URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Submission: On March 13 via api from US

Summary

This website contacted 13 IPs in 2 countries across 10 domains to perform 78 HTTP transactions. The main IP is 2606:4700:20::6819:eb64, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.securityweek.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on December 4th 2019. Valid for: 10 months.
This is the only time www.securityweek.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Domain Requested by
46 www.securityweek.com www.securityweek.com
ajax.cloudflare.com
6 app.brightinfo.com www.securityweek.com
app.brightinfo.com
5 tpc.googlesyndication.com securepubads.g.doubleclick.net
www.securityweek.com
tpc.googlesyndication.com
cdn.ampproject.org
4 cdn.ampproject.org securepubads.g.doubleclick.net
4 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
www.securityweek.com
3 pagead2.googlesyndication.com securepubads.g.doubleclick.net
2 ssl.google-analytics.com www.securityweek.com
1 bia.brightinfo.com app.brightinfo.com
1 www.google-analytics.com app.brightinfo.com
1 cse.google.com
1 www.google.com 1 redirects
1 adservice.google.com www.googletagservices.com
1 adservice.google.de www.googletagservices.com
1 www.googletagservices.com www.securityweek.com
1 ajax.cloudflare.com www.securityweek.com
78 15
Subject Issuer Validity Valid
securityweek.com
CloudFlare Inc ECC CA-2
2019-12-04 -
2020-10-09
10 months crt.sh
ssl412106.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2
2019-12-05 -
2020-06-12
6 months crt.sh
*.g.doubleclick.net
GTS CA 1O1
2020-02-25 -
2020-05-19
3 months crt.sh
*.google.com
GTS CA 1O1
2020-02-25 -
2020-05-19
3 months crt.sh
*.google-analytics.com
GTS CA 1O1
2020-02-25 -
2020-05-19
3 months crt.sh
tpc.googlesyndication.com
GTS CA 1O1
2020-02-25 -
2020-05-19
3 months crt.sh
misc-sni.google.com
GTS CA 1O1
2020-02-25 -
2020-05-19
3 months crt.sh
*.brightinfo.com
DigiCert SHA2 Secure Server CA
2020-03-11 -
2021-03-16
a year crt.sh

This page contains 5 frames:

Primary Page: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Frame ID: 8F502644B5D3EAA6686989A940111AAC
Requests: 68 HTTP requests in this frame

Frame: https://www.securityweek.com/ad.html
Frame ID: 2014DB6242B9B6EA09E6A8372F10EA6D
Requests: 1 HTTP requests in this frame

Frame: https://www.securityweek.com/ad.html
Frame ID: 239A2B86F753CCC45C8468F80A9A4D1C
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012002251816300/amp4ads-v0.js
Frame ID: 1C93000055E470DA7F0A1775FE90F3B2
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Frame ID: 44224998BDBE75326F132E434EDE9FA0
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<(?:link|style)[^>]+"\/sites\/(?:default|all)\/(?:themes|modules)\//i
  • headers expires /19 Nov 1978/i

Overall confidence: 100%
Detected patterns
  • html /<(?:link|style)[^>]+"\/sites\/(?:default|all)\/(?:themes|modules)\//i
  • headers expires /19 Nov 1978/i

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Overall confidence: 100%
Detected patterns
  • script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

78
Requests

99 %
HTTPS

77 %
IPv6

10
Domains

15
Subdomains

13
IPs

2
Countries

1084 kB
Transfer

2596 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 50
  • https://www.google.com/coop/intl/en/images/google_custom_search_watermark.gif HTTP 302
  • https://cse.google.com/coop/intl/en/images/google_custom_search_watermark.gif

78 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request russia-linked-turla-cyberspies-add-mo=
www.securityweek.com/
47 KB
11 KB
Document
General
Full URL
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.3.29
Resource Hash
cb09516641dd47b19c911886d1ed31574e80e0dfc19a203dc94815eff26b5642

Request headers

:method
GET
:authority
www.securityweek.com
:scheme
https
:path
/russia-linked-turla-cyberspies-add-mo=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
document
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document

Response headers

status
404
date
Fri, 13 Mar 2020 16:18:07 GMT
content-type
text/html; charset=utf-8
set-cookie
__cfduid=d5a5e7eb48a67a58ba874bf3ea8a73c7a1584116285; expires=Sun, 12-Apr-20 16:18:05 GMT; path=/; domain=.securityweek.com; HttpOnly; SameSite=Lax; Secure SESSc3f2c9572aa8f3f5ea6f60501affecb3=20a2f0cc75a3a5b6020960e00dc24561; expires=Sun, 05-Apr-2020 19:51:25 GMT; path=/; domain=.securityweek.com
x-powered-by
PHP/5.3.29
expires
Sun, 19 Nov 1978 05:00:00 GMT
cache-control
store, no-cache, must-revalidate, post-check=0, pre-check=0
last-modified
Fri, 13 Mar 2020 16:18:05 GMT
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5737119fa991bf28-FRA
content-encoding
br
MtZjAddKzhFJoLq5xYGl1vZkDn8.js
www.securityweek.com/cdn-cgi/apps/head/
5 KB
2 KB
Script
General
Full URL
https://www.securityweek.com/cdn-cgi/apps/head/MtZjAddKzhFJoLq5xYGl1vZkDn8.js
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f8dd5483dc29044f06c3a45f8fd05d0f122a2b4315292df6da919775189351c9

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 13 Mar 2020 16:18:07 GMT
content-encoding
br
cf-cache-status
HIT
age
3049338
status
200
x-amz-request-id
80CFB904007141D4
x-amz-id-2
Cu4DX7lizWi9bVuVRzMd3+DoyWD+GHhKHfbCi2CZ+9GrUnolg1vvigxKgPd3tCZl9ggVcR8QX+E=
last-modified
Tue, 04 Dec 2018 19:44:59 GMT
server
cloudflare
etag
W/"6998744eb932e2ecef296a28191978ed"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
JCMgPdMNLoo3bIn5Dbz15QtzSlH_yitT
cf-ray
573711af6e8bbf28-FRA
css_9bd0258b3c66153281c8cf1d10b20a76.css
www.securityweek.com/sites/default/files/css/
25 KB
5 KB
Stylesheet
General
Full URL
https://www.securityweek.com/sites/default/files/css/css_9bd0258b3c66153281c8cf1d10b20a76.css
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
34425b026d211516f29ab5e8dae5e59f713322b110cf5f2a7cf81a3d16e73c4c

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Fri, 13 Mar 2020 16:18:07 GMT
content-encoding
br
cf-cache-status
HIT
age
195556
cf-polished
origSize=26271
status
200
last-modified
Wed, 11 Mar 2020 09:48:40 GMT
server
cloudflare
etag
W/"3c18e5-669f-5a09124226e42"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
expires
Wed, 25 Mar 2020 09:58:50 GMT
cache-control
max-age=1209600
cf-ray
573711af6e89bf28-FRA
cf-bgj
minify
css_369bd85c76d1f72cf02b33a0da9777b8.css
www.securityweek.com/sites/default/files/css/
27 KB
5 KB
Stylesheet
General
Full URL
https://www.securityweek.com/sites/default/files/css/css_369bd85c76d1f72cf02b33a0da9777b8.css
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0deae7d488b0316e0149f1dc2caec46821b2272127b61b4ffadf6f99a303ea16

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Fri, 13 Mar 2020 16:18:07 GMT
content-encoding
br
cf-cache-status
HIT
age
196158
cf-polished
origSize=27647
status
200
last-modified
Wed, 11 Mar 2020 09:48:32 GMT
server
cloudflare
etag
W/"3c18d2-6bff-5a09123aaa21d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
expires
Wed, 25 Mar 2020 09:48:49 GMT
cache-control
max-age=1209600
cf-ray
573711af6e8cbf28-FRA
cf-bgj
minify
securityweek_logo.jpg
www.securityweek.com/sites/default/files/
19 KB
20 KB
Image
General
Full URL
https://www.securityweek.com/sites/default/files/securityweek_logo.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
54d6b160853e82e8543a0ba21ecfb80acc0313dd7cbfafe5fd636cf0186b0728

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:07 GMT
cf-cache-status
HIT
age
85774
cf-polished
origSize=20250
status
200
content-length
19825
last-modified
Thu, 01 Jan 2015 16:34:13 GMT
server
cloudflare
etag
"3a192b-4f1a-50b99cb580b40"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Thu, 26 Mar 2020 16:28:33 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711af6e90bf28-FRA
cf-bgj
imgq:100
RSA-News-Coverage.jpg
www.securityweek.com/sites/default/files/imagecache/slider/
6 KB
6 KB
Image
General
Full URL
https://www.securityweek.com/sites/default/files/imagecache/slider/RSA-News-Coverage.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d926bccc524c5a7442d74568f3b6b83f2702ea67d398bfee3aff3d5609a7d83b

