www.intezer.com Open in urlscan Pro
199.16.172.82 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Effective URL:
https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Submission Tags: falconsandbox
Submission: On June 07 via api (June 7th 2021, 3:33:05 am UTC) from US

Summary HTTP 323 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 33 IPs in 4 countries across 26 domains to perform 323 HTTP transactions. The main IP is 199.16.172.82, located in United States and belongs to AUTOMATTIC, US. The main domain is www.intezer.com.
TLS certificate: Issued by R3 on April 16th 2021. Valid for: 3 months.

This is the only time www.intezer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 11	199.16.172.82 199.16.172.82	2635 (AUTOMATTIC) (AUTOMATTIC)
3	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
44	2606:4700:e2:... 2606:4700:e2::ac40:8822	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
5	192.0.77.37 192.0.77.37	2635 (AUTOMATTIC) (AUTOMATTIC)
65	192.0.77.39 192.0.77.39	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a03:2880:f04... 2a03:2880:f045:10:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2606:4700::68... 2606:4700::6811:d2cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
2	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY)
1	2a02:26f0:6c0... 2a02:26f0:6c00:2b0::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	52.85.170.51 52.85.170.51	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:10:... 2606:4700:10::ac43:2794	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
2	3.220.127.53 3.220.127.53	14618 (AMAZON-AES) (AMAZON-AES)
2	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
2 2	2620:119:50e4... 2620:119:50e4:101::6cae:b55	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.174.10.14 108.174.10.14	14413 (LINKEDIN) (LINKEDIN)
1	2606:4700::68... 2606:4700::6811:eccc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:44b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:14bf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:400c:c04::9c	15169 (GOOGLE) (GOOGLE)
2	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
1	52.85.170.122 52.85.170.122	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
1	52.85.170.33 52.85.170.33	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
1	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
323	33

11 199.16.172.82 (United States) 1 redirects

ASN2635 (AUTOMATTIC, US)

intezer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.intezer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

44 2606:4700:e2::ac40:8822 (United States)

ASN13335 (CLOUDFLARENET, US)

gate.rapidsec.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 192.0.77.37 (United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

c0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

65 192.0.77.39 (United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

149520725.v2.pressablecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f045:10:face:b00c:0:3 (Amsterdam, Netherlands)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:d2cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:2b0::25ea (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.170.51 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-170-51.bud50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::ac43:2794 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.220.127.53 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-220-127-53.compute-1.amazonaws.com

secure.gaug.es	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:119:50e4:101::6cae:b55 (United States) 2 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:eccc (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:44b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:14bf (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c04::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.170.122 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-170-122.bud50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.170.33 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-170-33.bud50.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
65	pressablecdn.com 149520725.v2.pressablecdn.com	764 KB
44	rapidsec.net gate.rapidsec.net
11	intezer.com 1 redirects intezer.com www.intezer.com	60 KB
8	google.com www.google.com	35 KB
7	gstatic.com fonts.gstatic.com www.gstatic.com	340 KB
7	wp.com c0.wp.com stats.wp.com pixel.wp.com	64 KB
4	google.de www.google.de	342 B
4	linkedin.com 3 redirects px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com	3 KB
4	doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net	3 KB
4	google-analytics.com www.google-analytics.com	55 KB
3	hubspot.com api.hubspot.com track.hubspot.com	2 KB
3	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	62 KB
3	googleapis.com fonts.googleapis.com	4 KB
2	twitter.com analytics.twitter.com	893 B
2	t.co t.co	573 B
2	gaug.es secure.gaug.es	4 KB
2	addtoany.com static.addtoany.com	60 KB
2	googleadservices.com www.googleadservices.com	30 KB
2	hs-scripts.com js.hs-scripts.com	2 KB
2	facebook.net connect.facebook.net	97 KB
1	hs-banner.com js.hs-banner.com	15 KB
1	hs-analytics.net js.hs-analytics.net	19 KB
1	usemessages.com js.usemessages.com	20 KB
1	licdn.com snap.licdn.com	2 KB
1	ads-twitter.com static.ads-twitter.com	2 KB
1	googletagmanager.com www.googletagmanager.com	54 KB
323	26

	Domain	Requested by
65	149520725.v2.pressablecdn.com	www.intezer.com 149520725.v2.pressablecdn.com
44	gate.rapidsec.net	www.intezer.com 149520725.v2.pressablecdn.com www.google-analytics.com static.addtoany.com static.hotjar.com js.usemessages.com js.hs-banner.com
10	www.intezer.com	www.intezer.com 149520725.v2.pressablecdn.com
8	www.google.com	www.intezer.com www.gstatic.com www.google.com
5	c0.wp.com	www.intezer.com
4	www.google.de	www.intezer.com
4	www.gstatic.com	www.google.com www.gstatic.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.intezer.com
3	fonts.gstatic.com	fonts.googleapis.com www.google.com
3	fonts.googleapis.com	www.intezer.com
2	analytics.twitter.com	static.ads-twitter.com
2	api.hubspot.com	js.usemessages.com
2	t.co	www.intezer.com
2	stats.g.doubleclick.net	www.google-analytics.com
2	px.ads.linkedin.com	2 redirects
2	googleads.g.doubleclick.net	www.googleadservices.com
2	secure.gaug.es	www.intezer.com
2	static.addtoany.com	www.intezer.com static.addtoany.com
2	www.googleadservices.com	www.intezer.com www.googletagmanager.com
2	js.hs-scripts.com	www.intezer.com
2	connect.facebook.net	www.intezer.com connect.facebook.net
1	track.hubspot.com
1	vars.hotjar.com	static.hotjar.com
1	script.hotjar.com	static.hotjar.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.usemessages.com	js.hs-scripts.com
1	px4.ads.linkedin.com	www.intezer.com
1	www.linkedin.com	1 redirects
1	pixel.wp.com	www.intezer.com
1	static.hotjar.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	stats.wp.com	www.intezer.com
1	www.googletagmanager.com	www.intezer.com
1	intezer.com	1 redirects
323	36

