3cdc4"
age: 1030296
cache-tag: F-161975016249,FD-106424384934,P-7048931,FLS-ALL
x-amz-version-id: GOOL_26Jvo0IEgl0bjBjQHkckzY3zQ9q
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dADlMZrDdj6ceuYXHT0wTQq%2F4nv4P54wirEi9AX2X6%2Bfu%2BXvG6NQrTkS9Siglp4bMzVowsHiLtyIjuhewCJdRuvdVdouALlaYi%2Bbh5uFUQsajWM8oRLmb8F6UfI9Y1AkRKRHhHS%2F%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: 3ySxiYLHgsBMfVLvzf9GnDd9Z0OfEA5uvXym3QXB_XLSXeZD-Os4MA==
content-type: image/svg+xml
last-modified: Mon, 25 Mar 2024 10:54:26 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-161975016249,FD-106424384934,P-7048931,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: H18RCHRB7MVS4981
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-161975016249,FD-106424384934,P-7048931,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:14 GMT
vary: Accept-Encoding
x-amz-id-2: fk+i8tuNcKiTPrry67LEcWaOmCu+u714BplJb9qliS8ubEIheNUujyPheXd17gMXG/y8HmMtbDg=
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-meta-access-tag: public-indexable
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 dc0d44cdab5f8e9ba84c61add4fc98c2.cloudfront.net (CloudFront)
cf-ray: 8debc574ce67e51d-TXL
access-control-allow-origin: *
x-amz-cf-pop: MXP64-C2
x-amz-meta-created-unix-time-millis: 1711364057618

GET
H3 200 Rectangle%20102.svg
www.picussecurity.com/hubfs/2023%20-%20Optimization/ 197 B
1 KB 57ms
57ms Image
image/svg+xml 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hubfs/2023%20-%20Optimization/Rectangle%20102.svg

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea40563dac288d2a4e806100888a28be233519095512b5b0f44f02d4a4b23aea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"977c98d8ef6f43bbf2d0b84be827e3f4"
age: 1013769
cache-tag: F-161969425522,FD-106424384934,P-7048931,FLS-ALL
x-amz-version-id: 6SKLAgGDi0sGrjUFBlWH1sxZJTNCi3le
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jX8kJNI9%2BevPCspvpHVSXfQMSZWtPVDhKfWqkCeRONCy2aYxi9ZlTIzFB%2F%2B7djbXlr0322t7h5WTM91mXDF%2FEDVsNgixKEnQUJ407fZXDUJwO8h3MKLgPIYK8G%2FAtmJnfyMbwd4v0A%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: bjk66b6jfXtjsZc1heoUhrVED1YADxBBNxxC7znfReb1JlZFvaAjZw==
content-type: image/svg+xml
last-modified: Mon, 25 Mar 2024 10:52:23 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-161969425522,FD-106424384934,P-7048931,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: WYNPND940CCP04RB
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-161969425522,FD-106424384934,P-7048931,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:14 GMT
vary: Accept-Encoding
x-amz-id-2: S3mEu3ro9OhLH6cSEYB1ogkShsUaHbl+Xzd1JiI+ecMfALyQXUsPvQGoBNl2Xmr4H5+apoThuKY=
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-meta-access-tag: public-indexable
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 f4021b1aef9bacd347e69fce08bd4964.cloudfront.net (CloudFront)
cf-ray: 8debc574ce69e51d-TXL
access-control-allow-origin: *
x-amz-cf-pop: WAW51-P1
x-amz-meta-created-unix-time-millis: 1711363942083

GET
H3 200 bg-resources-hero.png
www.picussecurity.com/hubfs/2023%20-%20Optimization/ 271 KB
272 KB 61ms
61ms Image
image/webp 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.picussecurity.com/hubfs/2023%20-%20Optimization/bg-resources-hero.png

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300424271/1729666478482/Shield/css/main.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4d853f486dc84fdc7d1b073cbe0567f4ad79b211fc28ed46186bbb0c8cd1ad26

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/32300424271/1729666478482/Shield/css/main.min.css

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "d0fee8b958d9057e647a94f7db3c9a78"
age: 948651
cache-tag: F-157034522480,FD-106424384934,P-7048931,FLS-ALL
x-amz-version-id: EcSxbCGIawRyFaBBkybAUOhnSjgonGVI
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=65hn%2Bg2Skw%2FGzUoKp6TMVqZfms6UMRxPn6mJUCTUJ1DSHjkCLsWWJ%2FVG%2F5hf7Y6JDSRkXQiaLcLMvS%2B%2B853ejjgoCoevrpOWwQVJKTcX92h4tIk4ZET3je9LKuYUrCpq4HBJB8lziA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: trJAIMCDSeOeO3fCIFVr6Ii-zANCQKJRkjH_lBCmrd9zq82csXzZdQ==
content-type: image/webp
content-disposition: inline; filename="bg-resources-hero.webp"
last-modified: Thu, 15 Feb 2024 12:13:55 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-157034522480,FD-106424384934,P-7048931,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 07S0C9WHNFTYPAJY
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-157034522480,FD-106424384934,P-7048931,FLS-ALL
content-length: 277185
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-server-side-encryption: AES256
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
cf-polished: origFmt=png, origSize=604050
date: Thu, 07 Nov 2024 07:57:14 GMT
vary: Accept, Accept-Encoding
x-amz-id-2: g2G9X+OXCptlddAlml/wmG06+i2rgLhQLyGyf5wxtT2lPwXrLIwlRlv/FcqQLAMFaylqHPNBlR9IXx6qGWzXXqQBaD3jySbVM25WQZs69Os=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 bc15df0ddd2cf5735a630c71c367efec.cloudfront.net (CloudFront)
cf-ray: 8debc574de71e51d-TXL
access-control-allow-origin: *
x-amz-cf-pop: ZRH55-P2
x-amz-meta-created-unix-time-millis: 1707999225481

GET
H3 200 700.woff2
www.picussecurity.com/_hcms/googlefonts/Red_Hat_Display/ 17 KB
18 KB 109ms
107ms Font
font/woff2 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/_hcms/googlefonts/Red_Hat_Display/700.woff2

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b71a29ecd59a83648619466fa24609d9030aa3eb31b3cedc7f9b424d2da1a270

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.picussecurity.com
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-cache-status: HIT
etag: "e07916f3407087b153d29bebb418965b"
x-amz-version-id: OZTclN99s_jogKp63iRqV0mH_styJuC5
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S%2BEs1lqWKqqgeqyYnCzEK52YTZdhOzge%2FNbXzhGhXMAnpN5Gfsla2sM55SifQMSaiJ9MBTf9x%2B%2Fh%2BetTRvjRqMbvNOqVR4Rm5dZLvQVoGvpi8YmBaQQgyMRNNNicqcQnBBfxJQs7jQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
expires: Thu, 21 Nov 2024 07:57:14 GMT
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: KUcjSRe-Am9iTaPLYqMf9TUVLxTvKDrWK5E12x1ZRDsKqMn3qf3h4w==
date: Thu, 07 Nov 2024 07:57:14 GMT
content-type: font/woff2
last-modified: Sat, 07 Sep 2024 17:22:59 GMT
vary: Accept-Encoding
x-amz-id-2: rt46xMMAIxM9pcAxZQebsqcfIK9N6V4bUZl+fsnt5f8yUhkePN2ueZQMXqONDuF+yB11Qxp4X4o=
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=1209600
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 2e4b77c76f89825e36f12179cf1b33ea.cloudfront.net (CloudFront)
cf-ray: 8debc5751fb0e51d-TXL
x-amz-request-id: ZF30GHD5F6J0YTGE
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
access-control-allow-origin: *
content-length: 17464
x-amz-cf-pop: WAW51-P1
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 regular.woff2
www.picussecurity.com/_hcms/googlefonts/Red_Hat_Display/ 16 KB
18 KB 99ms
97ms Font
font/woff2 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/_hcms/googlefonts/Red_Hat_Display/regular.woff2

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7fdcb805a20649db94783ffc68e227bd61a806f29af381db6c84b52138d2dccd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.picussecurity.com
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-cache-status: HIT
etag: "944832f134e36e508e05dbe34a841f6a"
x-amz-version-id: PxisF_UNpAHOLz9qSUz.ic2u_YEt6Dks
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dBnuKZvLrht6WVa8YjsvoxSUBRMV7cyVvK97InA%2F3tdAAuw8JgsJtEGFGWwkxK35SddeecMhjksCKstvYvM36HEuQn5GOUtYxXAm15PbDxvd8qRr23Ej%2FKxzJn%2B0QaQOxnJgsSR%2F6Q%3D%3D"}],"group":"cf-nel","max_age":604800}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=ll7.dvwudUuvNlkUuWAqca5Rq7Yy.6OAkdri5hnyiao-1730966234-1.0.1.1-CLHZ6FVX9jiIs3pVrM1oEmgkMSMpInlw8lq2G2qi8WWQGzFTpesP0rlfFX7gDA0RJnwZSwMntxBcVVZomBq_Xzg06_FHJowULRwam.sWIeLYIbQoreCtNbT3schEoPKWqjT4MsZpCpCPWqCdRh7i9_aFL9BlOsMyoOrPPy7xCR8"}],"group":"cf-csp-endpoint","max_age":86400}
access-control-allow-methods: GET
expires: Thu, 21 Nov 2024 07:57:14 GMT
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: eWiSLZSjxpNAPJoUQQedcqAsCJB00MkU3j6sy-RpSEsdLiqFHZA7yg==
date: Thu, 07 Nov 2024 07:57:14 GMT
content-type: font/woff2
last-modified: Sat, 07 Sep 2024 17:22:55 GMT
vary: Accept-Encoding
x-amz-id-2: 5eL2C5NxKODCB4gmvd7jwKv+6qYa/OzyxEBmeQvcdtABHbsaOBrnaR+p6KKs6JTpIUKf5YHfADdPbu8YB/hI76tQbvZFTtzgp6wQLKuMkjk=
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=1209600
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=ll7.dvwudUuvNlkUuWAqca5Rq7Yy.6OAkdri5hnyiao-1730966234-1.0.1.1-CLHZ6FVX9jiIs3pVrM1oEmgkMSMpInlw8lq2G2qi8WWQGzFTpesP0rlfFX7gDA0RJnwZSwMntxBcVVZomBq_Xzg06_FHJowULRwam.sWIeLYIbQoreCtNbT3schEoPKWqjT4MsZpCpCPWqCdRh7i9_aFL9BlOsMyoOrPPy7xCR8; report-to cf-csp-endpoint
via: 1.1 5fcaff61319ae387c2158360c598d28a.cloudfront.net (CloudFront)
cf-ray: 8debc5751fb8e51d-TXL
x-amz-request-id: 9HXRGZ8VB8WVKH44
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
access-control-allow-origin: *
content-length: 16788
x-amz-cf-pop: CDG52-P5
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2
fonts.gstatic.com/s/inter/v18/ 47 KB
47 KB 152ms
91ms Font
font/woff2 172.217.18.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;800;900&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.3 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f3.1e100.net

Software

sffe /

Resource Hash

f052ee44c3728dfd23aba8a4567150bc314d23903026fbb6ad089422c2df56af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.picussecurity.com
Referer: https://fonts.googleapis.com/

Response headers

age: 59830
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 06 Nov 2025 15:20:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 06 Nov 2024 15:20:04 GMT
last-modified: Mon, 29 Jul 2024 22:51:01 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 48444
x-xss-protection: 0
server: sffe

GET
H3 200 UcCO3FwrK3iLTeHuS_nVMrMxCp50SjIw2boKoduKmMEVuGKYAZ9hiA.woff2
fonts.gstatic.com/s/inter/v18/ 24 KB
24 KB 150ms
89ms Font
font/woff2 172.217.18.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v18/UcCO3FwrK3iLTeHuS_nVMrMxCp50SjIw2boKoduKmMEVuGKYAZ9hiA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@600&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.3 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f3.1e100.net

Software

sffe /

Resource Hash

62553d159189834af73c9a6264704be5b2bee9a08da66a14768d8e5c6ffd2cdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.picussecurity.com
Referer: https://fonts.googleapis.com/

Response headers

age: 207884
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Tue, 04 Nov 2025 22:12:30 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 04 Nov 2024 22:12:30 GMT
last-modified: Mon, 29 Jul 2024 22:45:23 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 24304
x-xss-protection: 0
server: sffe

GET
H3 200 regular.woff2
www.picussecurity.com/_hcms/googlefonts/Inter/ 106 KB
107 KB 91ms
89ms Font
font/woff2 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/_hcms/googlefonts/Inter/regular.woff2

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e095c77cbc278604a08136ba272382190c0c7a12a26777a33ca20fafbb59186

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.picussecurity.com
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-cache-status: HIT
etag: "7206d65c5fe7587e1efb16144ff41175"
x-amz-version-id: qqsy1i54n5NfUHnt2CpgzmQxrsUTlalp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j3kKcTOuMihMMkNiNG4W%2BlulApP1rSKonBY7M9%2BngqnuCW9voSbBVb9%2FBBWKid02uKiauOQIOrZMxJScJj%2BoD%2F2r94EJC97iZF3HejLfn9D5%2FWoQD2usbNvjHudwk6gKUi0PQaZvSA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
expires: Thu, 21 Nov 2024 07:57:14 GMT
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: 6AlCSHyvp0H9dctHAQe6Ql1q03KV7jQBmyE6Q6ZuIiGdQkaQF2oVOQ==
date: Thu, 07 Nov 2024 07:57:14 GMT
content-type: font/woff2
last-modified: Sat, 07 Sep 2024 14:17:57 GMT
vary: Accept-Encoding
x-amz-id-2: XXoJIGc9EZwo7ofk31oFlx949/J3HhJItrdo7jeHqKD/MFuPWojUN2TZL17lCoXfj2jxLL5e9c0qh+zrLxR3Zf2JrxBWbQiDw2SEGj3VFoU=
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=1209600
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 b08e1d433d62b5ab056680968a8cc7ea.cloudfront.net (CloudFront)
cf-ray: 8debc5751fbbe51d-TXL
x-amz-request-id: VNDBDR94WNQE2ESH
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
access-control-allow-origin: *
content-length: 108176
x-amz-cf-pop: FRA60-P7
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 Paper%20Icons.svg
www.picussecurity.com/hubfs/2023%20-%20Optimization/ 3 KB
2 KB 57ms
52ms Other
image/svg+xml 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hubfs/2023%20-%20Optimization/Paper%20Icons.svg