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:07 GMT
cf-cache-status
HIT
age
180744
cf-polished
origSize=6592
status
200
content-length
5934
last-modified
Wed, 26 Feb 2020 13:40:04 GMT
server
cloudflare
etag
"3a0015-19c0-59f7abde14ffc"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Wed, 25 Mar 2020 14:05:43 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711af6e92bf28-FRA
cf-bgj
imgq:100
RSS-Icon.png
www.securityweek.com/images/
3 KB
3 KB
Image
General
Full URL
https://www.securityweek.com/images/RSS-Icon.png
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a0052405943de6e39694e6f192e6e96ae8f7f3fdfcedef5c2f1a14477daf9ca2

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:07 GMT
cf-cache-status
HIT
age
251292
cf-polished
origSize=2844
status
200
content-length
2610
last-modified
Wed, 06 Oct 2010 06:57:24 GMT
server
cloudflare
etag
"1e133b-b1c-491ed4a241d00"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
expires
Tue, 24 Mar 2020 18:29:55 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711af8ebfbf28-FRA
cf-bgj
imgq:100
long_dotted.jpg
www.securityweek.com/sites/all/themes/securityweek/images/
2 KB
3 KB
Image
General
Full URL
https://www.securityweek.com/sites/all/themes/securityweek/images/long_dotted.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c319f99ad19664bda995f3f297416339a5c305fa2957dfc62a22d2c9648e9afd

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:07 GMT
cf-cache-status
HIT
age
197630
cf-polished
origSize=3162
status
200
content-length
2555
last-modified
Sun, 15 Jan 2012 05:36:26 GMT
server
cloudflare
etag
"3c0017-c5a-4b68a7aa1aa80"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Wed, 25 Mar 2020 09:24:17 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711af8ec0bf28-FRA
cf-bgj
imgq:100
picture-63.jpg
www.securityweek.com/sites/default/files/pictures/
6 KB
6 KB
Image
General
Full URL
https://www.securityweek.com/sites/default/files/pictures/picture-63.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
30e9897a0837fa67be09757ef19f4f425c23fdfb3486d90a91b53d8062f1e9af

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:07 GMT
cf-cache-status
HIT
age
1189226
cf-polished
status=not_needed
status
200
content-length
5638
last-modified
Mon, 14 Mar 2011 00:19:21 GMT
server
cloudflare
etag
"3c1375-1606-49e66435f1440"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Fri, 13 Mar 2020 21:57:40 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711af8ec2bf28-FRA
cf-bgj
imgq:100
picture-165.jpg
www.securityweek.com/sites/default/files/pictures/
13 KB
13 KB
Image
General
Full URL
https://www.securityweek.com/sites/default/files/pictures/picture-165.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1340cf0a8debd23b29f9278c7ab0e7f2eae08459e7780394fccedfcac23fe61c

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:07 GMT
cf-cache-status
HIT
age
627943
cf-polished
origSize=16347
status
200
content-length
12988
last-modified
Thu, 17 May 2018 17:47:27 GMT
server
cloudflare
etag
"3c18fc-3fdb-56c6a6dbe5482"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Fri, 20 Mar 2020 09:52:24 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711af8ec3bf28-FRA
cf-bgj
imgq:100
picture-177.jpg
www.securityweek.com/sites/default/files/pictures/
10 KB
10 KB
Image
General
Full URL
https://www.securityweek.com/sites/default/files/pictures/picture-177.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fdc01fcedd8e63f69a88d693b068cb3429185ec1e3978fc7aa11467517a57c76

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:07 GMT
cf-cache-status
HIT
age
210561
cf-polished
origSize=13443
status
200
content-length
10102
last-modified
Tue, 22 Oct 2019 16:02:44 GMT
server
cloudflare
etag
"3c1313-3483-59581ee43d6e7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Wed, 25 Mar 2020 05:48:46 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711af8ec5bf28-FRA
cf-bgj
imgq:100
picture-149.jpg
www.securityweek.com/sites/default/files/pictures/
12 KB
12 KB
Image
General
Full URL
https://www.securityweek.com/sites/default/files/pictures/picture-149.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7927029fd02b20d594d217f4d40af9475d2907f43bed1cfbfec627a76e2fa3c

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:07 GMT
cf-cache-status
HIT
age
375346
cf-polished
origSize=15153
status
200
content-length
12070
last-modified
Tue, 25 Apr 2017 04:13:32 GMT
server
cloudflare
etag
"3c0fc1-3b31-54df5f2625eb3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Mon, 23 Mar 2020 08:02:21 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711af9ecebf28-FRA
cf-bgj
imgq:100
picture-173.png
www.securityweek.com/sites/default/files/pictures/
17 KB
17 KB
Image
General
Full URL
https://www.securityweek.com/sites/default/files/pictures/picture-173.png
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b96d20db8ba112f14140d3246ba4a36568a1e16266c41f0fb42a1f608a2671

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:07 GMT
cf-cache-status
HIT
age
720898
cf-polished
origSize=21921
status
200
content-length
16963
last-modified
Tue, 19 Mar 2019 10:10:01 GMT
server
cloudflare
etag
"3c190a-55a1-5846fb54dbe1a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
expires
Thu, 19 Mar 2020 08:03:09 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711afbef9bf28-FRA
cf-bgj
imgq:100
picture-161.png
www.securityweek.com/sites/default/files/pictures/
16 KB
16 KB
Image
General
Full URL
https://www.securityweek.com/sites/default/files/pictures/picture-161.png
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4b0c3eb6694cd51631ba8d55df6423d527d0a07edd4c962af4da85bd7f4689de

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:07 GMT
cf-cache-status
HIT
age
247023
cf-polished
origSize=22165
status
200
content-length
16486
last-modified
Fri, 03 Nov 2017 16:03:32 GMT
server
cloudflare
etag
"3c1333-5695-55d163f0dbf08"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
expires
Tue, 24 Mar 2020 19:41:04 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711afbefbbf28-FRA
cf-bgj
imgq:100
picture-104.jpg
www.securityweek.com/sites/default/files/pictures/
13 KB
13 KB
Image
General
Full URL
https://www.securityweek.com/sites/default/files/pictures/picture-104.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c40ea0dc8ff00c3bcaf41a69e2379d52159db3fb897ba2fba3e0666c3ea59991

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:08 GMT
cf-cache-status
HIT
age
890439
cf-polished
origSize=16568
status
200
content-length
13223
last-modified
Wed, 12 Jun 2019 15:51:59 GMT
server
cloudflare
etag
"3c0f61-40b8-58b2264c3ce65"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Tue, 17 Mar 2020 08:57:29 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711b00f84bf28-FRA
cf-bgj
imgq:100
picture-174.jpg
www.securityweek.com/sites/default/files/pictures/
9 KB
10 KB
Image
General
Full URL
https://www.securityweek.com/sites/default/files/pictures/picture-174.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eef018f536aeb37c509fa61b47956b8d9975c470aad7244df901483c5bf7a882

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:08 GMT
cf-cache-status
HIT
age
871042
cf-polished
origSize=10346
status
200
content-length
9687
last-modified
Mon, 03 Jun 2019 17:50:23 GMT
server
cloudflare
etag
"3c1904-286a-58a6eff9fd77e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Tue, 17 Mar 2020 14:20:46 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711b00f85bf28-FRA
cf-bgj
imgq:100
security_newsletter.gif
www.securityweek.com/images/
1 KB
1 KB
Image
General
Full URL
https://www.securityweek.com/images/security_newsletter.gif
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
200abde0c426b23abe8a9c501ab4e8e72c048cc0653203817cc9ff96cc6e394d

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:08 GMT
cf-cache-status
HIT
age
251293
cf-polished
status=not_needed
status
200
content-length
1084
last-modified
Fri, 22 Apr 2011 17:43:08 GMT
server
cloudflare
etag
"1e134c-43c-4a185640ae300"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
expires
Tue, 24 Mar 2020 18:29:55 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711afbf1dbf28-FRA
cf-bgj
imgq:100
subscribe_icon_new_03.jpg
www.securityweek.com/images/
2 KB
3 KB
Image
General
Full URL
https://www.securityweek.com/images/subscribe_icon_new_03.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
39b67a626bf990ef239c8f32322b0fea0df01ec6d13257ff06f4a7fbd7215ccf

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:07 GMT
cf-cache-status
HIT
age
251292
cf-polished
origSize=2535
status
200
content-length
2521
last-modified
Mon, 22 Mar 2010 15:43:36 GMT
server
cloudflare
etag
"1e1333-9e7-482658f665a00"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Tue, 24 Mar 2020 18:29:55 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711afbf16bf28-FRA
cf-bgj
imgq:100
subscribe_icon_new_05.jpg
www.securityweek.com/images/
2 KB
2 KB
Image
General
Full URL
https://www.securityweek.com/images/subscribe_icon_new_05.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aad13bf04035f24eb4ffbbddd432dfb8dd0cdeac853943a26b9cd451ed517edc