This site contains links to these domains. Also see Links.

Domain
protect.intezer.com
support.intezer.com
twitter.com
github.com
unit42.paloaltonetworks.com
analyze.intezer.com
il.linkedin.com
www.youtube.com
www.facebook.com
www.linkedin.com
www.addtoany.com

Subject Issuer	Validity	Valid
tls.automattic.com R3	`2021-04-16` - `2021-07-15`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-10` - `2021-08-02`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-29` - `2021-07-29`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.v2.pressablecdn.com Sectigo RSA Domain Validation Secure Server CA	`2019-08-08` - `2021-08-07`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-05-26` - `2021-08-24`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2020-08-14` - `2021-08-19`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-04-30` - `2022-05-11`	a year	crt.sh
*.hotjar.com Amazon	`2020-12-25` - `2022-01-23`	a year	crt.sh
*.google.com GTS CA 1O1	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.gaug.es RapidSSL RSA CA 2018	`2020-07-13` - `2021-07-13`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2021-04-15` - `2021-10-15`	6 months	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
www.google.de GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2021-06-02` - `2022-06-01`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Frame ID: 1474430B32A70FCE18ED8BD5876D244D
Requests: 315 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LewXc8UAAAAADEYz8dYpHTk55uH2MjKqbyc1sXD&co=aHR0cHM6Ly93d3cuaW50ZXplci5jb206NDQz&hl=en&v=CdDdhZfPbLLrfYLBdThNS0-Y&size=invisible&cb=7vwyrt3to004
Frame ID: 1D79EBE329D857BE6C9B0B16D6E845A2
Requests: 8 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Frame ID: 7D54986EE2900D05853909501FCEE170
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/ HTTP 301
https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

AddToAny (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /addtoany\.com\/menu\/page\.js/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

html //i

Page Statistics

323
Requests

57 %
HTTPS

62 %
IPv6

26
Domains

36
Subdomains

33
IPs

4
Countries

1695 kB
Transfer

4917 kB
Size

19
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://protect.intezer.com/signup
Title: Try it Free

Search URL Search Domain Scan URL

URL: https://support.intezer.com/hc/en-us
Title: Docs

Search URL Search Domain Scan URL

URL: https://twitter.com/malwaremustd1e/status/1256977666084761602
Title: MalwareMustDie

Search URL Search Domain Scan URL

URL: https://github.com/sibears/IDAGolangHelper
Title: IDAGolangHelper

Search URL Search Domain Scan URL

URL: https://unit42.paloaltonetworks.com/the-gopher-in-the-room-analysis-of-golang-malware-in-the-wild/
Title: such as Palo Alto

Search URL Search Domain Scan URL

URL: https://analyze.intezer.com/files/9f090a241eec74a69e06a5ffed876c7a37a2ff31e171924673b6bb5f1552814c
Title: indexed in Intezer Analyze

Search URL Search Domain Scan URL

URL: https://analyze.intezer.com/#/files/9f090a241eec74a69e06a5ffed876c7a37a2ff31e171924673b6bb5f1552814c
Title: <img loading="lazy" class="alignnone wp-image-8798 size-large" src="https://149520725.v2.pressablecdn.com//wp-content/uploads/2020/05/Screen-Shot-2020-05-04-at-11.43.51-AM-1024x517.png" alt="" width="1024" height="517" srcset="https://149520725.v2.pressablecdn.com/wp-content/uploads/2020/05/Screen-Shot-2020-05-04-at-11.43.51-AM-1024x517.png 1024w , https://149520725.v2.pressablecdn.com/wp-content/uploads/2020/05/Screen-Shot-2020-05-04-at-11.43.51-AM-300x151.png 300w , https://149520725.v2.pressablecdn.com/wp-content/uploads/2020/05/Screen-Shot-2020-05-04-at-11.43.51-AM-768x388.png 768w , https://149520725.v2.pressablecdn.com/wp-content/uploads/2020/05/Screen-Shot-2020-05-04-at-11.43.51-AM.png 1244w " sizes="(max-width: 1024px) 100vw, 1024px" />

Search URL Search Domain Scan URL

URL: https://twitter.com/polarply

Search URL Search Domain Scan URL

URL: https://il.linkedin.com/in/paul-litvak-7b35a7133

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCt5L5ztHh-C1NCKa6bKjXFQ?view_as=subscriber

Search URL Search Domain Scan URL

URL: https://www.facebook.com/IntezerLabs/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/intezer-labs