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e8762831ff219f8b76b3479d9ffb9da218a058d059993123584cdbb5da6c079b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
x-amz-version-id: G6aTXUudX1thnchIZCO_zEyjoyxJwiGR
age: 1267808
cache-tag: F-161967644941,FD-106424384934,P-7048931,FLS-ALL
etag: W/"af898a1c995d79d5de9c5bbd71bda7b7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EqUxIcf1UcOSKLx9lWlxrh2LShDdsieRBeu191HfzaWIlzn%2F9p%2BJxx3XABfqp7cb2ff%2FfMBqie2iGFL6eGkUKlJV6IgmoHGB2MB2e%2BodP1JPPb%2BC2DMDY%2FceRx4Mp%2Fault29wm95Iw%3D%3D"}],"group":"cf-nel","max_age":604800}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=GH6RT.J0yVcEs4xXZYV7QNglLMVoBWGq9w75qRbI8nI-1730966234-1.0.1.1-TZBIm1CS9HAxrrI_auxq4fcJFwYdQ4Cdc6x9gz8KDtXEwIjcgk4rZ1lMbVq0qD3f50goENYMuRXan07S1EkFyoV3HBp6e_iCbchTCPgiVG3y4tyZrkoc.vkB9eyADoszXsvAtNdbIiCeS_hFIYH5lumqEus2Wmdk44J6n6sL1pQ"}],"group":"cf-csp-endpoint","max_age":86400}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: Qy1dP88-ruu7IEN1_8SjXAfjmGNHqaLeJTLrxeLypRBGfkI2_pnvQw==
last-modified: Mon, 25 Mar 2024 09:51:40 GMT
content-type: image/svg+xml
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-161967644941,FD-106424384934,P-7048931,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 85PFFNHDMBAZWTES
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-161967644941,FD-106424384934,P-7048931,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 07:57:14 GMT
vary: Accept-Encoding
x-amz-id-2: kfbrcaYUtG/+UHP+yKOkBlx32jmfYGBWFrLOrXVsE4RjVeb2KKcfbeo26eah/gloO0/UpwSdTkcFdDYO0sMWUF0S6ZuOmiMS
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-meta-access-tag: public-indexable
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
content-security-policy-report-only: script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=GH6RT.J0yVcEs4xXZYV7QNglLMVoBWGq9w75qRbI8nI-1730966234-1.0.1.1-TZBIm1CS9HAxrrI_auxq4fcJFwYdQ4Cdc6x9gz8KDtXEwIjcgk4rZ1lMbVq0qD3f50goENYMuRXan07S1EkFyoV3HBp6e_iCbchTCPgiVG3y4tyZrkoc.vkB9eyADoszXsvAtNdbIiCeS_hFIYH5lumqEus2Wmdk44J6n6sL1pQ; report-to cf-csp-endpoint
via: 1.1 69a10b66d89f36667ccbb3842b1892d0.cloudfront.net (CloudFront)
cf-ray: 8debc575380ce51d-TXL
access-control-allow-origin: *
x-amz-cf-pop: IST50-P3
x-amz-meta-created-unix-time-millis: 1711360299644

GET
H2 200 AD_4nXc5JrU2t8rcjdXf1kg18FLu_E_MdZWDvqoklGpZ93AOrlVy8P4nYdUcmqqesf0yRblh-inBKtbqx3WNOYSod7stS5Ht791QK1R9nJBxiH7vWLTSvET1oaU5KWCgukBPmMtCECxDGeHrphV67E1W75HvGr74
lh7-rt.googleusercontent.com/docsz/ 61 KB
62 KB 1246ms
1070ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh7-rt.googleusercontent.com/docsz/AD_4nXc5JrU2t8rcjdXf1kg18FLu_E_MdZWDvqoklGpZ93AOrlVy8P4nYdUcmqqesf0yRblh-inBKtbqx3WNOYSod7stS5Ht791QK1R9nJBxiH7vWLTSvET1oaU5KWCgukBPmMtCECxDGeHrphV67E1W75HvGr74?key=FZkEx8O1hJoMI_AzkmWvFoG_

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

b9e0d8bb5e93f8376e1e233d7615950b805a799a753dc4c1ed078ca92eddd5a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

access-control-expose-headers: Content-Length
cache-control: private, max-age=86400, no-transform
etag: "v0"
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62723
date: Thu, 07 Nov 2024 07:57:15 GMT
x-xss-protection: 0
content-type: image/png
vary: Origin
server: fife
content-disposition: inline;filename="unnamed.png"

GET
H2 200 ajax-loader.gif
7048931.fs1.hubspotusercontent-na1.net/hubfs/7048931/raw_assets/public/Picus%20IL%20Shared/Shared%20by%20Themes/asset/font/ 3 KB
3 KB 220ms
177ms Image
image/gif 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://7048931.fs1.hubspotusercontent-na1.net/hubfs/7048931/raw_assets/public/Picus%20IL%20Shared/Shared%20by%20Themes/asset/font/ajax-loader.gif
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs-fs/hub/7048931/hub_generated/template_assets/119013969479/1686049622830/Picus_IL_Shared/Shared_by_Themes/asset/slick-theme.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 568d7b83659993469a2d729ad98daba3a7de2568f74d670d18ae618f118fe353

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/

Response headers

x-robots-tag: none
cf-cache-status: HIT
etag: "c5cd7f5300576ab4c88202b42f6ded62"
age: 604134
cache-tag: F-119013776918,FD-119014686826,P-7048931,FLS-ALL
x-amz-version-id: In9ttezEZ_GM9U3eektboBkYWwcorOKA
x-cache: RefreshHit from cloudfront
x-amz-cf-id: 44GVKZ8PvScg-nnUrYh-YlwRB_7OIIbYSDj-weudaSjzepa2QLZDmA==
content-type: image/gif
last-modified: Tue, 06 Jun 2023 11:06:52 GMT
x-amz-meta-index-tag: none
x-amz-replication-status: COMPLETED
edge-cache-tag: F-119013776918,FD-119014686826,P-7048931,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 9V28ERJM5XTW29XQ
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-119013776918,FD-119014686826,P-7048931,FLS-ALL
content-length: 2592
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-server-side-encryption: AES256
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
cf-polished: origSize=4178
date: Thu, 07 Nov 2024 07:57:14 GMT
vary: Accept-Encoding
x-amz-id-2: bAoX7wZReMGQYWNbA4I2m6sC4EvqZl/I2LhA6Lgkb+sB3+D3HrMjo5pWpGvdmg0rOCJqVv9TsKWzT5ygDePHaw==
timing-allow-origin: 7048931.fs1.hubspotusercontent-na1.net
via: 1.1 56df5811b9d89103539b9b0b5fd9b262.cloudfront.net (CloudFront)
cf-ray: 8debc575bed41c38-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1686049611853

GET
H3 200 json Show response
www.picussecurity.com/_hcms/forms/embed/v3/form/7048931/10a2d0b0-9f91-4cd7-a1e0-1cff39706638/ 7 KB
2 KB 187ms
187ms XHR
application/json 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/_hcms/forms/embed/v3/form/7048931/10a2d0b0-9f91-4cd7-a1e0-1cff39706638/json?hs_static_app=forms-embed&hs_static_app_version=1.6227&X-HubSpot-Static-App-Info=forms-embed-1.6227

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f9ca99fe82ab8774dbe41c6e8d72fe5bddfc329a9518ba6a880572c1ef96c538

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: 21437728-c47a-4ffa-a51c-7d04a0eefd5d
access-control-expose-headers: X-Origin-Hublet
content-encoding: br
cf-cache-status: DYNAMIC
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=be1xsPUNZ9HN8hK1v0yHSUNHo4ZaOURJbNrNX8HykNQNlVzUnTqdYSm1eqTBwQU3G2S4dVI6L9L31vGnp2ujPMg71zcQOXabbL4%2FYBV3js77NaPZ3MBhCvF5HWkieKskJP0QIUaKKA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: OPTIONS, GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
date: Thu, 07 Nov 2024 07:57:14 GMT
x-hubspot-correlation-id: 21437728-c47a-4ffa-a51c-7d04a0eefd5d
content-type: application/json;charset=utf-8
vary: origin, Accept-Encoding
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 17
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-6c6b56f4b-sdfp7
access-control-allow-credentials: false
cf-ray: 8debc5761b95e51d-TXL
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 json Show response
www.picussecurity.com/_hcms/forms/embed/v3/form/7048931/10a2d0b0-9f91-4cd7-a1e0-1cff39706638/ 7 KB
2 KB 348ms
161ms XHR
application/json 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

725822cb7a90a5c69dd64ba2bc70de4d3c48a4d8b2faab1e676a83c504c7adc8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: 8cabe173-dc86-46af-b2d2-82a53915ea61
access-control-expose-headers: X-Origin-Hublet
content-encoding: br
cf-cache-status: DYNAMIC
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T6RQlcUC7Wh4DYAdJsRJzt%2F3W6kR545smpKetJBNJy%2Fl7K%2BPn6PJAsC%2FTh6XEpVPi4AIlfHTH8Ayt%2F6tDwC7VV%2FTAV9XE3%2FtelA8PaA1amy2ah7wB9LaSK%2FVLwm6uwPyzrbSFqPWlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: OPTIONS, GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
date: Thu, 07 Nov 2024 07:57:14 GMT
x-hubspot-correlation-id: 8cabe173-dc86-46af-b2d2-82a53915ea61
content-type: application/json;charset=utf-8
vary: origin, Accept-Encoding
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 12
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-6c6b56f4b-2s9jl
access-control-allow-credentials: false
cf-ray: 8debc5773819e51d-TXL
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 101ms
41ms Script
application/x-javascript 157.240.253.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.253.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra5.fbcdn.net

Software

Resource Hash

126e07fe4635bb161e3cef3e0041dac87c8eb4bf390878de83077a7244a5a3ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

content-md5: 8d5He/RNDI30cZdgdnP15g==
access-control-expose-headers: X-FB-Content-MD5
content-encoding: gzip
etag: "82bb3bf9f1dd8dbee457ad2a8d2b701b"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Thu, 07 Nov 2024 08:07:57 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 07 Nov 2024 07:57:14 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-content-md5: 0b6abf7e93aa3810eafc8bb5c599eae0
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=40, rtx=0, c=23, mss=1232, tbw=4422, tp=9, tpl=0, uplat=0, ullat=-1
x-fb-debug: WbKkZXN7K20gQ7X4qSA6E+aJmfWc0mrno7DVNCgKIBKA2UqYLP0H3zL+CyK/MWsE/8CvzvAMt7qR0ad3+6JaGg==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
access-control-allow-origin: *
content-length: 1684
origin-agent-cluster: ?1

GET
H2 200 widgets.js Show response
platform.twitter.com/ 91 KB
27 KB 253ms
43ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

content-encoding: gzip
etag: "824beb891744db98ccbd3a456e59e0f7+gzip"
access-control-allow-methods: GET
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
date: Thu, 07 Nov 2024 07:57:14 GMT
last-modified: Mon, 11 Dec 2023 17:20:28 GMT
vary: Accept-Encoding
x-served-by: cache-iad-kcgs7200137-IAD, cache-fra-etou8220149-FRA
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=1800
tw-cdn: FT
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27597
x-amz-server-side-encryption: AES256

POST
H2 200 open
t.visitorqueue.com/p/ 2 B
318 B 135ms
133ms Ping
text/plain 2600:9000:2490:9400:c:77c4:d500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://t.visitorqueue.com/p/open
Requested by: Host: t.visitorqueue.com
URL: https://t.visitorqueue.com/p/tracking.min.js?id=67ab0ee7-fcba-400b-8cb3-db7bb1cc0033
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:9400:c:77c4:d500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

via: 1.1 dd09b3b5f5b8dc626e1ba6804a73af40.cloudfront.net (CloudFront)
access-control-request-method: *
access-control-allow-origin: *
x-cache: Miss from cloudfront
content-length: 2
alt-svc: h3=":443"; ma=86400
date: Thu, 07 Nov 2024 07:57:14 GMT
content-type: text/plain
x-amz-cf-pop: FRA56-P6
x-amz-cf-id: 3cn_b_B6iPNMvpZEAofYQgIE-lj8QYCOAttdcVHXvnbHkc_mq7nzaw==
access-control-allow-headers: *

GET
H2 200 open
t.visitorqueue.com/p/ 35 B
371 B 323ms
322ms Image
image/gif 2600:9000:2490:9400:c:77c4:d500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.visitorqueue.com/p/open?l=9&q=cGFnZVZpZXdJZD1lZmI2YTdmYi05OGUyLTQ4MDctODczZi1jNDBmMzgwMWZhZDYmcGF0aE5hbWU9L3Jlc291cmNlL2Jsb2cvdXMtdGFyZ2V0cy1yZWRsaW5lLWFuZC1tZXRhLWluZm9zdGVhbGVycy1pbi1vcGVyYXRpb24tbWFnbnVzJnZpc2l0b3JJZD0xZGMxZGZjMC0yYTQ4LTQ2ZmItODRiZS1mOTBjZTljMTY5YjkmdmlzaXRJZD00NWZiYzFkZi1iYWQ4LTRkN2MtYWZkNi1mNzg0MGM1ZjhjMzEmbmV3VmlzaXRvcj0xJmFjY2Vzc2VkQXQ9MTczMDk2NjIzNSZ2cVRyYWNraW5nSWQ9NjdhYjBlZTctZmNiYS00MDBiLThjYjMtZGI3YmIxY2MwMDMzJm9yaWdpbj13d3cucGljdXNzZWN1cml0eS5jb20mc2NyaXB0VmVyc2lvbj0yLjMuMSZwYWdlVmlld0NvdW50PTEmdmlzaXRTdGFydD0xNzMwOTY2MjM1
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:9400:c:77c4:d500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

cache-control: No-Store
via: 1.1 dd09b3b5f5b8dc626e1ba6804a73af40.cloudfront.net (CloudFront)
access-control-request-method: *
access-control-allow-origin: *
x-cache: Miss from cloudfront
content-length: 35
alt-svc: h3=":443"; ma=86400
date: Thu, 07 Nov 2024 07:57:14 GMT
content-type: image/gif
x-amz-cf-pop: FRA56-P6
x-amz-cf-id: yQXrxElaCI_Le_JW9yTx2JfE-7598y8LA8JhS0FbXTIz8YnbGPckLg==
access-control-allow-headers: *

GET
H2 200 modules.6f60e575cf8ad7cb10f7.js Show response
script.hotjar.com/ 222 KB
55 KB 246ms
48ms Script
application/javascript 13.32.27.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.6f60e575cf8ad7cb10f7.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2366058.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.19 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-19.fra56.r.cloudfront.net

Software

Resource Hash

f0a9b19d1615e0e2afdca507d4c7cbe384b0bdfad5cbaf63c14a386df33a62d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: none
content-encoding: br
etag: "56b1b49a4bdc4c874445907df778d045"
age: 236236
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: NcHFb_rlONg2L81RZza5T7Cj_7Y9dH86rfOCTjLIc3K5erjUWBbprg==
date: Mon, 04 Nov 2024 14:19:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 04 Nov 2024 14:19:24 GMT
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
via: 1.1 cb1bcb02f5d0667fafd0890701965f18.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 56128
x-amz-cf-pop: FRA56-C2

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
25 KB 251ms
59ms Script
application/javascript 2606:4700::6810:6bfe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscollectedforms.net/collectedforms.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs/scriptloader/7048931.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6bfe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca9ead1a878c5a474808166462389da9859bbe06ee7c5e4365029c8062709121