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:07 GMT
cf-cache-status
HIT
age
251292
cf-polished
origSize=2237
status
200
content-length
2215
last-modified
Mon, 22 Mar 2010 15:43:38 GMT
server
cloudflare
etag
"1e1332-8bd-482658f84de80"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Tue, 24 Mar 2020 18:29:55 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711afbf01bf28-FRA
cf-bgj
imgq:100
subscribe_icon_new_07.jpg
www.securityweek.com/images/
2 KB
3 KB
Image
General
Full URL
https://www.securityweek.com/images/subscribe_icon_new_07.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
363cb466cb44913b8c880111c017a4bbdd2ab9f83db0fbc9082fffd2752a9998

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:07 GMT
cf-cache-status
HIT
age
628488
cf-polished
origSize=2488
status
200
content-length
2467
last-modified
Mon, 22 Mar 2010 15:43:40 GMT
server
cloudflare
etag
"1e132e-9b8-482658fa36300"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Fri, 20 Mar 2020 09:43:19 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711afbf1cbf28-FRA
cf-bgj
imgq:100
rss_icon_new_11.jpg
www.securityweek.com/images/
3 KB
3 KB
Image
General
Full URL
https://www.securityweek.com/images/rss_icon_new_11.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99f599f5ce506f5157d56040e57c4379648c7ec0c1ae8e339c74854d12fd51be

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:08 GMT
cf-cache-status
HIT
age
458339
cf-polished
origSize=2696
status
200
content-length
2681
last-modified
Mon, 22 Mar 2010 15:43:34 GMT
server
cloudflare
etag
"1e1338-a88-482658f47d580"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Sun, 22 Mar 2020 08:59:09 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711afbf19bf28-FRA
cf-bgj
imgq:100
ICS_Singapore-2020-300x250.jpg
www.securityweek.com/sites/default/files/features/
45 KB
45 KB
Image
General
Full URL
https://www.securityweek.com/sites/default/files/features/ICS_Singapore-2020-300x250.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eece8223d6850167a40f7efd6d1b1ad9863ec49486cdd7008d7303c0e64b64da

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:08 GMT
cf-cache-status
HIT
age
588712
cf-polished
origSize=53901
status
200
content-length
46142
last-modified
Fri, 21 Feb 2020 20:27:50 GMT
server
cloudflare
etag
"c604d1-d28d-59f1bdaff37b8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Fri, 20 Mar 2020 20:46:16 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711b00f86bf28-FRA
cf-bgj
imgq:100
wired_publishing.jpg
www.securityweek.com/images/
2 KB
2 KB
Image
General
Full URL
https://www.securityweek.com/images/wired_publishing.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f48a93ab79e97cebdb0a614f94a9a9ef592729dd86b58db65c84c50776a9ed26

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:08 GMT
cf-cache-status
HIT
age
251293
cf-polished
origSize=2601
status
200
content-length
2072
last-modified
Wed, 08 Dec 2010 15:26:32 GMT
server
cloudflare
etag
"1e132d-a29-496e7bef23a00"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Tue, 24 Mar 2020 18:29:55 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711b00f90bf28-FRA
cf-bgj
imgq:100
rocket-loader.min.js
ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/
12 KB
4 KB
Script
General
Full URL
https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b08cdbc2d30e656a86b20f8342428d5863f70f4b30135b4f4061f754ce932f5e
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 13 Mar 2020 16:18:07 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Wed, 11 Mar 2020 12:34:19 GMT
server
cloudflare
etag
W/"5e68dacb-3016"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
SAMEORIGIN
content-type
application/javascript
status
200
cache-control
max-age=172800, public
strict-transport-security
max-age=15780000; includeSubDomains
cf-ray
573711af8ef9d6d9-FRA
expires
Sun, 15 Mar 2020 16:18:07 GMT
JsfVAji5wHtjMw9KWartCq34fZY.js
www.securityweek.com/cdn-cgi/apps/body/
23 KB
7 KB
Script
General
Full URL
https://www.securityweek.com/cdn-cgi/apps/body/JsfVAji5wHtjMw9KWartCq34fZY.js
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/cdn-cgi/apps/head/MtZjAddKzhFJoLq5xYGl1vZkDn8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8c9b185e1e937971dfedaafecf01bc14813a2ece31cc9af4a2097f9b3ecb061d

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 13 Mar 2020 16:18:08 GMT
content-encoding
br
cf-cache-status
HIT
age
8716392
status
200
x-amz-request-id
CE3A0B6C73B139C6
x-amz-id-2
PRMFOvKJosTdQSSE9hk7Y7+FuzS42K8CxePCyVPVv11KMkMLNndnkL/yCFiRUC1NKEJ4VSIAvrI=
last-modified
Tue, 04 Dec 2018 19:44:58 GMT
server
cloudflare
etag
W/"cb0ca31f11dc8247de26e3dcd49db722"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
h5OK1yTQAx2t7V4blDMielr1pB4gwYKR
cf-ray
573711b02fb3bf28-FRA
bg.jpg
www.securityweek.com/sites/all/themes/securityweek/images/
622 B
743 B
Image
General
Full URL
https://www.securityweek.com/sites/all/themes/securityweek/images/bg.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0eb8c78b4dfa8b3591631c3dc0bc82b82fac561d7f42e735c06bccd28261bfa9

Request headers

Referer
https://www.securityweek.com/sites/default/files/css/css_369bd85c76d1f72cf02b33a0da9777b8.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:07 GMT
cf-cache-status
HIT
age
251292
cf-polished
origSize=13217
status
200
content-length
622
last-modified
Sat, 09 Aug 2014 20:02:44 GMT
server
cloudflare
etag
"3c0013-33a1-50037ce116100"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Tue, 24 Mar 2020 18:29:55 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711afbf04bf28-FRA
cf-bgj
imgq:100
menu-leaf.gif
www.securityweek.com/sites/all/themes/securityweek/images/icons/
175 B
283 B
Image
General
Full URL
https://www.securityweek.com/sites/all/themes/securityweek/images/icons/menu-leaf.gif
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
913e0bff2ebdfd8aa46e82e8282910638f68fdb9f56f447f1f6b259f3fe5e539

Request headers

Referer
https://www.securityweek.com/sites/default/files/css/css_369bd85c76d1f72cf02b33a0da9777b8.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:08 GMT
cf-cache-status
HIT
age
251293
cf-polished
status=not_needed
status
200
content-length
175
last-modified
Mon, 22 Mar 2010 15:27:51 GMT
server
cloudflare
etag
"3c002d-af-482655712cbc0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
expires
Tue, 24 Mar 2020 18:29:55 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711b02fb9bf28-FRA
cf-bgj
imgq:100
header_bg.jpg
www.securityweek.com/sites/all/themes/securityweek/images/
368 B
487 B
Image
General
Full URL
https://www.securityweek.com/sites/all/themes/securityweek/images/header_bg.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
38fddc9062d968d14ab085099d5de0f3ef3900d8db2ba7d0f0f67cfd3dc64732

Request headers

Referer
https://www.securityweek.com/sites/default/files/css/css_369bd85c76d1f72cf02b33a0da9777b8.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:07 GMT
cf-cache-status
HIT
age
251292
cf-polished
origSize=387
status
200
content-length
368
last-modified
Mon, 22 Mar 2010 15:27:31 GMT
server
cloudflare
etag
"3c0020-183-4826555e19ec0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Tue, 24 Mar 2020 18:29:55 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711afbeffbf28-FRA
cf-bgj
imgq:100
nav_bg.jpg
www.securityweek.com/sites/all/themes/securityweek/images/
481 B
612 B
Image
General
Full URL
https://www.securityweek.com/sites/all/themes/securityweek/images/nav_bg.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fbef11bff1d217c890ec20d5759379b8879cc1b44943b7200a41aeab7293743b

Request headers

Referer
https://www.securityweek.com/sites/default/files/css/css_369bd85c76d1f72cf02b33a0da9777b8.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:07 GMT
cf-cache-status
HIT
age
628488
cf-polished
origSize=500
status
200
content-length
481
last-modified
Mon, 22 Mar 2010 15:28:13 GMT
server
cloudflare
etag
"3c001b-1f4-4826558627d40"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Fri, 20 Mar 2020 09:43:19 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711afbf12bf28-FRA
cf-bgj
imgq:100
menu-expanded.gif
www.securityweek.com/sites/all/themes/securityweek/images/icons/
183 B
291 B
Image
General
Full URL
https://www.securityweek.com/sites/all/themes/securityweek/images/icons/menu-expanded.gif
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa76185f417cf85d7029b35e3a6544d4495402e17f76a32633b5ba80a81faa26