Search URL Search Domain Scan URL

URL: https://twitter.com/intezerlabs

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAny

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/ HTTP 301
https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 250

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1327356&time=1623036764662&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fkaiji-new-chinese-linux-malware-turning-to-golang%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1327356%26time%3D1623036764662%26url%3Dhttps%253A%252F%252Fwww.intezer.com%252Fblog%252Fresearch%252Fkaiji-new-chinese-linux-malware-turning-to-golang%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1327356&time=1623036764662&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fkaiji-new-chinese-linux-malware-turning-to-golang%2F&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1327356&time=1623036764662&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fkaiji-new-chinese-linux-malware-turning-to-golang%2F&liSync=true&e_ipv6=AQLSTJNrg0yvAQAAAXnkh6Qq-JnlWMtxghqfjDoc6TGIqXy0Ni9W33vI2Ak5-dpAbII5OCS0

323 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Redirect Chain

https://intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

149 KB
31 KB

991ms
989ms

Document
text/html

199.16.172.82
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.172.82 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

7d803703e5fb2bda3fa193c95eef98250f6f63dba835bf8af97c0b6c44dfcfd4

Security Headers

Name

Value

Content-Security-Policy

frame-ancestors 'self' *.intezer.com; upgrade-insecure-requests; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' data: *.google.com *.googleapis.com *.intezer.com *.youtube.com googletagmanager.com *.opendns.com *.hsappstatic.net twitter.com *.cloudflare.com *.comeet.co *.twitter.com *.gaug.es *.wp.com *.hsleadflows.net *.gstatic.com *.usemessages.com *.hs-banner.com *.licdn.com *.hs-analytics.net *.ads-twitter.com *.hs-scripts.com *.googleadservices.com *.hotjar.com *.googletagmanager.com *.doubleclick.net *.addtoany.com *.facebook.net *.google-analytics.com *.pressablecdn.com; object-src 'self'; frame-src 'self' *.hsappstatic.net *.usemessages.com *.recaptcha.net *.intezer.com *.hubspot.com *.pressablecdn.com *.hotjar.com *.googletagmanager.com *.wp.com *.google.com *.twitter.com *.comeet.com *.comeet.co *.doubleclick.net *.youtube.com; child-src 'self' *.intezer.com; base-uri 'self' *.intezer.com; form-action 'self' https://*.twitter.com/; worker-src 'self' *.intezer.com; report-uri https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=enforce

Strict-Transport-Security

max-age=31536000

Request headers

:method: GET
:authority: www.intezer.com
:scheme: https
:path: /blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server: nginx
date: Mon, 07 Jun 2021 03:32:44 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
vary: Accept-Encoding Cookie
host-header: Pressable
content-security-policy-report-only: frame-ancestors 'self' https://www.intezer.com/ http://www.intezer.com/; block-all-mixed-content; default-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' data: https://translate.google.com/ https://translate.googleapis.com/ https://www.intezer.com/ http://www.youtube.com/ https://www.youtube.com/ https://googletagmanager.com/ https://*.opendns.com/ https://static.hsappstatic.net/ https://twitter.com/ https://cdnjs.cloudflare.com/ https://optimize.google.com/ https://ajax.googleapis.com/ https://www.comeet.co/ https://platform.twitter.com/ https://secure.gaug.es/ https://*.wp.com/ https://www.google.com/ https://js.hsleadflows.net/ https://www.gstatic.com/ https://js.usemessages.com/ https://js.hs-banner.com/ https://snap.licdn.com/ https://js.hs-analytics.net/ https://static.ads-twitter.com/ https://js.hs-scripts.com/ https://www.googleadservices.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://analytics.twitter.com/ https://www.googletagmanager.com/ https://googleads.g.doubleclick.net/ https://static.addtoany.com/ https://connect.facebook.net/ https://www.google-analytics.com/ https://*.pressablecdn.com/; style-src 'sha256-A36pRlP2FPaVBYPMDmRWdqe3nTLvokMItNMM9+H4iuY=' 'unsafe-inline' 'unsafe-hashes' https://cdn.jsdelivr.net/npm/timepicker@1.13.14/jquery.timepicker.min.css https://translate.googleapis.com/ https://www.comeet.com/ https://static.hsappstatic.net/ https://www.gstatic.com/ https://cdnjs.cloudflare.com/ https://optimize.google.com/ https://*.wp.com/ https://fonts.googleapis.com/ http://fonts.googleapis.com/ https://*.pressablecdn.com/ https://www.intezer.com/ http://www.intezer.com/; object-src 'none'; frame-src https://static.hsappstatic.net/ https://js.usemessages.com/ https://*.recaptcha.net/ https://www.intezer.com/ https://meetings.hubspot.com/ https://*.pressablecdn.com/ https://static.hotjar.com/ https://www.googletagmanager.com/ https://widgets.wp.com/ https://optimize.google.com/ https://syndication.twitter.com/ https://www.comeet.com/ https://www.comeet.co/ https://platform.twitter.com/ https://bid.g.doubleclick.net/ https://www.youtube.com/ https://app.hubspot.com/ https://vars.hotjar.com/ https://www.google.com/; child-src https://www.intezer.com/; img-src 'self'; font-src 'self'; connect-src 'self'; manifest-src 'self'; base-uri https://www.intezer.com/; form-action 'self' https://*.twitter.com/; media-src 'self'; prefetch-src 'self'; worker-src https://www.intezer.com/; report-uri https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
content-security-policy: frame-ancestors 'self' *.intezer.com; upgrade-insecure-requests; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' data: *.google.com *.googleapis.com *.intezer.com *.youtube.com googletagmanager.com *.opendns.com *.hsappstatic.net twitter.com *.cloudflare.com *.comeet.co *.twitter.com *.gaug.es *.wp.com *.hsleadflows.net *.gstatic.com *.usemessages.com *.hs-banner.com *.licdn.com *.hs-analytics.net *.ads-twitter.com *.hs-scripts.com *.googleadservices.com *.hotjar.com *.googletagmanager.com *.doubleclick.net *.addtoany.com *.facebook.net *.google-analytics.com *.pressablecdn.com; object-src 'self'; frame-src 'self' *.hsappstatic.net *.usemessages.com *.recaptcha.net *.intezer.com *.hubspot.com *.pressablecdn.com *.hotjar.com *.googletagmanager.com *.wp.com *.google.com *.twitter.com *.comeet.com *.comeet.co *.doubleclick.net *.youtube.com; child-src 'self' *.intezer.com; base-uri 'self' *.intezer.com; form-action 'self' https://*.twitter.com/; worker-src 'self' *.intezer.com; report-uri https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=enforce
link: <https://www.intezer.com/wp-json/>; rel="https://api.w.org/" <https://www.intezer.com/wp-json/wp/v2/posts/8788>; rel="alternate"; type="application/json" <https://www.intezer.com/?p=8788>; rel=shortlink
last-modified: Mon, 07 Jun 2021 03:32:44 GMT
cache-control: max-age=300, must-revalidate
x-nananana: Batcache-Set
content-encoding: gzip
x-ac: 1.hhn _atomic_ams