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.picussecurity.com
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-request-id: b4355067-5ca4-48f1-8c84-9b3e22437850
content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: _vUoUmuymk3IT7Uikz585Nn8PzBEJUsn
etag: W/"216a00fb66fa9b149d5f8b5557f0f563"
age: 278
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: fiJZFGHfkHlood9e7GJDmQ8REiViHj9NZa9FuYkmL3x86m5rj50PSQ==
x-hubspot-correlation-id: b4355067-5ca4-48f1-8c84-9b3e22437850
content-type: application/javascript; charset=utf-8
last-modified: Mon, 14 Oct 2024 10:34:35 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-86c46c9777-zl2mg
x-envoy-upstream-service-time: 6
x-hs-target-asset: collected-forms-embed-js/static-1.885/bundles/project.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET
x-hs-cache-status: MISS
date: Thu, 07 Nov 2024 07:57:14 GMT
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.885/bundles/project.js&cfRay=8debbea9a9acc2fa-FRA
via: 1.1 b77313059f3d50280ced20238b151620.cloudfront.net (CloudFront)
cf-ray: 8debc577b99e1951-FRA
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 550 KB
92 KB 243ms
54ms Script
application/javascript 2606:4700::6812:8a11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs/scriptloader/7048931.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8a11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d44882ab82adeef2856a0d52fb54bb70e472be45d50aa3a16b4cb39223391a99

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.picussecurity.com
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-request-id: 08a89532-3218-44ec-a123-55fc62b58626
content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: 1P48dmUoAxkQ57N6qBxgDzS3oBmZAXBF
etag: W/"ce26171eff05376a1b746efbb809f7f6"
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
age: 35581
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: BKpwlJFPRjc5hiSPX-W1sGMhHeyQa0YjfeSELRUi6ki3xmmUtuGUWA==
x-hubspot-correlation-id: 08a89532-3218-44ec-a123-55fc62b58626
content-type: application/javascript; charset=utf-8
last-modified: Wed, 09 Oct 2024 10:17:06 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=86400, max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-6c6dd6864-f7rdw
x-envoy-upstream-service-time: 1
x-hs-target-asset: lead-flows-js/static-1.1724/bundle/main/lead-flows-release.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
x-hs-cache-status: HIT
date: Thu, 07 Nov 2024 07:57:14 GMT
vary: Accept-Encoding
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1724/bundle/main/lead-flows-release.js&cfRay=8d05e40b29399749-ARN
via: 1.1 16d910967d343c8da7828222a653755e.cloudfront.net (CloudFront)
cf-ray: 8debc577bf4019b1-FRA
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 93 KB
26 KB 233ms
51ms Script
application/javascript 2606:4700::6810:4e8e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.usemessages.com/conversations-embed.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs/scriptloader/7048931.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:4e8e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

067c9537ec36da4afb93e9fec9bc7e656959b6623e9491f0092200db06657f1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-evy-trace-virtual-host: all
x-request-id: 7fe6bc4b-52b0-4cfd-abcd-0200f2528434
content-encoding: gzip
cf-cache-status: HIT
etag: W/"437fb84b40fd41c605a366d14a984219"
x-amz-version-id: GnpHiVDEdERXJOUylwbQwpaNqjGhipG0
age: 302
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-hs-cache-status: HIT
x-amz-cf-id: KSrTtoDUgG2m6Aa_eq7DNO8iI7U899RPCbQPaNn0GkXTGrMJAq2AUQ==
date: Thu, 07 Nov 2024 07:57:14 GMT
x-hubspot-correlation-id: 7fe6bc4b-52b0-4cfd-abcd-0200f2528434
content-type: application/javascript; charset=utf-8
last-modified: Thu, 31 Oct 2024 16:46:07 UTC
vary: accept-encoding
x-evy-trace-listener: listener_https
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-86c46c9777-z72fs
x-envoy-upstream-service-time: 1
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.18525/bundles/project.js&cfRay=8debbe137ea29b9b-FRA
via: 1.1 e8eec15d9551dd475d4c478f9fbb5f04.cloudfront.net (CloudFront)
cf-ray: 8debc577a8edd274-FRA
x-evy-trace-route-configuration: listener_https/all
x-hs-target-asset: conversations-embed/static-1.18525/bundles/project.js
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 7048931.js Show response
js.hs-analytics.net/analytics/1730966100000/ 68 KB
25 KB 246ms
53ms Script
text/javascript 2606:4700::6811:afc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1730966100000/7048931.js
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs/scriptloader/7048931.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d2012aadea462fafe352402e17767e0f80b6407c288876a88052e478cc6e9466

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-amz-server-side-encryption: AES256
x-request-id: 85e78b63-b0db-4d07-95a5-41f69a54332f
content-encoding: gzip
cf-cache-status: HIT
etag: W/"356e3cc64e9d8ebe47b1070958a9860b"
x-amz-version-id: null
age: 63
expires: Thu, 07 Nov 2024 08:01:11 GMT
x-evy-trace-listener: listener_https
date: Thu, 07 Nov 2024 07:57:14 GMT
x-hubspot-correlation-id: 85e78b63-b0db-4d07-95a5-41f69a54332f
content-type: text/javascript
last-modified: Tue, 22 Oct 2024 20:49:10 GMT
vary: origin, Accept-Encoding
x-amz-id-2: dCmJTHeQY3dkBSdXFq/uVPLQq9jzFO8vZlDfEULcZSjVxRK/4HiioWkhg5qaHHcfty2bQ15Jvek=
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-58b4c4568d-nc94p
x-envoy-upstream-service-time: 84
access-control-allow-credentials: false
x-amz-request-id: GFWESNYPFKMGN71G
cf-ray: 8debc577b8c35b74-FRA
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 7 KB
4 KB 235ms
59ms Script
application/javascript 2606:4700::6811:df98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs/scriptloader/7048931.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:df98 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb72a3cb5614383e3b08354bc293e2399eb11d0ed17eef59d44bef4598682c3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-evy-trace-virtual-host: all
x-request-id: e14373e4-c960-4cb1-b3ec-8d3555fa25a5
content-encoding: gzip
cf-cache-status: HIT
etag: W/"17bd3d5b05607076554f8374be06d128"
x-amz-version-id: rL2b5HBNljJfVZ2cRM1vTT.Ta_yx29M2
age: 575
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-hs-cache-status: HIT
x-amz-cf-id: quSbsogTYDi1XfHrQZO8J8-TGZtg9hrbZQpYVweHyZx_ViufE6fM2w==
date: Thu, 07 Nov 2024 07:57:14 GMT
x-hubspot-correlation-id: e14373e4-c960-4cb1-b3ec-8d3555fa25a5
content-type: application/javascript; charset=utf-8
last-modified: Wed, 06 Nov 2024 21:06:30 UTC
vary: accept-encoding
x-evy-trace-listener: listener_https
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-86c46c9777-f5595
x-envoy-upstream-service-time: 1
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.647/bundles/pixels-release.js&cfRay=8debb76949cdd9d6-FRA
via: 1.1 53b70ac9dc46d1c13992b291cf22a9aa.cloudfront.net (CloudFront)
cf-ray: 8debc577bb9d9076-FRA
x-evy-trace-route-configuration: listener_https/all
x-hs-target-asset: adsscriptloaderstatic/static-1.647/bundles/pixels-release.js
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/7048931/ 86 KB
28 KB 308ms
155ms Script
text/javascript 2606:4700:4400::ac40:9310
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/7048931/banner.js
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs/scriptloader/7048931.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9310 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7959e686f3668a5465c5eacedf2d57eb61675b5f8584fcb07114aa38b63d53b8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-evy-trace-virtual-host: all
access-control-max-age: 604800
x-request-id: 11fa2a7b-6267-4c28-b713-fc9e90bca7bf
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
content-encoding: gzip
cf-cache-status: REVALIDATED
etag: W/"64a8130e9eaf229bc8c031f165093971"
x-amz-version-id: VmzTKp0hM3SnYqhhf.7T6p4d1BwNMaP8
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
expires: Thu, 07 Nov 2024 08:02:14 GMT
x-evy-trace-listener: listener_https
date: Thu, 07 Nov 2024 07:57:14 GMT
x-hubspot-correlation-id: 11fa2a7b-6267-4c28-b713-fc9e90bca7bf
content-type: text/javascript; charset=UTF-8
last-modified: Thu, 24 Oct 2024 19:19:45 GMT
vary: origin, Accept-Encoding
x-amz-id-2: iHR6zfBL13/wlsUd8Lp7/dWsrUS8UNjxRBM42Wv0715QCH5HJOWs4sf9cDNzG6kcxevUs9XDokM=
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
timing-allow-origin: *
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-58b4c4568d-n6ddx
x-envoy-upstream-service-time: 115
access-control-allow-credentials: true
x-amz-request-id: VRHHXCDQJBSF4B6D
cf-ray: 8debc577cd5ddbbf-FRA
access-control-allow-origin: https://www.picussecurity.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 2 KB
2 KB 367ms
185ms Fetch
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?contentIds=151218727472&contentIds=158874474915&portalId=7048931&currentUrl=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&contentId=182138540426

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46aab71563349f25bf0a0850087f5760b8db58f5f5619761a63b8342442a786a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: noindex, follow
access-control-max-age: 180
x-request-id: 47d2adc9-c211-43ff-a688-c365cd34f342
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QEpeEuJYFC8eRTuV6JwMAfGoRz7iaIQkkwkv%2BXfoiMzotZ7r78F6H91IgEpLS%2FXaViagMiMpdvXgEkATlU73bkN48kKtllgKVyPDZ%2FNt5faKpUXxzselZYuIE6mRLWoGl0MrelhFCSvcdVzP0HNSSzOajgMae6IpRo0%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: OPTIONS, GET
x-evy-trace-listener: listener_https
date: Thu, 07 Nov 2024 07:57:14 GMT
x-hubspot-correlation-id: 47d2adc9-c211-43ff-a688-c365cd34f342
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-6c6b56f4b-sdfp7
x-envoy-upstream-service-time: 35
access-control-allow-credentials: true
cf-ray: 8debc577bfea3619-FRA
access-control-allow-origin: https://www.picussecurity.com
x-evy-trace-route-configuration: listener_https/all
content-length: 610
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 html Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/render/ 1 KB
1 KB 391ms
209ms Fetch
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/render/html?contentIds=151218727472&contentIds=158874474915&portalId=7048931&currentUrl=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&contentId=182138540426&isHubspotPage=true

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57d3d04b4a237dde8837599213c631385d981da2190dfe9099495a58cdd91c92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: noindex, follow
access-control-max-age: 180
x-request-id: b3c4fc4e-2747-49ca-9c06-a895c6fbff5c
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kD4DT7SQ3zQbMXoSemgk%2B3nrIQp3PFIyKlzYs158cH%2BOJ9JcwiOXrU9bdMO1Re8nfxDmb73l4W8l49rpMYXiMKfWeNziaWYDb1xjds9KJPxHORKIgRVaqZFI5Z0FBOz784Mi0lvjfOBVrOKBhygA6lcfG%2FZXLFH%2FZhc%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: OPTIONS, GET
x-evy-trace-listener: listener_https
date: Thu, 07 Nov 2024 07:57:14 GMT
x-hubspot-correlation-id: b3c4fc4e-2747-49ca-9c06-a895c6fbff5c
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-6c6b56f4b-hwhls
x-envoy-upstream-service-time: 59
access-control-allow-credentials: true
cf-ray: 8debc577bfeb3619-FRA
access-control-allow-origin: https://www.picussecurity.com
x-evy-trace-route-configuration: listener_https/all
content-length: 784
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 204 has-permission-json Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
452 B 153ms
152ms XHR
text/plain 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission-json?portalId=7048931

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-request-id: 3192e572-0ae6-4245-8102-a323cf31fde3
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
access-control-allow-methods: GET
x-content-type-options: no-sniff
x-evy-trace-listener: listener_https
date: Thu, 07 Nov 2024 07:57:14 GMT
x-hubspot-correlation-id: 3192e572-0ae6-4245-8102-a323cf31fde3
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=8debc5769a5bdcad&resource=unknown"
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-86c46c9777-hmdlp
x-envoy-upstream-service-time: 4
access-control-allow-credentials: true
cf-ray: 8debc5769a5bdcad-FRA
access-control-allow-origin: https://www.picussecurity.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 / Show response
settings.luckyorange.net/ 129 B
912 B 314ms
145ms Fetch
application/json 172.67.75.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://settings.luckyorange.net/?u=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&s=202290

Requested by

Host: d10lpsik1i8c69.cloudfront.net
URL: https://d10lpsik1i8c69.cloudfront.net/w.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.75.100 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4aedc93d1c0050ee019a0f8a838d5de2b64ca89662eb31c45e04da5d3f09b4f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jbzBWLXvwh0NNqIQsSSRP2su2vZB4QdRiTC7kBQ15yMBPteW%2BvSikSsvnpvvhvo3ZQI0pwalfAuBx6sQRlvkz2OuS1VLkIViMakIchjqidZDQRBhZi3IHWchOVpHqNVSpIuYo%2BpM091%2Bew%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, POST, OPTIONS
server-timing: cfL4;desc="?proto=TCP&rtt=29147&sent=7&recv=12&lost=0&retrans=0&sent_bytes=3964&recv_bytes=2361&delivery_rate=139257&cwnd=253&unsent_bytes=0&cid=df6b586c97616bff&ts=242&x=0"
date: Thu, 07 Nov 2024 07:57:14 GMT
content-type: application/json
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
access-control-allow-headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,Keep-Alive,X-Requested-With,If-Modified-Since
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 8debc577ba0de50f-TXL
access-control-allow-origin: https://www.picussecurity.com
content-length: 120
server: cloudflare

GET
DATA 200
OK truncated
/ 180 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a00ac1e97469410d27c7807937a01a9fb37272970d20a0178bad424be0bdf6ae

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 214 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fffcc1196c1beb2cd92264e3b6efe6fdebc9129610b8308987eff5d97ebab507

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 278 KB
96 KB 61ms
60ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-670063733&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3KD4ZR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

384b974c8b9634c56fb9992959ed44603c530ae06c235dfae8afc493dee85c88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 07 Nov 2024 07:57:14 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 07 Nov 2024 07:57:14 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 07 Nov 2024 06:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 98016
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 a33e3dc0-7316-4f7d-8ec0-244dbd62e401.js Show response
cdn.mouseflow.com/projects/ 115 B
489 B 153ms
56ms Script
application/javascript 2606:4700::6812:1b32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.mouseflow.com/projects/a33e3dc0-7316-4f7d-8ec0-244dbd62e401.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3KD4ZR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1b32 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d65e0bb2b93943ac7a72d8f70bda4f8931d6d07c9731bf28dc1d895c1dc4edf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

access-control-expose-headers: *
content-encoding: br
cf-cache-status: HIT
etag: W/"66d71d44-73"
age: 552521
x-mf-country: DE
x-content-type-options: nosniff
expires: Fri, 08 Nov 2024 07:57:14 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 07 Nov 2024 07:57:14 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 03 Sep 2024 14:29:24 GMT
vary: Accept-Encoding
x-mf-continent: EU
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=86400
cf-ray: 8debc577b87b6ae6-FRA
access-control-allow-origin: *
x-mf-script-region: enforced-privacy
server: cloudflare