Request headers

Referer
https://www.securityweek.com/sites/default/files/css/css_369bd85c76d1f72cf02b33a0da9777b8.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:08 GMT
cf-cache-status
HIT
age
251293
cf-polished
status=not_needed
status
200
content-length
183
last-modified
Mon, 22 Mar 2010 15:27:50 GMT
server
cloudflare
etag
"3c002a-b7-4826557038980"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
expires
Tue, 24 Mar 2020 18:29:55 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711b03fc9bf28-FRA
cf-bgj
imgq:100
line_dotted.jpg
www.securityweek.com/sites/all/themes/securityweek/images/
3 KB
3 KB
Image
General
Full URL
https://www.securityweek.com/sites/all/themes/securityweek/images/line_dotted.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
19c3d03351d11b3bf4c98af1f0094d0dfc2ed7114d08afb76840333461644e9c

Request headers

Referer
https://www.securityweek.com/sites/default/files/css/css_369bd85c76d1f72cf02b33a0da9777b8.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:07 GMT
cf-cache-status
HIT
age
628488
cf-polished
origSize=3724
status
200
content-length
3199
last-modified
Sun, 15 Jan 2012 05:43:31 GMT
server
cloudflare
etag
"3c001c-e8c-4b68a93f6a6c0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Fri, 20 Mar 2020 09:43:19 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711afbf13bf28-FRA
cf-bgj
imgq:100
bullet.jpg
www.securityweek.com/sites/all/themes/securityweek/images/
2 KB
2 KB
Image
General
Full URL
https://www.securityweek.com/sites/all/themes/securityweek/images/bullet.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
076aea1fe6f6a5870e7478733f90705f6e31085e02597ccab72cb00db3441039

Request headers

Referer
https://www.securityweek.com/sites/default/files/css/css_369bd85c76d1f72cf02b33a0da9777b8.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:07 GMT
cf-cache-status
HIT
age
251292
cf-polished
origSize=2285
status
200
content-length
1813
last-modified
Sun, 15 Jan 2012 05:30:46 GMT
server
cloudflare
etag
"3c0019-8ed-4b68a665dad80"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Tue, 24 Mar 2020 18:29:55 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711afbf10bf28-FRA
cf-bgj
imgq:100
vertical_dotted_line.jpg
www.securityweek.com/sites/all/themes/securityweek/images/
2 KB
2 KB
Image
General
Full URL
https://www.securityweek.com/sites/all/themes/securityweek/images/vertical_dotted_line.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4d9cfe1c774ac55080feb72f94896c4296d1c6f21980fed374c4a1dd26c74b85

Request headers

Referer
https://www.securityweek.com/sites/default/files/css/css_369bd85c76d1f72cf02b33a0da9777b8.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:07 GMT
cf-cache-status
HIT
age
1138191
cf-polished
origSize=2494
status
200
content-length
2012
last-modified
Sun, 15 Jan 2012 05:42:16 GMT
server
cloudflare
etag
"3c000e-9be-4b68a8f7e3e00"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Sat, 14 Mar 2020 12:08:15 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711afbf06bf28-FRA
cf-bgj
imgq:100
updates_btm_dotted.jpg
www.securityweek.com/sites/all/themes/securityweek/images/
1 KB
1 KB
Image
General
Full URL
https://www.securityweek.com/sites/all/themes/securityweek/images/updates_btm_dotted.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
45ba8a1912351edd22b0e53f408de4537d99ac7c06dd09d3ad71ba5429f5c9e9

Request headers

Referer
https://www.securityweek.com/sites/default/files/css/css_369bd85c76d1f72cf02b33a0da9777b8.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:07 GMT
cf-cache-status
HIT
age
197626
cf-polished
origSize=1610
status
200
content-length
1125
last-modified
Sun, 15 Jan 2012 05:40:50 GMT
server
cloudflare
etag
"3c000d-64a-4b68a8a5dfc80"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Wed, 25 Mar 2020 09:24:21 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711afbf0fbf28-FRA
cf-bgj
imgq:100
features_dotted.jpg
www.securityweek.com/sites/all/themes/securityweek/images/
2 KB
2 KB
Image
General
Full URL
https://www.securityweek.com/sites/all/themes/securityweek/images/features_dotted.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
402e980d8784d3715d086056ce9edc6297a656340b1f442407181c2f2fc3b95d

Request headers

Referer
https://www.securityweek.com/sites/default/files/css/css_369bd85c76d1f72cf02b33a0da9777b8.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:07 GMT
cf-cache-status
HIT
age
197626
cf-polished
origSize=2054
status
200
content-length
1536
last-modified
Sun, 15 Jan 2012 05:39:22 GMT
server
cloudflare
etag
"3c0016-806-4b68a851f3680"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Wed, 25 Mar 2020 09:24:21 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711afbf05bf28-FRA
cf-bgj
imgq:100
subscribe-btn.gif
www.securityweek.com/sites/all/themes/securityweek/images/
2 KB
2 KB
Image
General
Full URL
https://www.securityweek.com/sites/all/themes/securityweek/images/subscribe-btn.gif
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4986aea94d23482c38fb06749a6a5c5c6ab95db97aa3bcc9feaf7eda6cbf6626

Request headers

Referer
https://www.securityweek.com/sites/default/files/css/css_369bd85c76d1f72cf02b33a0da9777b8.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:07 GMT
cf-cache-status
HIT
age
251292
cf-polished
status=not_needed
status
200
content-length
2249
last-modified
Tue, 25 Jan 2011 04:28:42 GMT
server
cloudflare
etag
"3c0021-8c9-49aa426bbd280"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
expires
Tue, 24 Mar 2020 18:29:55 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711afbf14bf28-FRA
cf-bgj
imgq:100
footer_bg.jpg
www.securityweek.com/sites/all/themes/securityweek/images/
491 B
620 B
Image
General
Full URL
https://www.securityweek.com/sites/all/themes/securityweek/images/footer_bg.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
879e759654d4384f0609f8ac2b59fd13d1d90fcaeed2b6d5c4d34dbd550621c9

Request headers

Referer
https://www.securityweek.com/sites/default/files/css/css_369bd85c76d1f72cf02b33a0da9777b8.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:08 GMT
cf-cache-status
HIT
age
251293
cf-polished
origSize=510
status
200
content-length
491
last-modified
Mon, 22 Mar 2010 15:27:23 GMT
server
cloudflare
etag
"3c0015-1fe-4826555678cc0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Tue, 24 Mar 2020 18:29:55 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711b03fe3bf28-FRA
cf-bgj
imgq:100
footer_partition.jpg
www.securityweek.com/sites/all/themes/securityweek/images/
393 B
616 B
Image
General
Full URL
https://www.securityweek.com/sites/all/themes/securityweek/images/footer_partition.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6875c134ddb19f931881caf2eb4cbcd8290bf898e84c3606f33ccc897f2a851

Request headers

Referer
https://www.securityweek.com/sites/default/files/css/css_369bd85c76d1f72cf02b33a0da9777b8.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:08 GMT
cf-cache-status
HIT
age
251293
cf-polished
origSize=412
status
200
content-length
393
last-modified
Mon, 22 Mar 2010 15:27:29 GMT
server
cloudflare
etag
"3c000f-19c-4826555c31a40"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Tue, 24 Mar 2020 18:29:55 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711b03fe9bf28-FRA
cf-bgj
imgq:100
footer_h3_dotted.jpg
www.securityweek.com/sites/all/themes/securityweek/images/
1007 B
1 KB
Image
General
Full URL
https://www.securityweek.com/sites/all/themes/securityweek/images/footer_h3_dotted.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ff1ef9fd6b885be870cc572c7c79bfae34bd6d4c2368c342003ba13df0f192dd

Request headers

Referer
https://www.securityweek.com/sites/default/files/css/css_369bd85c76d1f72cf02b33a0da9777b8.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:08 GMT
cf-cache-status
HIT
age
251293
cf-polished
origSize=1026
status
200
content-length
1007
last-modified
Mon, 22 Mar 2010 15:27:27 GMT
server
cloudflare
etag
"3c001d-402-4826555a495c0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Tue, 24 Mar 2020 18:29:55 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711b05810bf28-FRA
cf-bgj
imgq:100
footer_bullet.gif
www.securityweek.com/sites/all/themes/securityweek/images/
58 B
191 B
Image
General
Full URL
https://www.securityweek.com/sites/all/themes/securityweek/images/footer_bullet.gif
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2f1298490f294128f086689a5654a8340ea9ec7c20c8e97f811590d5313edc9e

Request headers

Referer
https://www.securityweek.com/sites/default/files/css/css_369bd85c76d1f72cf02b33a0da9777b8.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:08 GMT
cf-cache-status
HIT
age
251293
cf-polished
status=not_needed
status
200
content-length
58
last-modified
Mon, 22 Mar 2010 15:27:25 GMT
server
cloudflare
etag
"3c001e-3a-4826555861140"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
expires
Tue, 24 Mar 2020 18:29:55 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711b05818bf28-FRA
cf-bgj
imgq:100
init.js
www.securityweek.com/sites/all/modules/custom_control/misc/
1 KB
643 B
Script
General
Full URL
https://www.securityweek.com/sites/all/modules/custom_control/misc/init.js?1584116287
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
05f4004f999652bf4c69b8b17fd4813363473fabcf89c056d3da5a6d8eac0555