Redirect headers

server: nginx
date: Mon, 07 Jun 2021 03:32:43 GMT
content-type: text/html
content-length: 162
location: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
strict-transport-security: max-age=31536000
x-ac: 1.hhn _atomic_ams

GET
H2 200 css
fonts.googleapis.com/ 20 KB
2 KB 35ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

176bf34c69ad4b716195073e854bcb902e052f159870b34de9886245f48bec6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 07 Jun 2021 02:13:29 GMT
server: ESF
date: Mon, 07 Jun 2021 03:32:44 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 07 Jun 2021 03:32:44 GMT

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 471ms
448ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 188 KB
54 KB 35ms
34ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KC95766

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1d7da068d684e4e7b67a456dc8ebb4cd2fa2a090cb28cf746ce86b82be44aa98

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54910
x-xss-protection: 0
last-modified: Mon, 07 Jun 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 07 Jun 2021 03:32:44 GMT

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 481ms
461ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

GET
H2 200 style.min.css
c0.wp.com/c/5.7.2/wp-includes/css/dist/block-library/ 57 KB
8 KB 86ms
27ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.7.2/wp-includes/css/dist/block-library/style.min.css

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

2cd9de3dd26246204749cff259bc34e8e6a47ae5d6e4528b9b28c75d68d50cde

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: br
last-modified: Tue, 06 Apr 2021 23:50:28 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Tue, 07 Jun 2022 03:32:44 GMT

GET
H2 200 styles.css
149520725.v2.pressablecdn.com/wp-content/plugins/contact-form-7/includes/css/ 3 KB
1 KB 93ms
27ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.4.1

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

070edfef42e0980783d0acf8fa9ca6a9833b994eca13ffaa94e9a2deb47c92cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Tue, 11 May 2021 13:57:37 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
x-ac: 1.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/contact-form-7/includes/css/styles.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wpfront-notification-bar.min.css
149520725.v2.pressablecdn.com/wp-content/plugins/wpfront-notification-bar/css/ 3 KB
861 B 93ms
27ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/wpfront-notification-bar/css/wpfront-notification-bar.min.css?ver=1.9.1.04012

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

c8e4d15df5aa242685561e00e00f25f6771e62d1a60cae70073c58a34b3c324a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Sun, 11 Apr 2021 14:28:00 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
x-ac: 1.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/wpfront-notification-bar/css/wpfront-notification-bar.min.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bootstrap.css
149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/css/ 187 KB
23 KB 93ms
27ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/css/bootstrap.css?ver=8cd8feb99bae61375da2ecb5e8330829

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

c40a0cdd5ab5dcc4da78066f70839808bb4ee8fb2f3360dec64fde438770b099

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Sun, 13 Dec 2020 07:21:39 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
x-ac: 1.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/themes/intezer-v2/css/bootstrap.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 font-awesome.min.css
149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/css/ 30 KB
7 KB 93ms
28ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/css/font-awesome.min.css?ver=8cd8feb99bae61375da2ecb5e8330829

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Sun, 13 Dec 2020 07:21:41 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
x-ac: 1.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/themes/intezer-v2/css/font-awesome.min.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.css
149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/ 183 KB
35 KB 126ms
60ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/style.css?ver=1623036763