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 160ms
43ms Script
application/javascript 2a02:26f0:3500:10::210:a9a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3KD4ZR

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:10::210:a9a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

cache-control: max-age=49143
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 14628
date: Thu, 07 Nov 2024 07:57:15 GMT
last-modified: Thu, 22 Aug 2024 10:43:55 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H2 200 bat.js Show response
bat.bing.com/ 50 KB
15 KB 241ms
63ms Script
application/javascript 2620:1ec:33:3::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3KD4ZR

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33:3::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
content-encoding: gzip
etag: "028e0691d20db1:0"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8013A4B276574AC3A6BEC627F81933A2 Ref B: LON212050706029 Ref C: 2024-11-07T07:57:15Z
accept-ranges: bytes
x-cache: CONFIG_NOCACHE
content-length: 14570
date: Thu, 07 Nov 2024 07:57:14 GMT
content-type: application/javascript
last-modified: Wed, 16 Oct 2024 22:47:44 GMT
vary: Accept-Encoding

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 413 KB
131 KB 71ms
70ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-DB6MKXQ2E6&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3KD4ZR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

07d7742e484bac669f7c1fafc007b600986f5234cc0f0f369d97b39cd563394d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 07 Nov 2024 07:57:14 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 07 Nov 2024 07:57:14 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 133555
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 248 KB
73 KB 43ms
42ms Script
application/x-javascript 157.240.253.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=eea3db0b0acad63f26a581614dd02dca

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.253.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra5.fbcdn.net

Software

Resource Hash

5db7ebaf5c59a393c37e60c30e2d80c32e24cd7b49c02e04a14e10bd4a3e31b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.picussecurity.com
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

content-md5: L/ASZ8ddjGaA60hUMBSvlg==
access-control-expose-headers: X-FB-Content-MD5
content-encoding: gzip
etag: "c148913b577c184b0a1c9aba68caef5c"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Fri, 07 Nov 2025 06:17:34 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 07 Nov 2024 07:57:14 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-content-md5: 9e483c1ae80ca196fe18e8776d865e5d
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: UNKNOWN; q=-1, rtt=-1, rtx=0, c=20, mss=1232, tbw=1825, tp=5, tpl=0, uplat=0, ullat=-1
x-fb-debug: bF2vGpgSoFUllbvzFdz733w7uhkPP/rQbipZlUuiTwGobMNxPyWFaIXs2PeOD6hevEoJUgeIT8LBFKwItk0pcQ==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
access-control-allow-origin: *
content-length: 75075
origin-agent-cluster: ?1

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
849 B 196ms
149ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: none
x-request-id: ffe80668-6c0b-41f6-a808-c80a83687aa3
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
date: Thu, 07 Nov 2024 07:57:15 GMT
x-hubspot-correlation-id: ffe80668-6c0b-41f6-a808-c80a83687aa3
content-type: image/gif
vary: origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-6c6b56f4b-9dtp5
x-envoy-upstream-service-time: 4
access-control-allow-credentials: false
cf-ray: 8debc5785d3ce512-TXL
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
890 B 183ms
138ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: none
x-request-id: 93717276-4b4d-4d92-9387-7d88056ed0cf
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
date: Thu, 07 Nov 2024 07:57:15 GMT
x-hubspot-correlation-id: 93717276-4b4d-4d92-9387-7d88056ed0cf
content-type: image/gif
vary: origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-6c6b56f4b-tbrhv
x-envoy-upstream-service-time: 3
access-control-allow-credentials: false
cf-ray: 8debc5785d37e512-TXL
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 widget Show response
www.picussecurity.com/_hcms/livechat/ 338 B
1 KB 197ms
196ms XHR
application/json 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/_hcms/livechat/widget?portalId=7048931&conversations-embed=static-1.18525&mobile=false&messagesUtk=047c888fc58a4d7a867bcb272cd3db5b&traceId=047c888fc58a4d7a867bcb272cd3db5b

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3d429ffb40c652bd7f9d8037c1e0752935c58621f0b6240c71c40453121c66e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
X-HubSpot-Messages-Uri: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=55qEzRBAImmlfZcPpwodvYVqlmW3%2FQN0S6FXq78zmM8WH%2FKyIEjghxy4CYE%2B6RTK6wge41VmobWhCA9ZEOzA%2FGvJN6%2BKmWYkeUhLQWBGH72aJ0ljIw%2Bdtxja6Q607KS%2Fijt1pA2sxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
date: Thu, 07 Nov 2024 07:57:15 GMT
x-hubspot-correlation-id: 02c390f7-4cb7-4b28-a774-8f23da86ec4a
content-type: application/json;charset=utf-8
vary: origin, Accept-Encoding
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: false
cf-ray: 8debc5784c51e51d-TXL
server: cloudflare

GET
H2 200 widget_iframe.2f70fb173b9000da126c79afe2098f02.html
platform.twitter.com/widgets/ Frame DDB6 0
0 114ms
42ms Document
text/html 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.picussecurity.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: public, max-age=315360000
content-encoding: gzip
content-length: 105429
content-type: text/html; charset=utf-8
date: Thu, 07 Nov 2024 07:57:15 GMT
etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
last-modified: Mon, 11 Dec 2023 17:19:49 GMT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
tw-cdn: FT
vary: Accept-Encoding
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
x-served-by: cache-iad-kiad7000164-IAD, cache-fra-etou8220158-FRA

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 135 B
460 B 152ms
151ms XHR
application/json 2606:4700::6810:6bfe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=7048931&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6bfe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0af58bcdda4bce4a998c3c1d32d5a6bbebd8ef7c7007e8888531cb493cc9f64b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: 6084a63f-dac3-4141-bee6-041b282ae80f
content-encoding: br
cf-cache-status: DYNAMIC
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Thu, 07 Nov 2024 07:57:15 GMT
x-hubspot-correlation-id: 6084a63f-dac3-4141-bee6-041b282ae80f
content-type: application/json;charset=utf-8
vary: Accept-Encoding
access-control-allow-headers: *
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-86c46c9777-7zq57
x-envoy-upstream-service-time: 10
cf-ray: 8debc578ba511951-FRA
access-control-allow-origin: https://www.picussecurity.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 204 2366058 Show response
vc.hotjar.io/sessions/ 0
233 B 157ms
68ms XHR
text/plain 18.66.112.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vc.hotjar.io/sessions/2366058?s=0.25&r=0.07252154675504219
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.6f60e575cf8ad7cb10f7.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-79.fra56.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

via: 1.1 98652de9f742fc1df9de714d921e14c2.cloudfront.net (CloudFront)
access-control-allow-origin: *
cache-control: no-store
x-cache: Miss from cloudfront
x-amz-cf-id: rVGabkULfV_rTf2C8rkv2gzJLqYLncXzaWMxbsDgT1iFNmYfI6_iEw==
date: Thu, 07 Nov 2024 07:57:15 GMT
x-amz-cf-pop: FRA56-P5

POST
H2 200 / Show response
content.hotjar.io/ 56 B
172 B 286ms
154ms XHR
application/json 52.208.120.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.hotjar.io/?site_id=2366058&gzip=1
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.6f60e575cf8ad7cb10f7.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.208.120.167 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-208-120-167.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: eccdaebbdb2cec99bbb95481e7ae05110a96cd9d2c459af234951d23ed275dd8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain; charset=UTF-8
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

access-control-max-age: 86400
access-control-allow-origin: *
content-length: 56
date: Thu, 07 Nov 2024 07:57:15 GMT
content-type: application/json

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
539 B 142ms
142ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: none
x-request-id: 923ecd53-9330-4a70-8f7b-b9cb4e737503
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
date: Thu, 07 Nov 2024 07:57:15 GMT
x-hubspot-correlation-id: 923ecd53-9330-4a70-8f7b-b9cb4e737503
content-type: image/gif
vary: origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-6c6b56f4b-ztwpv
x-envoy-upstream-service-time: 1
access-control-allow-credentials: false
cf-ray: 8debc579490be512-TXL
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

OPTIONS
H2 200 view
js.hs-banner.com/v2/activity/ Frame 0
0 197ms
144ms Preflight
application/octet-stream 2606:4700:4400::ac40:9310
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9310 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.picussecurity.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.picussecurity.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 8debc57a0c552c61-FRA
content-length: 0
content-type: application/octet-stream
date: Thu, 07 Nov 2024 07:57:15 GMT
server: cloudflare
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 0
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-58b4c4568d-ktqcz
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 1782f115-d2ea-4cfc-ab2c-8a5ebf5706ff
x-request-id: 1782f115-d2ea-4cfc-ab2c-8a5ebf5706ff

GET
H2 200 cf-location Show response
js.hs-banner.com/v2/ 2 B
146 B 135ms
48ms Fetch
text/plain 2606:4700:4400::ac40:9310
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/cf-location
Requested by: Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/7048931/banner.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9310 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6814ef46f686990cf4e946f966167b0507e1d642c44e51f61bffb0bba2d4672b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

cache-control: private, max-age=1500
cf-ray: 8debc57a0c532c61-FRA
access-control-allow-origin: *
content-length: 2
date: Thu, 07 Nov 2024 07:57:15 GMT
content-type: text/plain;charset=UTF-8
vary: Accept-Encoding
server: cloudflare

POST
H3 200 collect
pagead2.googlesyndication.com/ccm/ 0
0 132ms
49ms Ping
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pagead2.googlesyndication.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&scrsrc=www.googletagmanager.com&frm=0&rnd=1728410416.1730966235&npa=1&gtm=45He4au0v837849470za200&gcs=G100&gcd=13q3q3q2q5l1&dma_cps=-&dma=1&tag_exp=101823848~101925629&tft=1730966235103&tfd=1658&apve=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3KD4ZR
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s51-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 148ms
48ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-DB6MKXQ2E6&gtm=45je4au0v872608557za200zb837849470&_p=1730966234017&gcs=G100&gcd=13q3qPq2q5l1&npa=1&dma_cps=-&dma=1&tag_exp=101823848~101925629&gdid=dZTQ1Zm&cid=830146436.1730966235&ul=de-de&sr=1600x1200&ir=1&are=1&frm=0&pscdl=denied&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=BA&_s=1&dl=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&sid=1730966234&sct=1&seg=0&dt=U.S.%20Targets%20RedLine%20and%20META%20Infostealers%20in%20Operation%20Magnus&en=page_view&_fv=1&_ss=1&ep.page_location_clean=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&ep.anonymizeIp=true&tfd=1683
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-DB6MKXQ2E6&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.picussecurity.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 07 Nov 2024 07:57:15 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 114 B
814 B 257ms
170ms XHR
application/json 2606:4700::6812:f36c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=7048931

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f36c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

109a14abac939df0ab29af6bbf5c0ca592b1cdf7adb33a0052f166c8b303bc37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

access-control-max-age: 180
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vz07AgGuo0BW8%2B5g0krxAjc%2FLsdGH%2B%2BuAn08w21IZwLNgR9uYWDElIjhY4ww0xbfoRU8RJn9pI8WNxhfXkIq2JI6hl3Ou12L85tZR%2FqtNSh7hai5xCATjMepzQ%2Fjkqxqv%2B%2Fdz3ht2uC2A6fQ"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options: nosniff
date: Thu, 07 Nov 2024 07:57:15 GMT
x-hubspot-correlation-id: e4e2f0a2-5010-4c6b-b719-023a80d294b4
content-type: application/json;charset=utf-8
vary: origin, Accept-Encoding
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: false
cf-ray: 8debc57a3e2d048b-FRA
access-control-allow-origin: https://www.picussecurity.com
server: cloudflare

GET
H3 200 css2
fonts.googleapis.com/ 2 KB
479 B 51ms
51ms Stylesheet
text/css 216.58.212.170
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,400;0,700;1,400&display=swap

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/7048931/banner.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.170 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f10.1e100.net

Software

ESF /

Resource Hash

ce1eade43de61291fb7e1708bdbe373f955aa88e54e9c894fa6ab1ed455ab1b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 07 Nov 2024 07:57:15 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 07 Nov 2024 07:57:15 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Thu, 07 Nov 2024 07:02:48 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

POST
H2 204 view
js.hs-banner.com/v2/activity/ 0
0 167ms
166ms Fetch 2606:4700:4400::ac40:9310
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-banner.com/v2/activity/view

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/7048931/banner.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9310 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

access-control-max-age: 604800
x-request-id: be843ce5-0981-4302-b0eb-2d8c7dd78cf8
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-listener: listener_http, listener_https
date: Thu, 07 Nov 2024 07:57:15 GMT
x-hubspot-correlation-id: be843ce5-0981-4302-b0eb-2d8c7dd78cf8
vary: origin
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name: envoyset-translator, envoyset-translator
x-evy-trace-served-by-pod: iad02/private-hubapi-td/envoy-proxy-6c46cd57d4-845x7, iad02/analytics-js-proxy-td/envoy-proxy-58b4c4568d-r9tq8
timing-allow-origin: *
x-envoy-upstream-service-time: 27
access-control-allow-credentials: true
cf-ray: 8debc57afcdb2c61-FRA
access-control-allow-origin: https://www.picussecurity.com
x-evy-trace-route-configuration: listener_http/all, listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all, all

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
625 B 320ms
229ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: *
Content-Type: text/plain;charset=UTF-8

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: ECA0934B2CAD4706BC2B1EB28A2AD901 Ref B: FRAEDGE1218 Ref C: 2024-11-07T07:57:15Z
x-li-fabric: prod-lor1
access-control-allow-credentials: true
x-li-uuid: AAYmTfuTTnV1dj7hsnq5JQ==
x-li-proto: http/2
access-control-allow-origin: https://www.picussecurity.com
x-cache: CONFIG_NOCACHE
date: Thu, 07 Nov 2024 07:57:14 GMT
vary: Origin

GET
H2 200 sw_iframe.html
www.googletagmanager.com/static/service_worker/4al0/ Frame A3C2 0
0 125ms
39ms Document
text/html 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Fwww.picussecurity.com

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N3KD4ZR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 88080
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 1476
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/analytics-container-tag-serving
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Nov 2024 07:29:15 GMT
expires: Thu, 06 Nov 2025 07:29:15 GMT
last-modified: Mon, 21 Oct 2024 16:58:00 GMT
report-to: {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server: sffe
service-worker-allowed: /static/service_worker
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
539 B 144ms
142ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=2