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 13 Mar 2020 16:18:08 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 22 Mar 2018 21:18:02 GMT
server
cloudflare
etag
W/"3c0d00-44d-56806d7baf680"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=1209600
cf-ray
573711afcf30bf28-FRA
expires
Fri, 27 Mar 2020 16:18:08 GMT
js_a26da9ed6c35aedd7c74916bdbdeaaa2.js
www.securityweek.com/sites/default/files/js/
785 B
532 B
Script
General
Full URL
https://www.securityweek.com/sites/default/files/js/js_a26da9ed6c35aedd7c74916bdbdeaaa2.js
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8df0ba2d8af3e602eaba8677fe2c57228955b28868c91c2850a4c3c1ad8c7f68

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 13 Mar 2020 16:18:07 GMT
content-encoding
br
cf-cache-status
HIT
age
196158
cf-polished
origSize=1094
status
200
last-modified
Wed, 11 Mar 2020 09:48:32 GMT
server
cloudflare
etag
W/"3a0036-446-5a09123aac15e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
expires
Wed, 25 Mar 2020 09:48:49 GMT
cache-control
max-age=1209600
cf-ray
573711afcf33bf28-FRA
cf-bgj
minify
js_a6de4f946f9712052058842105385074.js
www.securityweek.com/sites/default/files/js/
76 KB
28 KB
Script
General
Full URL
https://www.securityweek.com/sites/default/files/js/js_a6de4f946f9712052058842105385074.js
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
764623c107d626773846f901ec763e70682a8715902e9735a63002c95419535a

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 13 Mar 2020 16:18:07 GMT
content-encoding
br
cf-cache-status
HIT
age
195532
cf-polished
origSize=104457
status
200
last-modified
Wed, 11 Mar 2020 09:48:40 GMT
server
cloudflare
etag
W/"3a003c-19809-5a091242279fa"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
expires
Wed, 25 Mar 2020 09:59:15 GMT
cache-control
max-age=1209600
cf-ray
573711afcf34bf28-FRA
cf-bgj
minify
truncated
/
6 KB
0
Stylesheet
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
03253e6108bcbd971960c840c954069278e642928fcfaf9bc4e002fff1d61a0d

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
text/css;charset=utf-8
gpt.js
www.googletagservices.com/tag/js/
43 KB
14 KB
Script
General
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88ce324f93b21f23805917dea33f42320c927c57fbb198c82ac0e7aee40e764d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 13 Mar 2020 16:18:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"454 / 54 of 1000 / last-modified: 1584029937"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
14482
x-xss-protection
0
expires
Fri, 13 Mar 2020 16:18:08 GMT
integrator.js
adservice.google.de/adsid/
109 B
171 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.securityweek.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 13 Mar 2020 16:18:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
109 B
171 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.securityweek.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 13 Mar 2020 16:18:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
104
x-xss-protection
0
pubads_impl_2020030501.js
securepubads.g.doubleclick.net/gpt/
165 KB
60 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f98.1e100.net
Software
sffe /
Resource Hash
8ee04e0441c9e51785d17ac835a93cf4d30d90826f87350b42ba233496a26f55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 13 Mar 2020 16:18:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 05 Mar 2020 14:08:10 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
61481
x-xss-protection
0
expires
Fri, 13 Mar 2020 16:18:08 GMT
ga.js
ssl.google-analytics.com/
45 KB
17 KB
Script
General
Full URL
https://ssl.google-analytics.com/ga.js
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 06 Feb 2020 00:21:02 GMT
server
Golfe2
age
6212
date
Fri, 13 Mar 2020 14:34:36 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
17168
expires
Fri, 13 Mar 2020 16:34:36 GMT
prev.jpg
www.securityweek.com/sites/all/modules/security_week/images/
501 B
663 B
Image
General
Full URL
https://www.securityweek.com/sites/all/modules/security_week/images/prev.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/sites/all/modules/custom_control/misc/init.js?1584116287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
28266ee7441e6fcf3dbe9d4eda064aef70678f2449c94e6f678e2a9023f36569

Request headers

Referer
https://www.securityweek.com/sites/default/files/css/css_9bd0258b3c66153281c8cf1d10b20a76.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:08 GMT
cf-cache-status
HIT
age
719883
cf-polished
origSize=520
status
200
content-length
501
last-modified
Mon, 22 Mar 2010 15:25:06 GMT
server
cloudflare
etag
"3c0ca6-208-482654d3d1880"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Thu, 19 Mar 2020 08:20:05 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711b0e8c8bf28-FRA
cf-bgj
imgq:100
next.jpg
www.securityweek.com/sites/all/modules/security_week/images/
498 B
647 B
Image
General
Full URL
https://www.securityweek.com/sites/all/modules/security_week/images/next.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/sites/all/modules/custom_control/misc/init.js?1584116287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c7d76361e02bb13188488f0d7313416bd1c853358b3c3bd3ff8779bcd1c5596

Request headers

Referer
https://www.securityweek.com/sites/default/files/css/css_9bd0258b3c66153281c8cf1d10b20a76.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:08 GMT
cf-cache-status
HIT
age
182244
cf-polished
origSize=517
status
200
content-length
498
last-modified
Mon, 22 Mar 2010 15:25:05 GMT
server
cloudflare
etag
"3c0ca5-205-482654d2dd640"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Wed, 25 Mar 2020 13:40:44 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711b0e8cabf28-FRA
cf-bgj
imgq:100
google_custom_search_watermark.gif
cse.google.com/coop/intl/en/images/
Redirect Chain
  • https://www.google.com/coop/intl/en/images/google_custom_search_watermark.gif
  • https://cse.google.com/coop/intl/en/images/google_custom_search_watermark.gif
2 KB
2 KB
Image
General
Full URL
https://cse.google.com/coop/intl/en/images/google_custom_search_watermark.gif
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
pfe /
Resource Hash
4b4b65dc5e87ed8215fb3d74834cd100069e7eb8aaf903a4665e26079fb0777d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 13 Mar 2020 16:09:19 GMT
x-content-type-options
nosniff
last-modified
Wed, 08 Feb 2012 18:07:38 GMT
server
pfe
age
529
x-frame-options
SAMEORIGIN
content-type
image/gif
status
200
cache-control
public, max-age=1800
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
2024
x-xss-protection
0
expires
Fri, 13 Mar 2020 16:39:19 GMT

Redirect headers

date
Fri, 13 Mar 2020 16:18:08 GMT
x-content-type-options
nosniff
server
sffe
location
https://cse.google.com/coop/intl/en/images/google_custom_search_watermark.gif
content-type
text/html; charset=UTF-8
status
302
cache-control
private
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
274
x-xss-protection
0
ad.html
www.securityweek.com/ Frame 2014
0
0

ad.html
www.securityweek.com/ Frame 239A
549 B
330 B
Document
General
Full URL
https://www.securityweek.com/ad.html
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
acca6e71bb4649ee79fe0978c3b74165a1be1aba8d4fd30faee69190d870bd93

Request headers

:method
GET
:authority
www.securityweek.com
:scheme
https
:path
/ad.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
__cfduid=d0b8a3c99da975756aab862e14fdfb5f01584116287; has_js=1; sessid=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=