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

0293c16af0d73085ea6d8749a3fc4b5180cffbb63164dad93fa89660bf9d7814

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: MISS hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Wed, 26 May 2021 13:45:44 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
x-ac: 2.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/themes/intezer-v2/style.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.basic.css
149520725.v2.pressablecdn.com/wp-content/plugins/ajax-search-lite/css/ 17 KB
4 KB 113ms
48ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/ajax-search-lite/css/style.basic.css?ver=4.9.3

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

8e1d3542f4ea0a232b64a279e38b4cc9d666ae94a91abd25fff1a165194322cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Tue, 11 May 2021 13:57:16 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
x-ac: 2.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/ajax-search-lite/css/style.basic.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style-curvy-blue.css
149520725.v2.pressablecdn.com/wp-content/plugins/ajax-search-lite/css/ 6 KB
1 KB 115ms
50ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/ajax-search-lite/css/style-curvy-blue.css?ver=4.9.3

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

2f43834f6edfa66b7a0fdc9d6e2178047a399d6e5e5caec34af8212a65973a9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Tue, 11 May 2021 13:57:16 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
x-ac: 2.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/ajax-search-lite/css/style-curvy-blue.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 app.css
149520725.v2.pressablecdn.com/wp-content/plugins/simple-lightbox/client/css/ 232 B
367 B 115ms
50ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/simple-lightbox/client/css/app.css?ver=2.8.1

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

570a4964629f982285ef5282d47767738b4ef2f75cb8bad8ccfc206683ee1d0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
x-ac: 1.hhn _atomic_ams
last-modified: Sun, 13 Dec 2020 06:28:43 GMT
server: nginx
strict-transport-security: max-age=15552000
content-type: text/css
cache-control: max-age=315360000
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/plugins/simple-lightbox/client/css/app.css>; rel="canonical"
content-length: 232
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 addtoany.min.css
149520725.v2.pressablecdn.com/wp-content/plugins/add-to-any/ 1 KB
584 B 110ms
45ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.15

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

20a84f304abfaf56bb829a84199344bca40bf7d4dba451e109a840cbdf728436

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Tue, 26 Jan 2021 18:02:21 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
x-ac: 2.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/add-to-any/addtoany.min.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.css
149520725.v2.pressablecdn.com/wp-content/plugins/cf7-conditional-fields/ 2 KB
685 B 92ms
27ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/cf7-conditional-fields/style.css?ver=2.0.3

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

dc19c2e40e42974f0416a3f4cc97e2dbb85a5b5598b76a75e9254164922e7be0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Tue, 11 May 2021 13:57:46 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
x-ac: 2.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/cf7-conditional-fields/style.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jetpack.css
c0.wp.com/p/jetpack/9.8/css/ 72 KB
12 KB 84ms
27ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/9.8/css/jetpack.css

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

703f7529d952cf134c04e123a9960e72123d3b24e3cea4c191bfed9364067502

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: br
last-modified: Tue, 25 May 2021 17:58:16 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Tue, 07 Jun 2022 03:32:44 GMT

GET
H2 200 jquery-3.2.1.min.js Show response
149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/js/ 85 KB
30 KB 114ms
50ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/js/jquery-3.2.1.min.js?ver=8cd8feb99bae61375da2ecb5e8330829

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Sun, 13 Dec 2020 07:21:10 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 1.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/themes/intezer-v2/js/jquery-3.2.1.min.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 addtoany.min.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/add-to-any/ 129 B
231 B 114ms
50ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/add-to-any/addtoany.min.js?ver=1.1

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
x-ac: 2.hhn _atomic_ams
last-modified: Tue, 26 Jan 2021 18:02:21 GMT
server: nginx
strict-transport-security: max-age=15552000
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/plugins/add-to-any/addtoany.min.js>; rel="canonical"
content-length: 129
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wpfront-notification-bar.min.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/wpfront-notification-bar/js/ 3 KB
1 KB 113ms
50ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/wpfront-notification-bar/js/wpfront-notification-bar.min.js?ver=1.9.1.04012

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

29a73b0570ae43397755b8a643ec327571875b35a3ae24251e585e022b44ac15

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Sun, 11 Apr 2021 14:28:00 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 2.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/wpfront-notification-bar/js/wpfront-notification-bar.min.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
619 B 36ms
22ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3cd4435683f31935fe9fac4db83d9a8c232cfe0849eb2db5c561b839066b0608

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 07 Jun 2021 02:22:12 GMT
server: ESF
date: Mon, 07 Jun 2021 03:32:44 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 07 Jun 2021 03:32:44 GMT

GET
H2 200 /
www.intezer.com/ 6 KB
5 KB 49ms
48ms Stylesheet
text/css 199.16.172.82
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.intezer.com/?custom-css=9007c27848

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.172.82 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4883aa29da64b6570fc4f5baa4cc519cb5dcf0a7e6d8fa4d218b175479aced0b