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: none
x-request-id: 71add3ad-322b-4e8b-bb82-1453bf39baac
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
date: Thu, 07 Nov 2024 07:57:15 GMT
x-hubspot-correlation-id: 71add3ad-322b-4e8b-bb82-1453bf39baac
content-type: image/gif
vary: origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-6c6b56f4b-xrw7l
x-envoy-upstream-service-time: 3
access-control-allow-credentials: false
cf-ray: 8debc579ebc4e512-TXL
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
584 B 188ms
178ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: none
x-request-id: 438cd4fe-38cf-4d86-8d30-9da753a56583
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
date: Thu, 07 Nov 2024 07:57:15 GMT
x-hubspot-correlation-id: 438cd4fe-38cf-4d86-8d30-9da753a56583
content-type: image/gif
vary: origin, Accept-Encoding
last-modified: Thu, 07 Nov 2024 07:57:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-6c6b56f4b-n7sww
x-envoy-upstream-service-time: 2
access-control-allow-credentials: false
cf-ray: 8debc579fbfde512-TXL
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2

200

blank001.gif
static.hsappstatic.net/static-hubspot-com/static-1.270519761/img/trackers/
Redirect Chain

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/track/view?webInteractiveId=286429421129&containerType=EMBEDDED&portalId=7048931&audienceId=null&pageUrl=https%3A%2F%2Fwww.picussecur...
https://static.hubspot.com/img/trackers/blank001.gif
https://static.hsappstatic.net/static-hubspot-com/static-1.270519761/img/trackers/blank001.gif

43 B
0

56ms
56ms

Image
image/gif

2606:4700::6811:b05b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.hsappstatic.net/static-hubspot-com/static-1.270519761/img/trackers/blank001.gif
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus
Protocol: H2
Server: 2606:4700::6811:b05b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 115c7f3cf61e4ec19070b9e59e20e78756d39d193eb9b544065059b9935d2491

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

cf-bgj: imgq:85,h2pri
etag: "51416c7ff0b9d7efc8c9b16d84052fab"
x-amz-version-id: MFfZlkR4U8_6aknbgflTSIqo4fNbniK3
cf-cache-status: HIT
age: 193957
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FnZ1m3zHylr7Z143%2FTwUXTPcetwYrwBqomF7A5%2FPTqZSebJ%2FW2AclLJl0O%2BbcDIM38xADvYRVur5MeS58pcRf8Q19GJQw1xamHtjj95vlYtkzleykEH8EfPdE%2FnCcXyTmruSpa3fPFGMs9TR6UDDCJ9KykM%3D"}],"group":"cf-nel","max_age":604800}
expires: Fri, 07 Nov 2025 07:57:15 GMT
cf-polished: origSize=49, status=webp_bigger
x-cache: Hit from cloudfront
x-amz-cf-id: LSRZY6M3auRLJAHYNdKWESGdFmXj1CLfsCnduhUZM3Mj9uwVfbKXxA==
date: Thu, 07 Nov 2024 07:57:15 GMT
content-type: image/gif
last-modified: Thu, 15 Apr 2021 16:47:19 GMT
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 218c6128df18321f9758e53ccc351448.cloudfront.net (CloudFront)
cf-ray: 8debc57b4f683a84-FRA
accept-ranges: bytes
content-length: 43
x-amz-cf-pop: FRA60-P6
server: cloudflare
x-amz-server-side-encryption: AES256

Redirect headers

cache-control: max-age=3600
location: https://static.hsappstatic.net/static-hubspot-com/static-1.270519761/img/trackers/blank001.gif
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bGK8%2FGMxdlONzQMyO34Di6ptobUssEKQcUaTTdMqwMYr3fZ%2B1pwT0YQX7eZrxCbPznV6qOFlZUGT%2BfC0mrByC5UnlZ0y8YUKSWPr2gJiHQfqSbq3yedq8kEu0sJDGeQv0x1m%2FtQZDtPv3Qcs%2BLc8JQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8debc57afaa5dcad-FRA
expires: Thu, 07 Nov 2024 08:57:15 GMT
content-length: 167
date: Thu, 07 Nov 2024 07:57:15 GMT
content-type: text/html
vary: Accept-Encoding
server: cloudflare

GET
H2

200

blank001.gif
static.hsappstatic.net/static-hubspot-com/static-1.270519761/img/trackers/
Redirect Chain

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/track/view?webInteractiveId=307447041359&containerType=EMBEDDED&portalId=7048931&audienceId=null&pageUrl=https%3A%2F%2Fwww.picussecur...
https://static.hubspot.com/img/trackers/blank001.gif
https://static.hsappstatic.net/static-hubspot-com/static-1.270519761/img/trackers/blank001.gif

43 B
641 B

55ms
54ms

Image
image/gif

2606:4700::6811:b05b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.hsappstatic.net/static-hubspot-com/static-1.270519761/img/trackers/blank001.gif

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Server

2606:4700::6811:b05b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

115c7f3cf61e4ec19070b9e59e20e78756d39d193eb9b544065059b9935d2491

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

cf-bgj: imgq:85,h2pri
etag: "51416c7ff0b9d7efc8c9b16d84052fab"
x-amz-version-id: MFfZlkR4U8_6aknbgflTSIqo4fNbniK3
cf-cache-status: HIT
age: 193957
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FnZ1m3zHylr7Z143%2FTwUXTPcetwYrwBqomF7A5%2FPTqZSebJ%2FW2AclLJl0O%2BbcDIM38xADvYRVur5MeS58pcRf8Q19GJQw1xamHtjj95vlYtkzleykEH8EfPdE%2FnCcXyTmruSpa3fPFGMs9TR6UDDCJ9KykM%3D"}],"group":"cf-nel","max_age":604800}
expires: Fri, 07 Nov 2025 07:57:15 GMT
cf-polished: origSize=49, status=webp_bigger
x-cache: Hit from cloudfront
x-amz-cf-id: LSRZY6M3auRLJAHYNdKWESGdFmXj1CLfsCnduhUZM3Mj9uwVfbKXxA==
date: Thu, 07 Nov 2024 07:57:15 GMT
content-type: image/gif
last-modified: Thu, 15 Apr 2021 16:47:19 GMT
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 218c6128df18321f9758e53ccc351448.cloudfront.net (CloudFront)
cf-ray: 8debc57b4f683a84-FRA
accept-ranges: bytes
content-length: 43
x-amz-cf-pop: FRA60-P6
server: cloudflare
x-amz-server-side-encryption: AES256

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=3600
location: https://static.hsappstatic.net/static-hubspot-com/static-1.270519761/img/trackers/blank001.gif
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bGK8%2FGMxdlONzQMyO34Di6ptobUssEKQcUaTTdMqwMYr3fZ%2B1pwT0YQX7eZrxCbPznV6qOFlZUGT%2BfC0mrByC5UnlZ0y8YUKSWPr2gJiHQfqSbq3yedq8kEu0sJDGeQv0x1m%2FtQZDtPv3Qcs%2BLc8JQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8debc57afaa5dcad-FRA
expires: Thu, 07 Nov 2024 08:57:15 GMT
content-length: 167
date: Thu, 07 Nov 2024 07:57:15 GMT
content-type: text/html
vary: Accept-Encoding
server: cloudflare

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
584 B 173ms
165ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=inline-interactive-render-success&value=1

Requested by

Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: none
x-request-id: 987cbb77-8b3d-4fdc-af3e-9066d1474b82
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
date: Thu, 07 Nov 2024 07:57:15 GMT
x-hubspot-correlation-id: 987cbb77-8b3d-4fdc-af3e-9066d1474b82
content-type: image/gif
vary: origin, Accept-Encoding
last-modified: Thu, 07 Nov 2024 07:57:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-6c6b56f4b-k8l6m
x-envoy-upstream-service-time: 2
access-control-allow-credentials: false
cf-ray: 8debc579fc04e512-TXL
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
819 B 277ms
189ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=2042428&time=1730966235176&url=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&tm=gtmv2
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: *
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-li-pop: afd-prod-ltx1-x
content-encoding: gzip
x-fs-uuid: 0006264dfb939b9355353f58d06588ad
x-msedge-ref: Ref A: D1ADDB2E766645DAB43B7FEBE8DEC63D Ref B: DUS30EDGE0821 Ref C: 2024-11-07T07:57:15Z
x-li-fabric: prod-ltx1
x-restli-protocol-version: 1.0.0
access-control-allow-methods: GET, OPTIONS
x-li-uuid: AAYmTfuTm5NVNT9Y0GWIrQ==
x-li-proto: http/2
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Thu, 07 Nov 2024 07:57:15 GMT
content-type: application/json
access-control-allow-headers: *

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2042428&time=1730966235176&url=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnu...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2042428&time=1730966235176&url=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magn...

0
482 B

401ms
190ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2042428&time=1730966235176&url=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&tm=gtmv2&e_ipv6=AQIWQ1sOfKxOqAAAAZMFoKjBjmm9zQuhbDxIbP5iGVD3jEHacxlv647PN1YNHzWes83yjU_3
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-msedge-ref: Ref A: AC3B7C7D5C0846E88D4241C6F05B16F1 Ref B: FRAEDGE1414 Ref C: 2024-11-07T07:57:15Z
x-li-fabric: prod-ltx1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-uuid: AAYmTfuZQCx6XYDRx1WNgg==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Thu, 07 Nov 2024 07:57:15 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2042428&time=1730966235176&url=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&tm=gtmv2&e_ipv6=AQIWQ1sOfKxOqAAAAZMFoKjBjmm9zQuhbDxIbP5iGVD3jEHacxlv647PN1YNHzWes83yjU_3
x-msedge-ref: Ref A: C7F04ADB9C0149B5AD85EB34730CCB32 Ref B: FRAEDGE1218 Ref C: 2024-11-07T07:57:15Z
x-li-fabric: prod-ltx1
x-li-uuid: AAYmTfuTGKkL7+58u4Wh2A==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Thu, 07 Nov 2024 07:57:14 GMT

GET
H2 200 187145243.js Show response
bat.bing.com/p/action/ 2 KB
986 B 62ms
61ms Script
application/javascript 2620:1ec:33:3::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/187145243.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33:3::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

7b02bfd5d8783bcbc3273327b796412ddc1b8a0e8a01e0f26b6e17e908f8533e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=60
content-encoding: br
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6D844F7C990F4F8BA45406D0E30DE175 Ref B: LON212050706029 Ref C: 2024-11-07T07:57:15Z
x-cache: CONFIG_NOCACHE
date: Thu, 07 Nov 2024 07:57:14 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding

GET
H3 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
23 KB 43ms
41ms Font
font/woff2 172.217.18.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,400;0,700;1,400&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.3 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f3.1e100.net

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.picussecurity.com
Referer: https://fonts.googleapis.com/

Response headers

age: 59581
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 06 Nov 2025 15:24:14 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 06 Nov 2024 15:24:14 GMT
last-modified: Tue, 02 May 2023 15:17:22 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 23580
x-xss-protection: 0
server: sffe

GET
H3 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
23 KB 45ms
44ms Font
font/woff2 172.217.18.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,400;0,700;1,400&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.3 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f3.1e100.net

Software

sffe /

Resource Hash

c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.picussecurity.com
Referer: https://fonts.googleapis.com/

Response headers

age: 59835
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 06 Nov 2025 15:20:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 06 Nov 2024 15:20:00 GMT
last-modified: Tue, 02 May 2023 15:07:25 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 23040
x-xss-protection: 0
server: sffe

POST
H2 204 0
bat.bing.net/actionp/ 0
347 B 229ms
82ms Ping
text/plain 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.net/actionp/0?ti=187145243&tm=gtm002&Ver=2&mid=0d663bef-7091-45d4-bec5-759e2a667355&bo=1&evt=consent&src=enforced&cdb=AQAI&asc=D
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CDADF6D45E614CF1AB88579C29AF3C4D Ref B: FRA31EDGE0813 Ref C: 2024-11-07T07:57:15Z
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Thu, 07 Nov 2024 07:57:15 GMT

GET
H2 200 187145243 Show response
bat.bing.com/p/insights/t/ 765 B
919 B 150ms
150ms Script
application/x-javascript 2620:1ec:33:3::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/insights/t/187145243

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/p/action/187145243.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33:3::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

903386a2a92e603bf2a0c57c31327cce4240e1d273cdc2578093700fceb4d7c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 820F5EF1F02D4721ACDEF12B87CBDDDE Ref B: LON212050706029 Ref C: 2024-11-07T07:57:15Z
request-context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12
expires: -1
accept-ranges: bytes
x-cache: CONFIG_NOCACHE
content-length: 638
date: Thu, 07 Nov 2024 07:57:14 GMT
content-type: application/x-javascript
vary: Accept-Encoding
x-azure-ref: 20241107T075715Z-er1dc997c57xfq8hhC1DB1e3c800000002n000000000n9pc

GET
H2 204 0
bat.bing.net/action/ 0
120 B 228ms
82ms Image
text/plain 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.net/action/0?ti=187145243&tm=gtm002&Ver=2&mid=0d663bef-7091-45d4-bec5-759e2a667355&bo=2&gtm_tag_source=1&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=U.S.%20Targets%20RedLine%20and%20META%20Infostealers%20in%20Operation%20Magnus&p=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&r=&lt=1201&evt=pageLoad&sv=1&asc=D&cdb=AQAY&rn=887809
Requested by: Host: www.picussecurity.com
URL: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1A3BA68092A24EE99C6624AD99AAC91E Ref B: FRA31EDGE0813 Ref C: 2024-11-07T07:57:15Z
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Thu, 07 Nov 2024 07:57:15 GMT

GET
H2 200 0.7.49 Show response
bat.bing.com/p/insights/s/ 35 KB
15 KB 64ms
64ms Script
application/javascript 2620:1ec:33:3::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/insights/s/0.7.49

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/p/insights/t/187145243

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33:3::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

a1f8f7541a2982d7df75f73d0234a3f2afdc8302f361078f883d25a3a574bae4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

content-encoding: br
x-ms-version: 2018-03-28
etag: W/"0x8DCF3CA1B8E5043"
x-fd-int-roxy-purgeid: 51562430
x-cache: CONFIG_NOCACHE
date: Thu, 07 Nov 2024 07:57:14 GMT
content-type: application/javascript;charset=utf-8
last-modified: Thu, 24 Oct 2024 01:20:55 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C95FEB7A2A0B4A849E29F6A417A228DC Ref B: LON212050706029 Ref C: 2024-11-07T07:57:15Z
x-ms-request-id: fc5f839f-101e-0065-656d-2e809f000000
access-control-allow-origin: *
content-length: 15261
x-azure-ref: 20241107T075715Z-er1dc997c57h9r9xhC1DB1gg0g00000004gg00000000cmcf

POST
H2 204 n Show response
bat.bing.com/p/insights/c/ 0
216 B 135ms
134ms XHR
text/plain 2620:1ec:33:3::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/insights/c/n

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/p/insights/s/0.7.49

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33:3::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: application/x-webinsights-gzip
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A78FFF6DADB243E4B1FC7C9991E8EF9C Ref B: LON212050706029 Ref C: 2024-11-07T07:57:15Z
access-control-allow-credentials: true
request-context: appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2
access-control-allow-origin: https://www.picussecurity.com
x-cache: CONFIG_NOCACHE
date: Thu, 07 Nov 2024 07:57:15 GMT
vary: Origin