Response headers

status
200
date
Fri, 13 Mar 2020 16:18:08 GMT
content-type
text/html
last-modified
Thu, 16 Jan 2020 21:44:05 GMT
cache-control
max-age=1209600
expires
Fri, 27 Mar 2020 16:18:08 GMT
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
573711b0f8dbbf28-FRA
content-encoding
br
__utm.gif
ssl.google-analytics.com/r/
35 B
101 B
Image
General
Full URL
https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1036150507&utmhn=www.securityweek.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1585x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Information%20Security%20News%2C%20IT%20Security%20News%20and%20Cybersecurity%20Insights%3A%20SecurityWeek&utmhid=2145776476&utmr=-&utmp=%2Frussia-linked-turla-cyberspies-add-mo%3D&utmht=1584116288170&utmac=UA-11590534-1&utmcc=__utma%3D89563204.489442433.1584116288.1584116288.1584116288.1%3B%2B__utmz%3D89563204.1584116288.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=936090016&utmredir=1&utmu=qBAAAAAAAAAAAAAAAAAAAAAE~
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Fri, 13 Mar 2020 16:18:08 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/
34 KB
6 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1580558140100425&correlator=2658941228965172&output=ldjh&impl=fifs&adsid=NT&eid=21062453%2C21065202&vrg=2020030501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200313&iu_parts=1009451%2C300x250-Lower%2C300x600-Right-Side%2C728x90-Bottom%2CSecurityWeek-Splash-640x480%2CSecurityWeek_Home_Top_728x90%2CSecurityWeek_Home_Top_Right_300x250%2CRSA-ThreatInsights-300x600%2CRSA-ThreatInsights-728x90&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7%2C%2F0%2F8&prev_iu_szs=300x250%2C300x600%2C728x90%2C640x480%2C728x90%2C300x250%2C300x600%2C728x90&cookie_enabled=1&bc=31&abxe=1&lmt=1584116285&dt=1584116288235&dlt=1584116287900&idt=323&frm=20&biw=1585&bih=1200&oid=3&adxs=-9%2C986%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9&adys=-9%2C402%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9&adks=2099535745%2C3057893268%2C1175233209%2C4168261516%2C3429238268%2C2944426297%2C4131204049%2C771541050&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8&ifi=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.securityweek.com%2Frussia-linked-turla-cyberspies-add-mo%3D&dssz=17&icsg=196271&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x-1%7C303x610%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1&msz=0x-1%7C300x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1&ga_vid=1970977104.1584116288&ga_sid=1584116288&ga_hid=2145776476&fws=2%2C4%2C2%2C2%2C2%2C2%2C2%2C2&ohw=0%2C998%2C0%2C0%2C0%2C0%2C0%2C0
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f98.1e100.net
Software
cafe /
Resource Hash
e4c8b4e5e3dffb32f0e62f7f480b0645067ee0602fb3511ea018bdb3b17170e9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Origin
https://www.securityweek.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 13 Mar 2020 16:18:08 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2,-2,-2,-2,-2,-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
6135
x-xss-protection
0
google-lineitem-id
-2,4506530349,-2,5252096110,-2,-2,-2,-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2,138294454129,-2,138298383466,-2,-2,-2,-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.securityweek.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl_rendering_2020030501.js
securepubads.g.doubleclick.net/gpt/
69 KB
25 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020030501.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f98.1e100.net
Software
sffe /
Resource Hash
ffdc18ac8f47bcd50dd9c33532c334e7073717a62b367d95b9cb1561048547dc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 13 Mar 2020 16:18:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 05 Mar 2020 14:08:10 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
25689
x-xss-protection
0
expires
Fri, 13 Mar 2020 16:18:08 GMT
container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/
0
0
Other
General
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers

Singapore_ICS2019-640x480.jpg
www.securityweek.com/sites/default/files/product_images/ Frame 239A
98 KB
98 KB
Image
General
Full URL
https://www.securityweek.com/sites/default/files/product_images/Singapore_ICS2019-640x480.jpg
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/ad.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:eb64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36f05138057fea3f023233aacce7b00e8d5bbda54c0dde95b24365c6c3a347a9

Request headers

Referer
https://www.securityweek.com/ad.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:08 GMT
cf-cache-status
HIT
age
680582
cf-polished
origSize=113677
status
200
content-length
100271
last-modified
Thu, 05 Mar 2020 18:59:56 GMT
server
cloudflare
etag
"c60586-1bc0d-5a0202491273f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
expires
Thu, 19 Mar 2020 19:15:06 GMT
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
573711b1f9eabf28-FRA
cf-bgj
imgq:100
amp4ads-v0.js
cdn.ampproject.org/rtv/012002251816300/ Frame 1C93
200 KB
55 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012002251816300/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020030501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9a7e49fb41c1175f9d4e394b6fe993af1b657150e53115b86b7e410a4aad4985
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Origin
https://www.securityweek.com
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
32298
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
55732
x-xss-protection
0
server
sffe
date
Fri, 13 Mar 2020 07:19:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"854d89fb2a05ebd2"
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 13 Mar 2021 07:19:50 GMT
amp4ads-v0.js
cdn.ampproject.org/rtv/012002251816300/ Frame 1C93
200 KB
55 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012002251816300/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020030501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9a7e49fb41c1175f9d4e394b6fe993af1b657150e53115b86b7e410a4aad4985
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
32298
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
55732
x-xss-protection
0
server
sffe
date
Fri, 13 Mar 2020 07:19:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"854d89fb2a05ebd2"
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 13 Mar 2021 07:19:50 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/012002251816300/v0/ Frame 1C93
92 KB
28 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012002251816300/v0/amp-analytics-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020030501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
dffd83700dd74d4524da45259085e0a134e06e87b4fe5b7fdf77134269da81ae
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
79114
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
28280
x-xss-protection
0
server
sffe
date
Thu, 12 Mar 2020 18:19:34 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"cc22e164f6b16c78"
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 12 Mar 2021 18:19:34 GMT
truncated
/ Frame 1C93
213 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7cb5aec836a1a5b56b08342ad638cebfb3f5f21cc53e35e7768f66b48e1888b8

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
amp4ads-host-v0.js
cdn.ampproject.org/rtv/012002251816300/
20 KB
7 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012002251816300/amp4ads-host-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8cebbfa1487e3dc67737bb93e04d96fef483b4b69cd67707d0cb4817e09a4335
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
5213
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
7148
x-xss-protection
0
server
sffe
date
Fri, 13 Mar 2020 14:51:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"14121842040f9b16"
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 13 Mar 2021 14:51:15 GMT
583611298652824418
tpc.googlesyndication.com/simgad/ Frame 1C93
120 KB
120 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/583611298652824418
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
926a77e60142abab3b3b9d065c2256f3a3342fe7d2e7a871bf95054da9bcb052
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 30 Jan 2020 14:29:38 GMT
x-content-type-options
nosniff
age
3721710
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
122500
x-xss-protection
0
last-modified
Thu, 14 Nov 2019 01:46:46 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 29 Jan 2021 14:29:38 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 1C93
0
293 B
Image
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsukllW16kBn2KPYzMa0MK8Di0G3XzfUhkUXUoxC7RMcx9aHrCzq-GlqWH1nid61LPdjYvAbm8w0EmR9tPvj01MFl_H9LxijAM1e4uKXRa50eRkG4TGv_NZTisZyTVu7mGe7OYz5Rk2WsD5cthLlBYYtJZW2VzGn06hm0Xp5ng6iNMQ7-PeUUratdcKLoXTgoQil1AkDYlaeJ8L3BxlsQAlVrRRxQa2f0zN0kp7ad16cBn8uFNlG-o6O3ddGvZSY5MhqZU1SROXE1uKiPtslVCo&sai=AMfl-YTovGKKTEOD-bjm_TeL4ZfuXahRW4zuEu3ZBKHAetoxrKKcp6AUbL6qm8AdbtSVAZB0QzEnnvhsq-_sna6NqNCGKs5dACfleD4xE_Txpw&sig=Cg0ArKJSzAYKhutEVV89EAE&adurl=
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f98.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 13 Mar 2020 16:18:08 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
private
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 13 Mar 2020 16:18:08 GMT
sodar
pagead2.googlesyndication.com/getconfig/
7 KB
5 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020030501&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020030501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
584a55bb75196fd27e8b1b284766f2c063dc2b6530a4d74cc4a4e80581a4fc55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Origin
https://www.securityweek.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 13 Mar 2020 16:18:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
5311
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/
14 KB
5 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020030501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 13 Mar 2020 16:18:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1582746470043195"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
5456
x-xss-protection
0
expires
Fri, 13 Mar 2020 16:18:08 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/209/ Frame 4422
0
0
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/209/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
5727
date
Fri, 13 Mar 2020 15:24:54 GMT
expires
Sat, 13 Mar 2021 15:24:54 GMT
last-modified
Tue, 25 Feb 2020 17:32:01 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
3194
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
583611298652824418
tpc.googlesyndication.com/simgad/ Frame 1C93
120 KB
120 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/583611298652824418
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012002251816300/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
926a77e60142abab3b3b9d065c2256f3a3342fe7d2e7a871bf95054da9bcb052
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 30 Jan 2020 14:29:38 GMT
x-content-type-options
nosniff
age
3721710
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
122500
x-xss-protection
0
last-modified
Thu, 14 Nov 2019 01:46:46 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 29 Jan 2021 14:29:38 GMT
gen_204
pagead2.googlesyndication.com/pagead/
0
58 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=209&t=2&li=gpt_2020030501&jk=1580558140100425&bg=!39yl3MRYb6sAA_rzfeoCAAAATVIAAAAJmQFgTEb0mbZk2AkTJEUI0jt5fz33-HRq8SmoAzKYZEiqF5FpZxWHfJIPF3bhTCAUenZAvtiicKusy8ZHSUYtNNrMmNcxvQxEPsBP919FPSL4EN9J0bGhwvClLn0OUEkIG1GAoejUslA05ge8LKd7B7j9NHIUGozQQtMLMlzwyqD68xIP_68qzTL0phsNvhtmkLZJGp_3gGF11R28lkWkJWiOtUDrr-5_2xZfeDsyoD7zpAwG78VDSjp0956-Iu-5uXa-t8_PP-AL6OQ86kiGujF0zMPoPbUjDJKPIu5hn7T8g7W2g-jcDnNYcNUcY7-GaFxih1Gy_UUZr_9RysZmCvdj0fa3H4apdsz8umEOL7eOqvNuK97ZGsJ2nhAJYRNMvCpMiX8spHshhtGKcSMCrwdDenw43Q37OlOIwis9Y7NU6t87Nypd4Ey4xWJdyX7aCxVlAjepX8IdsOp5cZhm_1Odlg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Fri, 13 Mar 2020 16:18:08 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
BrightInfoVersion.aspx
app.brightinfo.com/
504 B
940 B
Script
General
Full URL
https://app.brightinfo.com/BrightInfoVersion.aspx
Requested by
Host: www.securityweek.com
URL: https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
168.62.202.120 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/8.0 / ASP.NET
Resource Hash
5e6d307ca40f5f35a5f4b80a9cdae5a5a84167d45b390a205f242c2744c028f4