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31536000

Request headers

:path: /?custom-css=9007c27848
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.intezer.com
referer: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nananana: Batcache-Hit
strict-transport-security: max-age=31536000
content-encoding: gzip
vary: Accept-Encoding Cookie
last-modified: Mon, 07 Jun 2021 03:28:51 GMT
server: nginx
date: Mon, 07 Jun 2021 03:32:44 GMT
content-security-policy-report-only: frame-ancestors 'self' https://www.intezer.com/ http://www.intezer.com/; block-all-mixed-content; default-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' data: https://translate.google.com/ https://translate.googleapis.com/ https://www.intezer.com/ http://www.youtube.com/ https://www.youtube.com/ https://googletagmanager.com/ https://*.opendns.com/ https://static.hsappstatic.net/ https://twitter.com/ https://cdnjs.cloudflare.com/ https://optimize.google.com/ https://ajax.googleapis.com/ https://www.comeet.co/ https://platform.twitter.com/ https://secure.gaug.es/ https://*.wp.com/ https://www.google.com/ https://js.hsleadflows.net/ https://www.gstatic.com/ https://js.usemessages.com/ https://js.hs-banner.com/ https://snap.licdn.com/ https://js.hs-analytics.net/ https://static.ads-twitter.com/ https://js.hs-scripts.com/ https://www.googleadservices.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://analytics.twitter.com/ https://www.googletagmanager.com/ https://googleads.g.doubleclick.net/ https://static.addtoany.com/ https://connect.facebook.net/ https://www.google-analytics.com/ https://*.pressablecdn.com/; style-src 'sha256-A36pRlP2FPaVBYPMDmRWdqe3nTLvokMItNMM9+H4iuY=' 'unsafe-inline' 'unsafe-hashes' https://cdn.jsdelivr.net/npm/timepicker@1.13.14/jquery.timepicker.min.css https://translate.googleapis.com/ https://www.comeet.com/ https://static.hsappstatic.net/ https://www.gstatic.com/ https://cdnjs.cloudflare.com/ https://optimize.google.com/ https://*.wp.com/ https://fonts.googleapis.com/ http://fonts.googleapis.com/ https://*.pressablecdn.com/ https://www.intezer.com/ http://www.intezer.com/; object-src 'none'; frame-src https://static.hsappstatic.net/ https://js.usemessages.com/ https://*.recaptcha.net/ https://www.intezer.com/ https://meetings.hubspot.com/ https://*.pressablecdn.com/ https://static.hotjar.com/ https://www.googletagmanager.com/ https://widgets.wp.com/ https://optimize.google.com/ https://syndication.twitter.com/ https://www.comeet.com/ https://www.comeet.co/ https://platform.twitter.com/ https://bid.g.doubleclick.net/ https://www.youtube.com/ https://app.hubspot.com/ https://vars.hotjar.com/ https://www.google.com/; child-src https://www.intezer.com/; img-src 'self'; font-src 'self'; connect-src 'self'; manifest-src 'self'; base-uri https://www.intezer.com/; form-action 'self' https://*.twitter.com/; media-src 'self'; prefetch-src 'self'; worker-src https://www.intezer.com/; report-uri https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
content-type: text/css;charset=utf-8
cache-control: max-age=67, must-revalidate
content-security-policy: frame-ancestors 'self' *.intezer.com; upgrade-insecure-requests; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' data: *.google.com *.googleapis.com *.intezer.com *.youtube.com googletagmanager.com *.opendns.com *.hsappstatic.net twitter.com *.cloudflare.com *.comeet.co *.twitter.com *.gaug.es *.wp.com *.hsleadflows.net *.gstatic.com *.usemessages.com *.hs-banner.com *.licdn.com *.hs-analytics.net *.ads-twitter.com *.hs-scripts.com *.googleadservices.com *.hotjar.com *.googletagmanager.com *.doubleclick.net *.addtoany.com *.facebook.net *.google-analytics.com *.pressablecdn.com; object-src 'self'; frame-src 'self' *.hsappstatic.net *.usemessages.com *.recaptcha.net *.intezer.com *.hubspot.com *.pressablecdn.com *.hotjar.com *.googletagmanager.com *.wp.com *.google.com *.twitter.com *.comeet.com *.comeet.co *.doubleclick.net *.youtube.com; child-src 'self' *.intezer.com; base-uri 'self' *.intezer.com; form-action 'self' https://*.twitter.com/; worker-src 'self' *.intezer.com; report-uri https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=enforce
x-ac: 1.hhn _atomic_ams
host-header: Pressable
expires: Tue, 07 Jun 2022 03:28:51 GMT

GET
H2 200 search-ico.png
149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/images/ 507 B
682 B 60ms
38ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/images/search-ico.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

452d513b1ef9c6cb1afbe50a84b02c065daf5f3f459c556fbbbd6daa7fe15bbc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
x-ac: 1.hhn _atomic_ams
last-modified: Sun, 13 Dec 2020 07:22:48 GMT
server: nginx
strict-transport-security: max-age=15552000
content-type: image/png
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/themes/intezer-v2/images/search-ico.png>; rel="canonical"
content-length: 507
expires: Mon, 14 Jun 2021 03:32:44 GMT

GET
H2 200 intezer-logo-n.png
149520725.v2.pressablecdn.com/wp-content/uploads/2020/05/ 3 KB
4 KB 60ms
38ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2020/05/intezer-logo-n.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

e85052e09a7415a2ab775cc198a96dc956d9de42b90541a5cdc9c5c176725745

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
x-ac: 2.hhn _atomic_ams
last-modified: Sun, 13 Dec 2020 07:09:13 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2020/05/intezer-logo-n.png>; rel="canonical"
content-length: 3525
expires: Mon, 14 Jun 2021 03:32:44 GMT