GET
H2 200 getuidj Show response
secure.adnxs.com/ 11 B
704 B 204ms
59ms XHR
application/json 185.89.210.153
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.153 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 80.255.7.103; 80.255.7.103; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: https://www.picussecurity.com
an-x-request-uuid: b8f72719-43bf-4f27-b13c-b19ea8ff19df
content-length: 11
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Thu, 07 Nov 2024 07:57:16 GMT
x-xss-protection: 0
content-type: application/json; charset=utf-8
server: nginx/1.23.4

GET
H2 200 / Show response
c.6sc.co/ 7 B
198 B 44ms
41ms XHR
text/html 2.17.100.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-184.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-origin: https://www.picussecurity.com
content-length: 7
date: Thu, 07 Nov 2024 07:57:15 GMT
content-type: text/html
access-control-allow-headers: *

GET
H2 200 / Show response
ipv6.6sc.co/ 20 B
317 B 158ms
46ms XHR
text/html 2a02:26f0:7100::5f64:87d0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::5f64:87d0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: bfd3189d965573e36997f170667b1ceef5cfd0471b6f5be228ca6ac7bcb97c23

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
6si-ipv6: 2a01:4a0:1338:92::12
expires: Thu, 07 Nov 2024 07:57:15 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1730966235914_1600423884_132654738_16_884_38_44_219";dur=1
access-control-allow-origin: https://www.picussecurity.com
content-length: 20
date: Thu, 07 Nov 2024 07:57:15 GMT
content-type: text/html
vary: Origin

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
567 B 156ms
154ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=3377520574&v=1.1&a=7048931&pi=182138540426&ct=blog-post&ccu=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&cpi=182138540426&cgi=35190412163&lpi=182138540426&lvi=182138540426&lvc=en-us&pu=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&t=U.S.+Targets+RedLine+and+META+Infostealers+in+Operation+Magnus&cts=1730966235845&vi=9a1220329c9eb0bd7486cd70ce96e540&nc=true&u=51282614.9a1220329c9eb0bd7486cd70ce96e540.1730966235843.1730966235843.1730966235843.1&b=51282614.1.1730966235843&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: none
x-request-id: 3e4a83c2-cfb1-4c02-a00c-b7d0a66e77f3
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TGAb8uZNYUaRVJv8sbh11lKyUS79VulA7vkqLkxR8WLNzrQivu7i73r71dKjTrV2ZSroRO7zEuqDoY5vuSjldrMR0qNtK6GfLnQHWEe4drcWJwrh07QftEcg4ibKg8sNQSX%2FHYvV%2B9xj0twY8zZD"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Thu, 07 Nov 2024 07:57:15 GMT
x-hubspot-correlation-id: 3e4a83c2-cfb1-4c02-a00c-b7d0a66e77f3
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-746d57b5c6-ms7lk
x-envoy-upstream-service-time: 7
access-control-allow-credentials: false
cf-ray: 8debc57e391ddcad-FRA
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
468 B 148ms
147ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=10a2d0b0-9f91-4cd7-a1e0-1cff39706638&fci=6e87ebec-d571-43e4-945a-51bac16e9031&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=3377520574&v=1.1&a=7048931&pi=182138540426&ct=blog-post&ccu=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&cpi=182138540426&cgi=35190412163&lpi=182138540426&lvi=182138540426&lvc=en-us&pu=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&t=U.S.+Targets+RedLine+and+META+Infostealers+in+Operation+Magnus&cts=1730966235846&vi=9a1220329c9eb0bd7486cd70ce96e540&nc=true&u=51282614.9a1220329c9eb0bd7486cd70ce96e540.1730966235843.1730966235843.1730966235843.1&b=51282614.1.1730966235843&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: none
x-request-id: d5ffae15-633b-4c64-8816-98631a668e8e
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ulODpVtDzjUfz3U6x%2F8KDrr7qMbknsHeT%2FE2qsy%2FLpeK6ES0FscCDru2%2FiZ%2BxgBuS5NXrQP2sitiVHN1bWaWNwtn82j%2F8DAkTUppFmOtKrR36hNO4SkKQaBkHoh%2BQ9nYwqTjQnE6JRH%2FEPVyviJd"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Thu, 07 Nov 2024 07:57:15 GMT
x-hubspot-correlation-id: d5ffae15-633b-4c64-8816-98631a668e8e
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-746d57b5c6-44p5c
x-envoy-upstream-service-time: 5
access-control-allow-credentials: false
cf-ray: 8debc57e494bdcad-FRA
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
464 B 153ms
153ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=10a2d0b0-9f91-4cd7-a1e0-1cff39706638&fci=2f535b76-691d-4732-a43b-56f9eaecf679&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=3377520574&v=1.1&a=7048931&pi=182138540426&ct=blog-post&ccu=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&cpi=182138540426&cgi=35190412163&lpi=182138540426&lvi=182138540426&lvc=en-us&pu=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&t=U.S.+Targets+RedLine+and+META+Infostealers+in+Operation+Magnus&cts=1730966235848&vi=9a1220329c9eb0bd7486cd70ce96e540&nc=true&u=51282614.9a1220329c9eb0bd7486cd70ce96e540.1730966235843.1730966235843.1730966235843.1&b=51282614.1.1730966235843&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: none
x-request-id: a87d7d77-3177-4b3f-a936-859726b0fb75
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=78tiuOhAKM5bxZPFXadOSQBLtpaV8hlDBytbFA%2FsZdpH2Lrk8tM0hUjr2kHVzGjb5X6PJ6pJyfFFrYNvKrZkWP95gTNHSTsv02%2BTcQaBAyk%2BrflkvYC4SWBkfUgDfT%2BdyZTEYxcz%2BFp5T0avUeVq"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Thu, 07 Nov 2024 07:57:16 GMT
x-hubspot-correlation-id: a87d7d77-3177-4b3f-a936-859726b0fb75
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-746d57b5c6-t7t9h
x-envoy-upstream-service-time: 7
access-control-allow-credentials: false
cf-ray: 8debc57e4965dcad-FRA
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 64d678615e3d0 Show response
display.popt.in/api/display/ 2 KB
1 KB 521ms
434ms XHR
application/json 172.67.166.202
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://display.popt.in/api/display/64d678615e3d0?domain=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&referrer=&previous_url=&cookies=%20poptin_old_user%3Dtrue%20poptin_user_id%3D0.jwuymeaumol%20poptin_previous_url%3D%20poptin_new_user%3Dtrue%20poptin_viewed_session%3Dfalse%20&triggers=&cc=false&if_mobile=false&page_title=U.S.%20Targets%20RedLine%20and%20META%20Infostealers%20in%20Operation%20Magnus&origin_landing_page=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&if_page_refreshed=false&poptin_viewed_url=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&previous_visited_pages=&shopify_customer_id=0&cart_total_items=0&cart_total_price=0&cart_products_ids_list=&cart_products_org_ids_list=

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.202 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d80185fbff5a2f633a62ef68aab3b097f2dc1cd9c76f408c1ba843351a0ea44c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://bc.popt.in https://.mybigcommerce.com https://.jumpseller.com https://.myshopline.com https://.myshopify.com https://*.grisynava.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4S1O7Q2dH0Rjz0h%2FKqqH0IHq%2BybJNnMgG%2BUmg4%2FzKAhxJqUuJzP3XOk7Q63DnCfsT6KKFYg6nKAOuDg6hlIAVz0RyhxwOqEEkh%2F9pH7eDkpGQHMFbV3A%2FxuYKa3bqiWlPxU%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff, nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=66427&sent=11&recv=10&lost=0&retrans=0&sent_bytes=4112&recv_bytes=5126&delivery_rate=319&cwnd=12000&unsent_bytes=0&cid=b7707470028266a9&ts=440&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 07 Nov 2024 07:57:16 GMT
content-type: application/json
vary: Accept-Encoding
priority: u=1,i
x-frame-options: SAMEORIGIN
access-control-allow-headers: Origin, Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: frame-ancestors https://bc.popt.in https://*.mybigcommerce.com https://*.jumpseller.com https://*.myshopline.com https://*.myshopify.com https://*.grisynava.com
cache-control: no-cache, private
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 8debc57efab9e40e-OTP
access-control-allow-origin: *
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 178 B
894 B 188ms
184ms XHR
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=7048931&utk=9a1220329c9eb0bd7486cd70ce96e540&__hstc=51282614.9a1220329c9eb0bd7486cd70ce96e540.1730966235843.1730966235843.1730966235843.1&__hssc=51282614.1.1730966235843&contentId=182138540426&currentUrl=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

262cafa3bec04e9662eb37b65fac04cdd2640bba0848577402c9c02c6543754e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: 11547c7c-19d0-4d32-97c1-87af63c7b890
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MA8OM6zOzN1KxNmaRLve41UO%2FT14yDgTrMS%2BmzMkQ9gz7LaJ4HQ%2Bh9lh4e5PlBPsHvS8xUEDYneGwhLKA%2Bg%2FZCbsZUk2xzQEWQ73rDGH3eiXZYHCvEnQo6mBI1Qhx0EDU5BRS2f4a03yHAaRqHtx"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-listener: listener_https
date: Thu, 07 Nov 2024 07:57:16 GMT
x-hubspot-correlation-id: 11547c7c-19d0-4d32-97c1-87af63c7b890
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-6c6b56f4b-hwhls
x-envoy-upstream-service-time: 28
access-control-allow-credentials: false
cf-ray: 8debc57e5d4f3619-FRA
access-control-allow-origin: https://www.picussecurity.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 favicon.ico
www.picussecurity.com/hubfs/Picus_February2020/images/ 15 KB
3 KB 57ms
55ms Other
image/vnd.microsoft.icon 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.picussecurity.com/hubfs/Picus_February2020/images/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5242ab5df4690e1c975cefd6c70bc7f19037060288e9254c16b3ea0b07f3b222

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"02925aef9384fc19f8c138ed9d04e72f"
age: 1013769
cache-tag: F-25850183661,FD-25847619727,P-7048931,FLS-ALL
x-amz-version-id: GPbuCeGk..cIOQ1w6ZV9XsM2rrDBylkN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E2Kug98vqvNQfncTBtlWMgcUvbvNcwxVsGJlFMgkMdgMG1CgOUgeBEHanj1WCP16hzum5sEbJHguO16FbkFD0Yt6oSoyFCDWhgiLtwEU5D%2BmKgFvoYGOVeWrcP5dS3q0FBKCRM2YIw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: SJTvFvfxTibgLjNmkb5w2kZE8jU2L5CDhwS0DR4bF4YiUO5eW2qExQ==
date: Thu, 07 Nov 2024 07:57:15 GMT
content-type: image/vnd.microsoft.icon
last-modified: Fri, 14 Feb 2020 06:16:24 GMT
vary: Accept-Encoding
x-amz-id-2: MQXMyvLDS2h1JfO9VeuZSzyCBTphbbmJMFL61duy1OBgsjL8NY/v1gyyMdA07+meIEWKiziuSPA=
strict-transport-security: max-age=31536000; includeSubDomains; preload
edge-cache-tag: F-25850183661,FD-25847619727,P-7048931,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 e464e3198927238582342df50c58a9a6.cloudfront.net (CloudFront)
cf-ray: 8debc57e5b56e51d-TXL
x-amz-request-id: MH3VX66PA16RSEXV
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
access-control-allow-origin: *
x-amz-meta-cache-tag: F-25850183661,FD-25847619727,P-7048931,FLS-ALL
x-amz-cf-pop: WAW51-P1
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3

OPTIONS
H2 200 details
eps.6sc.co/v3/company/ Frame 0
0 139ms
49ms Preflight 75.2.108.141
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eps.6sc.co/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 75.2.108.141 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afe865822f884bb48.awsglobalaccelerator.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.picussecurity.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.picussecurity.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
content-length: 0
date: Thu, 07 Nov 2024 07:57:16 GMT
timing-allow-origin: https://6sense.com
x-6si-region

GET
H2 200 details Show response
eps.6sc.co/v3/company/ 740 B
657 B 133ms
63ms XHR
application/json 75.2.108.141
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eps.6sc.co/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 75.2.108.141 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afe865822f884bb48.awsglobalaccelerator.com
Software: /
Resource Hash: 5620db9e8a5b228694efb9ce55c54f0b55599f9eec55f49f8f54690b61a5a688

Request headers

Authorization: Token 84665a242656c44c19a4dc3e471bb3355e53cba3
X-6s-CustomID: WebTag 8aaca2fd-5cd9-4888-ba4c-a92130465f35
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-expose-headers: X-6si-Region
timing-allow-origin: https://6sense.com
content-encoding: gzip
x-6si-region
access-control-allow-credentials: true
access-control-allow-origin: https://www.picussecurity.com
content-length: 393
date: Thu, 07 Nov 2024 07:57:16 GMT
content-type: application/json
vary: Origin, Accept-Encoding