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Pragma
no-cache
Date
Fri, 13 Mar 2020 16:18:08 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/8.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
Accept-Encoding
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
no-cache, no-store
Content-Type
text/javascript; charset=utf-8
Content-Length
501
Expires
-1
bi.js
app.brightinfo.com/Scripts/
260 KB
75 KB
Script
General
Full URL
https://app.brightinfo.com/Scripts/bi.js?bi_ver=132284245055967982
Requested by
Host: app.brightinfo.com
URL: https://app.brightinfo.com/BrightInfoVersion.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
168.62.202.120 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/8.0 / ASP.NET
Resource Hash
6560672b8835d515bcf43c3ccdec01f8e2b2771d90a985a7e0da9fd1baf0d48c

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Fri, 13 Mar 2020 16:18:08 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/8.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Content-Type
text/javascript; charset=utf-8
Cache-Control
private
Content-Length
76327
Expires
Sat, 13 Mar 2021 16:18:09 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 1C93
42 B
110 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu38qtmWMQuZJ2hnQwRvPyTbG445RAljDK_TYgUExru8j2A3O9DTbQVVRq61n1QiZsyFVC7qoH6_-610F1LNMClZcsajqbDTVRa4C6bz70&sig=Cg0ArKJSzG_bSfIRRUP2EAE&id=ampim&o=986,402&d=300,600&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=97&tls=1097&g=100&h=100&tt=1097&r=v&adk=3057893268&avms=ampa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Fri, 13 Mar 2020 16:18:09 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
analytics.js
www.google-analytics.com/
44 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: app.brightinfo.com
URL: https://app.brightinfo.com/Scripts/bi.js?bi_ver=132284245055967982
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 06 Feb 2020 00:21:02 GMT
server
Golfe2
age
6279
date
Fri, 13 Mar 2020 14:33:31 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
18174
expires
Fri, 13 Mar 2020 16:33:31 GMT
bia.aspx
bia.brightinfo.com/
19 B
409 B
Script
General
Full URL
https://bia.brightinfo.com/bia.aspx?callback=jQuery20308839118207568324_1584116289962&type=biLoad&version=2&jsonString=%7B%22url%22%3A%22https%3A%2F%2Fwww.securityweek.com%2Frussia-linked-turla-cyberspies-add-mo%3D%22%2C%22cts%22%3A1584116290054%2C%22cid%22%3A%22wiredbusinessmedia-14532-1%22%2C%22pu%22%3A%22https%3A%2F%2Fwww.securityweek.com%2Frussia-linked-turla-cyberspies-add-mo%3D%22%2C%22ru%22%3A%22%22%2C%22type%22%3A%22biLoad%22%2C%22sid%22%3A%22t4jz8hmFMb6OCLgUqIpQ%22%2C%22mobile%22%3A0%2C%22browser%22%3A%22chrome%22%2C%22accountId%22%3A%2214532%22%2C%22version%22%3A2%7D&_=1584116289963
Requested by
Host: app.brightinfo.com
URL: https://app.brightinfo.com/Scripts/bi.js?bi_ver=132284245055967982
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
137.135.51.188 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
0e688d02687c4c64094dd0a75f5189ea12b955acf8c91f7bd5ac4948f1429cb9

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Fri, 13 Mar 2020 16:18:09 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Cache-Control
private
Content-Length
136
bi-animate.min.css
app.brightinfo.com/ui/
47 KB
5 KB
Stylesheet
General
Full URL
https://app.brightinfo.com/ui/bi-animate.min.css?bi_ver=132284245055967982&id=wiredbusinessmedia-14532-1&sid=t4jz8hmFMb6OCLgUqIpQ
Requested by
Host: app.brightinfo.com
URL: https://app.brightinfo.com/Scripts/bi.js?bi_ver=132284245055967982
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
168.62.202.120 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/8.0 / ASP.NET
Resource Hash
46cad46571cab06c5901e4e867aba4f0783dc88d3db626cfb73d58f00d130a16

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Date
Fri, 13 Mar 2020 16:18:09 GMT
Content-Encoding
gzip
ETag
"808d6a6ed1f7d51:0"
Last-Modified
Wed, 11 Mar 2020 18:18:15 GMT
Server
Microsoft-IIS/8.0
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
4661
bi.min.css
app.brightinfo.com/ui/
47 KB
7 KB
Stylesheet
General
Full URL
https://app.brightinfo.com/ui/bi.min.css?bi_ver=132284245055967982&id=wiredbusinessmedia-14532-1&sid=t4jz8hmFMb6OCLgUqIpQ
Requested by
Host: app.brightinfo.com
URL: https://app.brightinfo.com/Scripts/bi.js?bi_ver=132284245055967982
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
168.62.202.120 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/8.0 / ASP.NET
Resource Hash
810956c722149065eabd5b5c4f62f98cb74cda6fb5e3695ab97958e53d6791ca

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Date
Fri, 13 Mar 2020 16:18:09 GMT
Content-Encoding
gzip
ETag
"02436fd1f7d51:0"
Last-Modified
Wed, 11 Mar 2020 18:18:16 GMT
Server
Microsoft-IIS/8.0
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
7239
bi-custom.css
app.brightinfo.com/ui/custom/wiredbusinessmedia-14532-1/
548 KB
91 KB
Stylesheet
General
Full URL
https://app.brightinfo.com/ui/custom/wiredbusinessmedia-14532-1/bi-custom.css?bi_ver=132284245055967982&id=wiredbusinessmedia-14532-1&sid=t4jz8hmFMb6OCLgUqIpQ
Requested by
Host: app.brightinfo.com
URL: https://app.brightinfo.com/Scripts/bi.js?bi_ver=132284245055967982
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
168.62.202.120 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/8.0 / ASP.NET
Resource Hash
5690a1bcc83d00312ef6260da791205a71d80bed7b35ca9701c7b29cfd62b3fe

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Date
Fri, 13 Mar 2020 16:18:09 GMT
Content-Encoding
gzip
Last-Modified
Wed, 11 Mar 2020 19:01:40 GMT
Server
Microsoft-IIS/8.0
X-Powered-By
ASP.NET
ETag
"882f357fd7f7d51:0"
Vary
Accept-Encoding
Content-Type
text/css
Transfer-Encoding
chunked
Accept-Ranges
bytes
bi.aspx
app.brightinfo.com/
0
0
Script
General
Full URL
https://app.brightinfo.com/bi.aspx?method=load&callback=jQuery20308839118207568324_1584116289964&id=wiredbusinessmedia-14532-1&sid=t4jz8hmFMb6OCLgUqIpQ&u=https%3A%2F%2Fwww.securityweek.com%2Frussia-linked-turla-cyberspies-add-mo%3D&r=&testModeKey=&biSettings=&fip=&fvs=&fcs=&fec=&fic=&force=&forceHide=false&sw=1600&sh=1200&w=1585&h=1200&utma=89563204.t4jz8hmFMb6OCLgUqIpQ.1584116288.1584116288.1584116288.1&ga=&logId=&iframe=false&startTime=637197130892607600&_=1584116289965
Requested by
Host: app.brightinfo.com
URL: https://app.brightinfo.com/Scripts/bi.js?bi_ver=132284245055967982
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
168.62.202.120 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.securityweek.com
URL
https://www.securityweek.com/ad.html