GET
H2 200 logo-analize-logo-trans-ozsmvqchu4xq3efimwjdhr1x8rgjihbqxejnle9j9u.png
149520725.v2.pressablecdn.com/wp-content/uploads/elementor/thumbs/ 3 KB
3 KB 70ms
49ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/elementor/thumbs/logo-analize-logo-trans-ozsmvqchu4xq3efimwjdhr1x8rgjihbqxejnle9j9u.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

af2e2283ffc4d9ca0e8be05032a6e2d7fe7daa868ad02fa1f61fc648e08336b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
x-ac: 1.hhn _atomic_ams
last-modified: Wed, 24 Feb 2021 10:19:00 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/elementor/thumbs/logo-analize-logo-trans-ozsmvqchu4xq3efimwjdhr1x8rgjihbqxejnle9j9u.png>; rel="canonical"
content-length: 2781
expires: Mon, 14 Jun 2021 03:32:44 GMT

GET
H2 200 protect-logo-ozsn131er69i7gnmdptw6wff0r2scfkpzwa6z4btua.png
149520725.v2.pressablecdn.com/wp-content/uploads/elementor/thumbs/ 4 KB
4 KB 69ms
50ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/elementor/thumbs/protect-logo-ozsn131er69i7gnmdptw6wff0r2scfkpzwa6z4btua.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

bb434f0328d6d816d30aa942a808091339df83946b3be1e3ef476873cf83d8f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
x-ac: 2.hhn _atomic_ams
last-modified: Sun, 28 Feb 2021 09:10:02 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/elementor/thumbs/protect-logo-ozsn131er69i7gnmdptw6wff0r2scfkpzwa6z4btua.png>; rel="canonical"
content-length: 3836
expires: Mon, 14 Jun 2021 03:32:44 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 92 KB
24 KB 58ms
14ms Script
application/x-javascript 2a03:2880:f045:10:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3ba5369627fc324f2d2c47f44c8da30769d2a3ccbe8110b9bd5eec9585e42a09

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 24155
x-fb-rlafr: 0
pragma: public
x-fb-debug: ogH+PjgIMnHRX6vd8FIq8Nj/0Ptg/IrpBg9tTy80cjHnfZxx0KOuN7A+axstR/VXARy8/hYraL7BZEeD8PNN9w==
x-fb-trip-id: 1709462857
x-frame-options: DENY
date: Mon, 07 Jun 2021 03:32:44 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 wp-emoji-release.min.js Show response
www.intezer.com/wp-includes/js/ 14 KB
5 KB 60ms
42ms Script
application/javascript 199.16.172.82
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.intezer.com/wp-includes/js/wp-emoji-release.min.js?ver=8cd8feb99bae61375da2ecb5e8330829

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.172.82 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-includes/js/wp-emoji-release.min.js?ver=8cd8feb99bae61375da2ecb5e8330829
pragma: no-cache
cookie: _gcl_au=1.1.303063617.1623036764
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.intezer.com
referer: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 06 Jan 2021 15:29:24 GMT
server: nginx
etag: W/"5ff5d754-3795"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
date: Mon, 07 Jun 2021 03:32:44 GMT
x-ac: 1.hhn _atomic_ams
expires: Thu, 31 Dec 2037 23:55:55 GMT

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 481ms
480ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 474ms
473ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

GET
H2 200 Paul-60x60.png
149520725.v2.pressablecdn.com/wp-content/uploads/2020/01/ 8 KB
8 KB 68ms
50ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2020/01/Paul-60x60.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

e816ebb5703703e834e7a86dc54fe2405d0a2e6da8042644016bb49b3be6cc92

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
x-ac: 1.hhn _atomic_ams
last-modified: Sun, 13 Dec 2020 07:11:19 GMT
server: nginx
strict-transport-security: max-age=15552000
content-type: image/png
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2020/01/Paul-60x60.png>; rel="canonical"
content-length: 7813
expires: Mon, 14 Jun 2021 03:32:44 GMT

GET
H2 200 shutterstock_545875000-1270x475.jpg
149520725.v2.pressablecdn.com/wp-content/uploads/2020/05/ 43 KB
44 KB 68ms
50ms Image
image/jpeg 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2020/05/shutterstock_545875000-1270x475.jpg

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

d8c4555b145c6014f44500d8220936eda92233b4de0e6029c43cf702c01fff04

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
x-ac: 1.hhn _atomic_ams
last-modified: Sun, 13 Dec 2020 07:10:16 GMT
server: nginx
strict-transport-security: max-age=15552000
content-type: image/jpeg
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2020/05/shutterstock_545875000-1270x475.jpg>; rel="canonical"
content-length: 44329
expires: Mon, 14 Jun 2021 03:32:44 GMT

GET
H2 200 facebook.png
www.intezer.com/wp-content/themes/intezer-v2/images/social/ 510 B
555 B 63ms
45ms Image
image/png 199.16.172.82
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.intezer.com/wp-content/themes/intezer-v2/images/social/facebook.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.172.82 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