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
259 B 135ms
134ms Image
image/gif 2.17.100.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=71d66052351c031c506efc6194814a69&svisitor=null&visitor=b823ac4e-75fe-4a1a-8851-09a0f94adfc2&session=002acac2-3588-45c2-8b5b-68b70a5cd5b8&event=ipv6&q=%7B%22address%22%3A%222a01%3A4a0%3A1338%3A92%3A%3A12%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20blog%20dives%20into%20Adversarial%20Exposure%20Validation%20tools%2C%20comparing%20key%20technologies%20that%20drive%20effective%20exposure%20management%20and%20help%20prioritize%20cyber%20risks.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22U.S.%20Targets%20RedLine%20and%20META%20Infostealers%20in%20Operation%20Magnus%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&pageViewId=f712db68-1109-42a7-852d-0c84974191d7&webTagId=8aaca2fd-5cd9-4888-ba4c-a92130465f35&ipv6=2a01%3A4a0%3A1338%3A92%3A%3A12&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "5e502810-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 07 Nov 2024 07:57:16 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 07 Nov 2024 07:57:16 GMT
content-type: image/gif
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
259 B 134ms
134ms Image
image/gif 2.17.100.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=71d66052351c031c506efc6194814a69&svisitor=null&visitor=b823ac4e-75fe-4a1a-8851-09a0f94adfc2&session=002acac2-3588-45c2-8b5b-68b70a5cd5b8&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Thu%2C%2007%20Nov%202024%2007%3A57%3A14%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20blog%20dives%20into%20Adversarial%20Exposure%20Validation%20tools%2C%20comparing%20key%20technologies%20that%20drive%20effective%20exposure%20management%20and%20help%20prioritize%20cyber%20risks.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22U.S.%20Targets%20RedLine%20and%20META%20Infostealers%20in%20Operation%20Magnus%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&pageViewId=f712db68-1109-42a7-852d-0c84974191d7&webTagId=8aaca2fd-5cd9-4888-ba4c-a92130465f35&ipv6=2a01%3A4a0%3A1338%3A92%3A%3A12&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "63f020a0-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 07 Nov 2024 07:57:16 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 07 Nov 2024 07:57:16 GMT
content-type: image/gif
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
259 B 132ms
132ms Image
image/gif 2.17.100.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=71d66052351c031c506efc6194814a69&svisitor=null&visitor=b823ac4e-75fe-4a1a-8851-09a0f94adfc2&session=002acac2-3588-45c2-8b5b-68b70a5cd5b8&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%2271d66052351c031c506efc6194814a69%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2007%20Nov%202024%2007%3A57%3A14%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2007%20Nov%202024%2007%3A57%3A14%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%2284665a242656c44c19a4dc3e471bb3355e53cba3%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2007%20Nov%202024%2007%3A57%3A14%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2007%20Nov%202024%2007%3A57%3A14%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2007%20Nov%202024%2007%3A57%3A14%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2007%20Nov%202024%2007%3A57%3A14%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2007%20Nov%202024%2007%3A57%3A14%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2007%20Nov%202024%2007%3A57%3A14%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%228aaca2fd-5cd9-4888-ba4c-a92130465f35%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2007%20Nov%202024%2007%3A57%3A14%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2007%20Nov%202024%2007%3A57%3A14%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2007%20Nov%202024%2007%3A57%3A14%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableMapCookieCapture%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2007%20Nov%202024%2007%3A57%3A14%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2007%20Nov%202024%2007%3A57%3A14%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20blog%20dives%20into%20Adversarial%20Exposure%20Validation%20tools%2C%20comparing%20key%20technologies%20that%20drive%20effective%20exposure%20management%20and%20help%20prioritize%20cyber%20risks.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22U.S.%20Targets%20RedLine%20and%20META%20Infostealers%20in%20Operation%20Magnus%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&pageViewId=f712db68-1109-42a7-852d-0c84974191d7&webTagId=8aaca2fd-5cd9-4888-ba4c-a92130465f35&ipv6=2a01%3A4a0%3A1338%3A92%3A%3A12&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "5e502810-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 07 Nov 2024 07:57:16 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 07 Nov 2024 07:57:16 GMT
content-type: image/gif
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
260 B 131ms
130ms Image
image/gif 2.17.100.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=71d66052351c031c506efc6194814a69&svisitor=null&visitor=b823ac4e-75fe-4a1a-8851-09a0f94adfc2&session=002acac2-3588-45c2-8b5b-68b70a5cd5b8&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2007%20Nov%202024%2007%3A57%3A16%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2007%20Nov%202024%2007%3A57%3A14%20GMT%22%2C%22timeSpent%22%3A%222316%22%2C%22totalTimeSpent%22%3A%222316%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20blog%20dives%20into%20Adversarial%20Exposure%20Validation%20tools%2C%20comparing%20key%20technologies%20that%20drive%20effective%20exposure%20management%20and%20help%20prioritize%20cyber%20risks.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22U.S.%20Targets%20RedLine%20and%20META%20Infostealers%20in%20Operation%20Magnus%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&pageViewId=f712db68-1109-42a7-852d-0c84974191d7&an_uid=0&webTagId=8aaca2fd-5cd9-4888-ba4c-a92130465f35&ipv6=2a01%3A4a0%3A1338%3A92%3A%3A12&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "63f02dad-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 07 Nov 2024 07:57:16 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 07 Nov 2024 07:57:16 GMT
content-type: image/gif
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
260 B 135ms
135ms Image
image/gif 2.17.100.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=71d66052351c031c506efc6194814a69&svisitor=null&visitor=b823ac4e-75fe-4a1a-8851-09a0f94adfc2&session=002acac2-3588-45c2-8b5b-68b70a5cd5b8&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2007%20Nov%202024%2007%3A57%3A17%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2007%20Nov%202024%2007%3A57%3A16%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223317%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20blog%20dives%20into%20Adversarial%20Exposure%20Validation%20tools%2C%20comparing%20key%20technologies%20that%20drive%20effective%20exposure%20management%20and%20help%20prioritize%20cyber%20risks.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22U.S.%20Targets%20RedLine%20and%20META%20Infostealers%20in%20Operation%20Magnus%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&pageViewId=f712db68-1109-42a7-852d-0c84974191d7&an_uid=0&webTagId=8aaca2fd-5cd9-4888-ba4c-a92130465f35&ipv6=2a01%3A4a0%3A1338%3A92%3A%3A12&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "60bb2e15-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 07 Nov 2024 07:57:17 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 07 Nov 2024 07:57:17 GMT
content-type: image/gif
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
259 B 130ms
130ms Image
image/gif 2.17.100.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=71d66052351c031c506efc6194814a69&svisitor=null&visitor=b823ac4e-75fe-4a1a-8851-09a0f94adfc2&session=002acac2-3588-45c2-8b5b-68b70a5cd5b8&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2007%20Nov%202024%2007%3A57%3A18%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2007%20Nov%202024%2007%3A57%3A17%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%224317%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20blog%20dives%20into%20Adversarial%20Exposure%20Validation%20tools%2C%20comparing%20key%20technologies%20that%20drive%20effective%20exposure%20management%20and%20help%20prioritize%20cyber%20risks.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22U.S.%20Targets%20RedLine%20and%20META%20Infostealers%20in%20Operation%20Magnus%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&pageViewId=f712db68-1109-42a7-852d-0c84974191d7&an_uid=0&webTagId=8aaca2fd-5cd9-4888-ba4c-a92130465f35&ipv6=2a01%3A4a0%3A1338%3A92%3A%3A12&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "63f020a0-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 07 Nov 2024 07:57:18 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 07 Nov 2024 07:57:18 GMT
content-type: image/gif
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 206ms
206ms Image
image/gif 2.17.100.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=71d66052351c031c506efc6194814a69&svisitor=null&visitor=b823ac4e-75fe-4a1a-8851-09a0f94adfc2&session=002acac2-3588-45c2-8b5b-68b70a5cd5b8&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2007%20Nov%202024%2007%3A57%3A19%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2007%20Nov%202024%2007%3A57%3A18%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%225317%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20blog%20dives%20into%20Adversarial%20Exposure%20Validation%20tools%2C%20comparing%20key%20technologies%20that%20drive%20effective%20exposure%20management%20and%20help%20prioritize%20cyber%20risks.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22U.S.%20Targets%20RedLine%20and%20META%20Infostealers%20in%20Operation%20Magnus%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&pageViewId=f712db68-1109-42a7-852d-0c84974191d7&an_uid=0&webTagId=8aaca2fd-5cd9-4888-ba4c-a92130465f35&ipv6=2a01%3A4a0%3A1338%3A92%3A%3A12&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "5e502810-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 07 Nov 2024 07:57:20 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 07 Nov 2024 07:57:20 GMT
content-type: image/gif
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 130ms
130ms Image
image/gif 2.17.100.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=71d66052351c031c506efc6194814a69&svisitor=null&visitor=b823ac4e-75fe-4a1a-8851-09a0f94adfc2&session=002acac2-3588-45c2-8b5b-68b70a5cd5b8&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2007%20Nov%202024%2007%3A57%3A20%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2007%20Nov%202024%2007%3A57%3A19%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226318%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20blog%20dives%20into%20Adversarial%20Exposure%20Validation%20tools%2C%20comparing%20key%20technologies%20that%20drive%20effective%20exposure%20management%20and%20help%20prioritize%20cyber%20risks.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22U.S.%20Targets%20RedLine%20and%20META%20Infostealers%20in%20Operation%20Magnus%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&pageViewId=f712db68-1109-42a7-852d-0c84974191d7&an_uid=0&webTagId=8aaca2fd-5cd9-4888-ba4c-a92130465f35&ipv6=2a01%3A4a0%3A1338%3A92%3A%3A12&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "60bb2e15-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 07 Nov 2024 07:57:20 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 07 Nov 2024 07:57:20 GMT
content-type: image/gif
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 132ms
132ms Image
image/gif 2.17.100.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=71d66052351c031c506efc6194814a69&svisitor=null&visitor=b823ac4e-75fe-4a1a-8851-09a0f94adfc2&session=002acac2-3588-45c2-8b5b-68b70a5cd5b8&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2007%20Nov%202024%2007%3A57%3A21%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2007%20Nov%202024%2007%3A57%3A20%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%227318%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20blog%20dives%20into%20Adversarial%20Exposure%20Validation%20tools%2C%20comparing%20key%20technologies%20that%20drive%20effective%20exposure%20management%20and%20help%20prioritize%20cyber%20risks.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22U.S.%20Targets%20RedLine%20and%20META%20Infostealers%20in%20Operation%20Magnus%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&pageViewId=f712db68-1109-42a7-852d-0c84974191d7&an_uid=0&webTagId=8aaca2fd-5cd9-4888-ba4c-a92130465f35&ipv6=2a01%3A4a0%3A1338%3A92%3A%3A12&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "60bb2e15-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 07 Nov 2024 07:57:21 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 07 Nov 2024 07:57:21 GMT
content-type: image/gif
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 139ms
139ms Image
image/gif 2.17.100.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=71d66052351c031c506efc6194814a69&svisitor=null&visitor=b823ac4e-75fe-4a1a-8851-09a0f94adfc2&session=002acac2-3588-45c2-8b5b-68b70a5cd5b8&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2007%20Nov%202024%2007%3A57%3A22%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2007%20Nov%202024%2007%3A57%3A21%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%228318%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20blog%20dives%20into%20Adversarial%20Exposure%20Validation%20tools%2C%20comparing%20key%20technologies%20that%20drive%20effective%20exposure%20management%20and%20help%20prioritize%20cyber%20risks.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22U.S.%20Targets%20RedLine%20and%20META%20Infostealers%20in%20Operation%20Magnus%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.picussecurity.com%2Fresource%2Fblog%2Fus-targets-redline-and-meta-infostealers-in-operation-magnus&pageViewId=f712db68-1109-42a7-852d-0c84974191d7&an_uid=0&webTagId=8aaca2fd-5cd9-4888-ba4c-a92130465f35&ipv6=2a01%3A4a0%3A1338%3A92%3A%3A12&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "60bb2e15-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Thu, 07 Nov 2024 07:57:22 GMT
accept-ranges: bytes
content-length: 43
date: Thu, 07 Nov 2024 07:57:22 GMT
content-type: image/gif
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)

Verdicts & Comments Add Verdict or Comment

129 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

39 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.picussecurity.com/	1970-01-21 00:49:28	Name: __cf_bm Value: vQzZ8Aqk8dao5yA0_y5a054RWvHwwUUFg.Rv4awRKWw-1730966233-1.0.1.1-7og_U8dF7FZ7cIypuxJ6p64fuYV0yjWsH66ckbVELGgFeJn1Eadg7NGXSW588ECRl2HWmEwXDocbC85.tdGmmQ
.www.picussecurity.com/	1969-12-31 23:59:59	Name: __cfruid Value: fc35e8d31b0ed76a341a99b0578cf4055a86aa0c-1730966233
.picussecurity.com/	1969-12-31 23:59:59	Name: traffic_start_page Value: https://www.picussecurity.com/resource/blog/us-targets-redline-and-meta-infostealers-in-operation-magnus
.hubspot.com/	1970-01-21 00:49:28	Name: __cf_bm Value: Fs2PqnFZyxyMXL0BfsEKPzYSFTlmNv5aBnSXqayzl6c-1730966234-1.0.1.1-ahg9iBul9JHt5WhxnYRpCHiVtjZVvZtE9ySDqP.gjK.SQ5m43uaY1apj4w36D_IpF1ajJ.DuWlGXa.M10BY9Dg
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: lTlWy0b7kmYE.tFt9J7m58jn8f6R6lFoCUt5MqIIDRg-1730966234494-0.0.1.1-604800000
.picussecurity.com/	1970-01-21 00:49:29	Name: MF69CXJ-OZ2jFJm35 Value: :::2
.picussecurity.com/	1970-01-21 00:49:29	Name: MF6JIbbIciiT7 Value: :::2
.picussecurity.com/	1970-01-21 00:49:29	Name: MF6JIbbJSfd Value: :::2
.picussecurity.com/	1970-01-21 00:49:29	Name: MF6JIbbCSRZlD Value: :::2
.picussecurity.com/	1970-01-21 10:25:26	Name: MFVaCk Value: 1:::2
.picussecurity.com/	1970-01-21 10:25:26	Name: MFVaKX5 Value: 1dc1dfc0-2a48-46fb-84be-f90ce9c169b9:::2
.picussecurity.com/	1970-01-21 00:49:29	Name: MFVaKkbIhOik Value: 1730966235:::2
.picussecurity.com/	1970-01-21 00:49:29	Name: MFVaKk-5 Value: 45fbc1df-bad8-4d7c-afd6-f7840c5f8c31:::2
.picussecurity.com/	1970-01-21 00:49:29	Name: MFVaEkb4ciek Value: 1:::2
.picussecurity.com/	1970-01-21 00:49:29	Name: MFVaEk-5 Value: efb6a7fb-98e2-4807-873f-c40f3801fad6:::2
.picussecurity.com/	1970-01-21 00:49:29	Name: MFVaEkbIhOik Value: 1730966235:::2
.picussecurity.com/	1970-01-21 09:35:02	Name: _hjSessionUser_2366058 Value: eyJpZCI6Ijc0NzU3ZjI1LTljMzYtNWUyMS05OTk4LTMxY2IyOTkwZTc0YiIsImNyZWF0ZWQiOjE3MzA5NjYyMzUwMDIsImV4aXN0aW5nIjp0cnVlfQ==
.picussecurity.com/	1970-01-21 00:49:28	Name: _hjSession_2366058 Value: eyJpZCI6ImM0ZTA0NTFhLTZiZWQtNDcxNS04OWQzLTJhMTMzZjliMmNiNiIsImMiOjE3MzA5NjYyMzUwMDMsInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MX0=
.hsforms.com/	1970-01-21 00:49:28	Name: __cf_bm Value: Z9JRkx4Mk3FWfKs34fd36h8zM1mCvuXmllejQlBu1tY-1730966235-1.0.1.1-JHLP3Px6m8RZ95pvbQGANlffcriD292nAnohA8AuGqt523Eay7yNCXQzBLJrYCBCHrS3sjEViV4U5vrPPCWGoA
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: 1KepxU2.ektKfjK85cITKBUWVIMtRc9MNN.g.ezd79Q-1730966235058-0.0.1.1-604800000
.linkedin.com/	1970-01-21 09:35:02	Name: bcookie Value: "v=2&fa48b110-c093-4863-8e3b-d6bd25b00425"
.linkedin.com/	1970-01-21 05:08:38	Name: li_gc Value: MTswOzE3MzA5NjYyMzU7MjswMjHOBNqW3Va4RZMdQRLh8tqqthzZnAEd3OE11Z+BQyA7vQ==
.linkedin.com/	1970-01-21 00:50:52	Name: lidc Value: "b=OGST03:s=O:r=O:a=O:p=O:g=3391:u=1:x=1:i=1730966235:t=1731052635:v=2:sig=AQEbkZE-KTAcwIUBDqZLMgjLe69izteM"
www.picussecurity.com/	1970-01-21 00:52:19	Name: poptin_old_user Value: true
www.picussecurity.com/	1970-01-21 09:35:02	Name: poptin_user_id Value: 0.jwuymeaumol
www.picussecurity.com/	1970-01-21 00:49:26	Name: poptin_previous_url Value:
.picussecurity.com/	1970-01-21 05:08:38	Name: __hstc Value: 51282614.9a1220329c9eb0bd7486cd70ce96e540.1730966235843.1730966235843.1730966235843.1
.picussecurity.com/	1970-01-21 05:08:38	Name: hubspotutk Value: 9a1220329c9eb0bd7486cd70ce96e540
.picussecurity.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.picussecurity.com/	1970-01-21 00:49:28	Name: __hssc Value: 51282614.1.1730966235843
www.picussecurity.com/	1970-01-21 10:25:26	Name: _gd_visitor Value: b823ac4e-75fe-4a1a-8851-09a0f94adfc2
www.picussecurity.com/	1970-01-21 00:49:40	Name: _gd_session Value: 002acac2-3588-45c2-8b5b-68b70a5cd5b8
.adnxs.com/	1970-01-21 10:25:26	Name: receive-cookie-deprecation Value: 1
www.picussecurity.com/	1970-01-21 00:59:31	Name: _an_uid Value: 0
www.picussecurity.com/	1970-01-21 09:35:02	Name: poptin_user_ip Value: 80.255.7.103
www.picussecurity.com/	1970-01-21 09:35:02	Name: poptin_user_country_code Value: false
www.picussecurity.com/	1970-01-21 01:32:38	Name: poptin_session_account_613f053dd8506 Value: true
www.picussecurity.com/	1970-01-21 00:49:28	Name: poptin_session Value: true
www.picussecurity.com/	1970-01-21 01:32:38	Name: poptin_c_visitor Value: true