Verdicts & Comments Add Verdict or Comment

69 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| Eager object| CloudflareApps object| __cfQR object| Drupal object| jaaulde function| tb_show function| tb_showIframe function| tb_remove function| tb_position function| tb_parseQuery function| tb_getPageSize function| tb_setBrowserExtra function| tb_focusFirstFormElement function| quicktabsClick object| Blueprint function| $ function| jQuery object| googletag string| biJsUrl object| _biq object| ggeac object| closure_memoize_cache_ object| googleToken object| googleIMState object| google_js_reporting_queue function| processGoogleToken object| _gaq boolean| __cfRLUnblockHandlers number| xWidth object| _gat object| gaGlobal undefined| google_measure_js_timing number| google_srt number| __google_ad_urls_id number| google_unique_id function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter object| __google_ad_urls object| ampInaboxIframes object| ampInaboxPendingMessages object| __AMP_LOG object| __AMP_ERRORS boolean| ampInaboxInitialized object| __AMP_MODE function| __AMP_REPORT_ERROR object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager object| AMP object| GoogleGcLKhOms object| google_image_requests string| bi_ver string| biSiteUrl string| biUtmaPrefix number| biStartTime function| jQueryBI object| _BI object| jQBrowser boolean| biLoaded string| biUrl string| GoogleAnalyticsObject function| _gabi object| SessionOptionsBI undefined| jQuery20308839118207568324_1584116289962 undefined| jQuery20308839118207568324_1584116289964 object| google_tag_data object| gaplugins number| p

1 Cookies

Domain/Path Name / Value
.securityweek.com/ Name: __cfduid
Value: d0b8a3c99da975756aab862e14fdfb5f01584116287

1 Console Messages

Source Level URL
Text
console-api info URL: https://cdn.ampproject.org/rtv/012002251816300/amp4ads-v0.js(Line 407)
Message:
Powered by AMP ⚡ HTML – Version 2002251816300 https://www.securityweek.com/russia-linked-turla-cyberspies-add-mo=

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
ajax.cloudflare.com
app.brightinfo.com
bia.brightinfo.com
cdn.ampproject.org
cse.google.com
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
ssl.google-analytics.com
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.googletagservices.com
www.securityweek.com
www.securityweek.com
137.135.51.188
168.62.202.120
172.217.18.98
2606:4700:20::6819:eb64
2606:4700::6811:4004
2a00:1450:4001:808::2004
2a00:1450:4001:809::2002
2a00:1450:4001:815::200e
2a00:1450:4001:81a::2001
2a00:1450:4001:81b::2001
2a00:1450:4001:81c::200e
2a00:1450:4001:81f::2008
2a00:1450:4001:824::2002
03253e6108bcbd971960c840c954069278e642928fcfaf9bc4e002fff1d61a0d
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
05f4004f999652bf4c69b8b17fd4813363473fabcf89c056d3da5a6d8eac0555
076aea1fe6f6a5870e7478733f90705f6e31085e02597ccab72cb00db3441039
0deae7d488b0316e0149f1dc2caec46821b2272127b61b4ffadf6f99a303ea16
0e688d02687c4c64094dd0a75f5189ea12b955acf8c91f7bd5ac4948f1429cb9
0eb8c78b4dfa8b3591631c3dc0bc82b82fac561d7f42e735c06bccd28261bfa9
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
1340cf0a8debd23b29f9278c7ab0e7f2eae08459e7780394fccedfcac23fe61c
19c3d03351d11b3bf4c98af1f0094d0dfc2ed7114d08afb76840333461644e9c
200abde0c426b23abe8a9c501ab4e8e72c048cc0653203817cc9ff96cc6e394d
28266ee7441e6fcf3dbe9d4eda064aef70678f2449c94e6f678e2a9023f36569
2f1298490f294128f086689a5654a8340ea9ec7c20c8e97f811590d5313edc9e
30e9897a0837fa67be09757ef19f4f425c23fdfb3486d90a91b53d8062f1e9af
34425b026d211516f29ab5e8dae5e59f713322b110cf5f2a7cf81a3d16e73c4c
363cb466cb44913b8c880111c017a4bbdd2ab9f83db0fbc9082fffd2752a9998
36f05138057fea3f023233aacce7b00e8d5bbda54c0dde95b24365c6c3a347a9
38fddc9062d968d14ab085099d5de0f3ef3900d8db2ba7d0f0f67cfd3dc64732
39b67a626bf990ef239c8f32322b0fea0df01ec6d13257ff06f4a7fbd7215ccf
402e980d8784d3715d086056ce9edc6297a656340b1f442407181c2f2fc3b95d
45ba8a1912351edd22b0e53f408de4537d99ac7c06dd09d3ad71ba5429f5c9e9
46cad46571cab06c5901e4e867aba4f0783dc88d3db626cfb73d58f00d130a16
4986aea94d23482c38fb06749a6a5c5c6ab95db97aa3bcc9feaf7eda6cbf6626
4b0c3eb6694cd51631ba8d55df6423d527d0a07edd4c962af4da85bd7f4689de
4b4b65dc5e87ed8215fb3d74834cd100069e7eb8aaf903a4665e26079fb0777d
4d9cfe1c774ac55080feb72f94896c4296d1c6f21980fed374c4a1dd26c74b85
54d6b160853e82e8543a0ba21ecfb80acc0313dd7cbfafe5fd636cf0186b0728
5690a1bcc83d00312ef6260da791205a71d80bed7b35ca9701c7b29cfd62b3fe
584a55bb75196fd27e8b1b284766f2c063dc2b6530a4d74cc4a4e80581a4fc55
5e6d307ca40f5f35a5f4b80a9cdae5a5a84167d45b390a205f242c2744c028f4
6560672b8835d515bcf43c3ccdec01f8e2b2771d90a985a7e0da9fd1baf0d48c
764623c107d626773846f901ec763e70682a8715902e9735a63002c95419535a
7c7d76361e02bb13188488f0d7313416bd1c853358b3c3bd3ff8779bcd1c5596
7cb5aec836a1a5b56b08342ad638cebfb3f5f21cc53e35e7768f66b48e1888b8
810956c722149065eabd5b5c4f62f98cb74cda6fb5e3695ab97958e53d6791ca
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
879e759654d4384f0609f8ac2b59fd13d1d90fcaeed2b6d5c4d34dbd550621c9
88ce324f93b21f23805917dea33f42320c927c57fbb198c82ac0e7aee40e764d
8c9b185e1e937971dfedaafecf01bc14813a2ece31cc9af4a2097f9b3ecb061d
8cebbfa1487e3dc67737bb93e04d96fef483b4b69cd67707d0cb4817e09a4335
8df0ba2d8af3e602eaba8677fe2c57228955b28868c91c2850a4c3c1ad8c7f68
8ee04e0441c9e51785d17ac835a93cf4d30d90826f87350b42ba233496a26f55
913e0bff2ebdfd8aa46e82e8282910638f68fdb9f56f447f1f6b259f3fe5e539
926a77e60142abab3b3b9d065c2256f3a3342fe7d2e7a871bf95054da9bcb052
99f599f5ce506f5157d56040e57c4379648c7ec0c1ae8e339c74854d12fd51be
9a7e49fb41c1175f9d4e394b6fe993af1b657150e53115b86b7e410a4aad4985
a0052405943de6e39694e6f192e6e96ae8f7f3fdfcedef5c2f1a14477daf9ca2
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
aa76185f417cf85d7029b35e3a6544d4495402e17f76a32633b5ba80a81faa26
aad13bf04035f24eb4ffbbddd432dfb8dd0cdeac853943a26b9cd451ed517edc
acca6e71bb4649ee79fe0978c3b74165a1be1aba8d4fd30faee69190d870bd93
b08cdbc2d30e656a86b20f8342428d5863f70f4b30135b4f4061f754ce932f5e
c319f99ad19664bda995f3f297416339a5c305fa2957dfc62a22d2c9648e9afd
c40ea0dc8ff00c3bcaf41a69e2379d52159db3fb897ba2fba3e0666c3ea59991
cb09516641dd47b19c911886d1ed31574e80e0dfc19a203dc94815eff26b5642
d926bccc524c5a7442d74568f3b6b83f2702ea67d398bfee3aff3d5609a7d83b
dffd83700dd74d4524da45259085e0a134e06e87b4fe5b7fdf77134269da81ae
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b96d20db8ba112f14140d3246ba4a36568a1e16266c41f0fb42a1f608a2671
e4c8b4e5e3dffb32f0e62f7f480b0645067ee0602fb3511ea018bdb3b17170e9
e6875c134ddb19f931881caf2eb4cbcd8290bf898e84c3606f33ccc897f2a851
e7927029fd02b20d594d217f4d40af9475d2907f43bed1cfbfec627a76e2fa3c
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
eece8223d6850167a40f7efd6d1b1ad9863ec49486cdd7008d7303c0e64b64da
eef018f536aeb37c509fa61b47956b8d9975c470aad7244df901483c5bf7a882
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f48a93ab79e97cebdb0a614f94a9a9ef592729dd86b58db65c84c50776a9ed26
f8dd5483dc29044f06c3a45f8fd05d0f122a2b4315292df6da919775189351c9
fbef11bff1d217c890ec20d5759379b8879cc1b44943b7200a41aeab7293743b
fdc01fcedd8e63f69a88d693b068cb3429185ec1e3978fc7aa11467517a57c76
ff1ef9fd6b885be870cc572c7c79bfae34bd6d4c2368c342003ba13df0f192dd
ffdc18ac8f47bcd50dd9c33532c334e7073717a62b367d95b9cb1561048547dc