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

39666904.fs1.hubspotusercontent-na1.net
7048931.fs1.hubspotusercontent-na1.net
api.hubapi.com
app.hubspot.com
b.6sc.co
bat.bing.com
bat.bing.net
c.6sc.co
cdn.mouseflow.com
cdn.popt.in
cdnjs.cloudflare.com
connect.facebook.net
content.hotjar.io
cta-service-cms2.hubspot.com
d10lpsik1i8c69.cloudfront.net
display.popt.in
eps.6sc.co
fonts.googleapis.com
fonts.gstatic.com
forms-na1.hsforms.com
forms.hscollectedforms.net
forms.hsforms.com
forms.hubspot.com
ipv6.6sc.co
j.6sc.co
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsleadflows.net
js.hubspot.com
js.usemessages.com
lh7-rt.googleusercontent.com
p.visitorqueue.com
pagead2.googlesyndication.com
perf-na1.hsforms.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.google-analytics.com
script.hotjar.com
secure.adnxs.com
settings.luckyorange.net
snap.licdn.com
static.hotjar.com
static.hsappstatic.net
static.hubspot.com
t.visitorqueue.com
track.hubspot.com
vc.hotjar.io
www.googletagmanager.com
www.picussecurity.com
104.17.24.14
104.18.80.204
13.107.42.14
13.32.27.19
142.250.185.162
143.204.205.185
146.75.120.157
157.240.253.1
172.217.18.3
172.67.166.202
172.67.75.100
18.66.102.53
18.66.112.79
185.89.210.153
199.60.103.227
2.17.100.184
2001:4860:4802:34::36
216.58.212.170
2600:9000:2490:9400:c:77c4:d500:93a1
2606:2800:233:66b5:799a:7cd3:f74d:7071
2606:4700:4400::6812:297c
2606:4700:4400::ac40:9310
2606:4700::6810:4e8e
2606:4700::6810:6bfe
2606:4700::6810:7574
2606:4700::6811:afc9
2606:4700::6811:b05b
2606:4700::6811:df98
2606:4700::6812:1b32
2606:4700::6812:8a11
2606:4700::6812:f36c
2620:1ec:21::14
2620:1ec:33:3::10
2620:1ec:c11::237
2a00:1450:4001:802::200a
2a00:1450:4001:810::2008
2a00:1450:4001:82f::2001
2a02:26f0:3500:10::210:a9a
2a02:26f0:7100::5f64:87d0
52.208.120.167
75.2.108.141
99.79.185.91
0200a7698afae38e9385f59706f2c5966fcd943aec1b0d47597fb65f319fa2b0
041685b0e5a31c63c4c06ffc86484bdd0c56100f1f0b36c91571e6a00bcec715
067c9537ec36da4afb93e9fec9bc7e656959b6623e9491f0092200db06657f1c
07d7742e484bac669f7c1fafc007b600986f5234cc0f0f369d97b39cd563394d
0af58bcdda4bce4a998c3c1d32d5a6bbebd8ef7c7007e8888531cb493cc9f64b
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
0d24d7930883c81a956a8d25026d6befdf264a901da8570a7fa27b6db580c2bf
0d65e0bb2b93943ac7a72d8f70bda4f8931d6d07c9731bf28dc1d895c1dc4edf
106fcd8d723eda7d92a26893a439ccef998e5fc68ad228253607143d801e8cd8
109a14abac939df0ab29af6bbf5c0ca592b1cdf7adb33a0052f166c8b303bc37
115c7f3cf61e4ec19070b9e59e20e78756d39d193eb9b544065059b9935d2491
126e07fe4635bb161e3cef3e0041dac87c8eb4bf390878de83077a7244a5a3ae
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
21036da1013e88ad1be39946746a916786b081557a7a72b6a194c153c175aa59
228f08d7d79b9a75e9df18997ee260c139fe2d538924d5f05037e047d3f41d38
262cafa3bec04e9662eb37b65fac04cdd2640bba0848577402c9c02c6543754e
2d042ae177f7d076320fa923d0bfc2d3f831e3dacec0ff6fffc1328d4e36f2f9
2e095c77cbc278604a08136ba272382190c0c7a12a26777a33ca20fafbb59186
2e501f1e36f93ed8160ba31a236aa28c8c438073ab228f839ed336a671a17c99
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
34350dee947083733dcd88d858cf65df7a4f282846c465b8f9627090aa5da3c0
384b974c8b9634c56fb9992959ed44603c530ae06c235dfae8afc493dee85c88
387fafc4558eb44d4303fb1710ec85e39755ffa9378b8cdf982c7e66db79c463
3915bef88dd05f9c52427af8b187eaf88881c38d165e6affef86ae6efe799ab9
4071465b2c0223da0e296a2d9ed8fbec379caa2d8eccacf96113afa481d7714a
42c7e51d284cd7256caf3bfebf641141876657ea0d6e5588ac7e69dce1e9cf7e
43ffc04fc9feaf3e018ef29811c774bd365508ef79d33f9e63c5156a6fc90bf8
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
46aab71563349f25bf0a0850087f5760b8db58f5f5619761a63b8342442a786a
4a948cad1525b333f4615fb0203e3dcf4a5fdef9409adb657fceeab1dcb37f7d
4b10ed849684d1d7752b60848316f4db37f8845c68e43f07df2bef44262684b0
4bf7bbe2ff34569ca8208b5df957ae1bd37d2403d378146fb4e993155cb9820d
4c92a856ef5f00e2ac59b76a4960d24a2dc57e80fe559acaabf141494ef00081
4d853f486dc84fdc7d1b073cbe0567f4ad79b211fc28ed46186bbb0c8cd1ad26
5242ab5df4690e1c975cefd6c70bc7f19037060288e9254c16b3ea0b07f3b222
5458bb001fbaee0822a06901d6989a7568457bc97c78ce726d8884c34f665910
5620db9e8a5b228694efb9ce55c54f0b55599f9eec55f49f8f54690b61a5a688
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
568d7b83659993469a2d729ad98daba3a7de2568f74d670d18ae618f118fe353
57d3d04b4a237dde8837599213c631385d981da2190dfe9099495a58cdd91c92
5b7290b38b86182592c3a60c491c3a977318c034959142a61d92a75025b3c334
5db7ebaf5c59a393c37e60c30e2d80c32e24cd7b49c02e04a14e10bd4a3e31b3
5f2662d3a952503f1a49334a9436df710115bffcb783697a5c6e85f8d5883d1c
616a7f16e89518adbc89002f178ebfac5756fc3e96ca30a807ce65ee0e7e4530
62553d159189834af73c9a6264704be5b2bee9a08da66a14768d8e5c6ffd2cdb
632ae2a19dd0817549172e38d37d628124c089c4466c0dca78378c8a78e3f1e1
633600072534f800c00ce54b60270678545462434c28e1865dde26273d8b00d3
6814ef46f686990cf4e946f966167b0507e1d642c44e51f61bffb0bba2d4672b
690402827f42db73cc7c65eaf2749f2e179e9f580b1b74082d70b18bfeff2f00
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6cb6821219dae9fa9a21519d86d7ec7acaf0c4dd61463eb336eb92964feebef3
725822cb7a90a5c69dd64ba2bc70de4d3c48a4d8b2faab1e676a83c504c7adc8
794559db00f5a68a8a82dc14f100cd1f9a970cbea66701ca8a43dee9919ffe03
7959e686f3668a5465c5eacedf2d57eb61675b5f8584fcb07114aa38b63d53b8
7b02bfd5d8783bcbc3273327b796412ddc1b8a0e8a01e0f26b6e17e908f8533e
7c2591f422aa5cfb1f8bf00a5db7c9407e81037dbeaf22b2e8a791e56468cdf3
7cc1ff7f9b57caf071c85b50968032dea1fa2ff1dc8a84da9d248d70a7820ffd
7fdcb805a20649db94783ffc68e227bd61a806f29af381db6c84b52138d2dccd
82fadff367a12e614a5ec145bec6ea58ab214367c8c6f3186ca07353b0bbf16b
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed
8acd930d7a72da64980a950dea0c1507411900cb1459aa8c743e003df27444dd
8cda9cd43d4127342ef2bd26c9a89e80fcfd2cece43b6e9fe51c8f4c9fc10d8e
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
903386a2a92e603bf2a0c57c31327cce4240e1d273cdc2578093700fceb4d7c8
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
a00ac1e97469410d27c7807937a01a9fb37272970d20a0178bad424be0bdf6ae
a1f8f7541a2982d7df75f73d0234a3f2afdc8302f361078f883d25a3a574bae4
a3ca2178c03aa90413665605224901388a8a7694be710ccf31d1c9546f6bb558
aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a
ad35b390ce3898cfef7bb94973d42ab290ec56f7315e0b459f4ba017eac96f07
b0403829bc66fd1f26c7ad7f42a2560787fe44f34417d357ed83d107ab32d983
b4aedc93d1c0050ee019a0f8a838d5de2b64ca89662eb31c45e04da5d3f09b4f
b71a29ecd59a83648619466fa24609d9030aa3eb31b3cedc7f9b424d2da1a270
b9e0d8bb5e93f8376e1e233d7615950b805a799a753dc4c1ed078ca92eddd5a5
bfd3189d965573e36997f170667b1ceef5cfd0471b6f5be228ca6ac7bcb97c23
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
ca9ead1a878c5a474808166462389da9859bbe06ee7c5e4365029c8062709121
cb5224674e43d02db0037517f4aa29ba5ce9ddd0672e513cc7289714ba657522
cb60114d01e18846fc0570ef5b0c637ff1cf5f96b3cea88dd7a7a56bc587d726
cb72a3cb5614383e3b08354bc293e2399eb11d0ed17eef59d44bef4598682c3e
ccee1682963a5d9deecdb1dcf9f8e00135cf80c850f2e3309637aa0b14a47938
ce1eade43de61291fb7e1708bdbe373f955aa88e54e9c894fa6ab1ed455ab1b5
cf773224fb7b3fd5978d7b527d003387334f71f37ed57e9ea50fe7b9bf4d6a76
d1af850eed9d8f478503ae0d24ebdd78691a15ed523db6f16df44b9da327c0d5
d1b07feb8dacb85eaa974e4da4e4268679888a74f92ed43e15123ac701717ec6
d2012aadea462fafe352402e17767e0f80b6407c288876a88052e478cc6e9466
d44882ab82adeef2856a0d52fb54bb70e472be45d50aa3a16b4cb39223391a99
d5ecf2f6d5b7937dd1aa50165b89193436347d55cb130951d41e028b1f09d3af
d80185fbff5a2f633a62ef68aab3b097f2dc1cd9c76f408c1ba843351a0ea44c
d875f9a2038e25a599452c9e774403240c3bc83df261ed41188bd7ecdf71fee0
dab4ed514d39f2a7cf4ccf6215d9cd4c851d24c9ccf85839cc73e4097d38df61
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
dfa6926b9a37ef678729a29a6d7f9b98e913f7c6d803d3c3b2ef84e2fc1cdc71
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3d429ffb40c652bd7f9d8037c1e0752935c58621f0b6240c71c40453121c66e
e4efcc099f128e3655108f269adb8e838c24ee54d98c3903a22dec225e3e1221
e8762831ff219f8b76b3479d9ffb9da218a058d059993123584cdbb5da6c079b
ea40563dac288d2a4e806100888a28be233519095512b5b0f44f02d4a4b23aea
eccdaebbdb2cec99bbb95481e7ae05110a96cd9d2c459af234951d23ed275dd8
f052ee44c3728dfd23aba8a4567150bc314d23903026fbb6ad089422c2df56af
f0a9b19d1615e0e2afdca507d4c7cbe384b0bdfad5cbaf63c14a386df33a62d7
f16de7b1b4aaefe1a073fd179d639c5264e6451ea208b8b9cf72ef0d846b308f
f80603874c68fef25ac9ffe412a6c6056ab267d7e4d044f090c8282ab80c4da5
f9ca99fe82ab8774dbe41c6e8d72fe5bddfc329a9518ba6a880572c1ef96c538
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fe6ee10b03114d58ae3552f76f67608965f961c9d2743a003b3c8da7e5ff4f7c
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
ffba9a52471b5e7d35690f8297267837b94bdce89a67fa3ab13e5574d686a546
fffcc1196c1beb2cd92264e3b6efe6fdebc9129610b8308987eff5d97ebab507

www.picussecurity.com Open in urlscan Pro 199.60.103.227 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

143 Requests

98 %HTTPS

52 %IPv6

34 Domains

53 Subdomains

43 IPs

5 Countries

2017 kBTransfer

5232 kBSize

39 Cookies

31 Outgoing links

Redirected requests

143 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.picussecurity.com Open in urlscan Pro
199.60.103.227 Public Scan

Screenshot
Live screenshot

Full Image

143
Requests

98 %
HTTPS

52 %
IPv6

34
Domains

53
Subdomains

43
IPs

5
Countries

2017 kB
Transfer

5232 kB
Size

39
Cookies

143 HTTP transactions
3 data transactions