65a52f6e516f0c632596218b193336646905690934acda722c840c621d7e56d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/intezer-v2/images/social/facebook.png
pragma: no-cache
cookie: _gcl_au=1.1.303063617.1623036764
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.intezer.com
referer: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 03:32:44 GMT
x-ac: 1.hhn _atomic_ams
last-modified: Sun, 13 Dec 2020 07:23:29 GMT
server: nginx
etag: "5fd5c171-1fe"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=604800
accept-ranges: bytes
content-length: 510
expires: Mon, 14 Jun 2021 03:32:44 GMT

GET
H2 200 twitter.png
www.intezer.com/wp-content/themes/intezer-v2/images/social/ 428 B
510 B 60ms
42ms Image
image/png 199.16.172.82
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.intezer.com/wp-content/themes/intezer-v2/images/social/twitter.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.172.82 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

161dab58676b279f43addcbc3f800ac11276f20f15866ba7f7b5c60bc01b065b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/intezer-v2/images/social/twitter.png
pragma: no-cache
cookie: _gcl_au=1.1.303063617.1623036764
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.intezer.com
referer: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 03:32:44 GMT
x-ac: 1.hhn _atomic_ams
last-modified: Sun, 13 Dec 2020 07:23:29 GMT
server: nginx
etag: "5fd5c171-1ac"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=604800
accept-ranges: bytes
content-length: 428
expires: Mon, 14 Jun 2021 03:32:44 GMT

GET
H2 200 linkedin.png
www.intezer.com/wp-content/themes/intezer-v2/images/social/ 576 B
645 B 47ms
43ms Image
image/png 199.16.172.82
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.intezer.com/wp-content/themes/intezer-v2/images/social/linkedin.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.172.82 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

534708b43bc02cb8910f2c21a92047c6590f02ff62fee2f2b328fbb3839e7e6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/intezer-v2/images/social/linkedin.png
pragma: no-cache
cookie: _gcl_au=1.1.303063617.1623036764
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.intezer.com
referer: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 03:32:44 GMT
x-ac: 1.hhn _atomic_ams
last-modified: Sun, 13 Dec 2020 07:23:30 GMT
server: nginx
etag: "5fd5c172-240"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=604800
accept-ranges: bytes
content-length: 576
expires: Mon, 14 Jun 2021 03:32:44 GMT

GET
H2 200 GraphicRequest_1024x475_02-1-253x139.png
149520725.v2.pressablecdn.com/wp-content/uploads/2021/03/ 7 KB
7 KB 67ms
50ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2021/03/GraphicRequest_1024x475_02-1-253x139.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

dc442aa7ed9543e11d71857b9812fad7f17dde2f17c345aebaf6ae4ca9b40ff1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
x-ac: 2.hhn _atomic_ams
last-modified: Mon, 22 Mar 2021 15:33:01 GMT
server: nginx
strict-transport-security: max-age=15552000
content-type: image/png
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2021/03/GraphicRequest_1024x475_02-1-253x139.png>; rel="canonical"
content-length: 7263
expires: Mon, 14 Jun 2021 03:32:44 GMT

GET
H2 200 shutterstock_1751240975-253x139.jpg
149520725.v2.pressablecdn.com/wp-content/uploads/2021/02/ 7 KB
7 KB 67ms
49ms Image
image/jpeg 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2021/02/shutterstock_1751240975-253x139.jpg

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

603f9617adb686097437a6be81a71e69ef4f3c80870fb1366853d0a07b8cf8ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
x-ac: 2.hhn _atomic_ams
last-modified: Tue, 23 Feb 2021 17:32:15 GMT
server: nginx
strict-transport-security: max-age=15552000
content-type: image/jpeg
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2021/02/shutterstock_1751240975-253x139.jpg>; rel="canonical"
content-length: 6832
expires: Mon, 14 Jun 2021 03:32:44 GMT

GET
H2 200 shutterstock_282380951-1-253x139.jpg
149520725.v2.pressablecdn.com/wp-content/uploads/2020/06/ 17 KB
17 KB 67ms
49ms Image
image/jpeg 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2020/06/shutterstock_282380951-1-253x139.jpg

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

df2351b3acbe8a38d3844bed5e4fcdc3aaa0b237b9ad3b5948d713fb63cc9641

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
x-ac: 1.hhn _atomic_ams
last-modified: Sun, 13 Dec 2020 07:13:15 GMT
server: nginx
strict-transport-security: max-age=15552000
content-type: image/jpeg
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2020/06/shutterstock_282380951-1-253x139.jpg>; rel="canonical"
content-length: 17570
expires: Mon, 14 Jun 2021 03:32:44 GMT

GET
H2 200 owl.carousel.min.css
www.intezer.com/wp-content/themes/intezer-v2/css/ 3 KB
1020 B 42ms
42ms Stylesheet
text/css 199.16.172.82
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.intezer.com/wp-content/themes/intezer-v2/css/owl.carousel.min.css

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.172.82 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

016ab0bd0de4839680e4a717a57db9b182a8c2c5fdeec4c24db7a8df761fca4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/intezer-v2/css/owl.carousel.min.css
pragma: no-cache
cookie: _gcl_au=1.1.303063617.1623036764
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.intezer.com
referer: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Sun, 13 Dec 2020 07:21:34 GMT
server: nginx
etag: W/"5fd5c0fe-b78"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=604800
date: Mon, 07 Jun 2021 03:32:44 GMT
x-ac: 1.hhn _atomic_ams
expires: Mon, 14 Jun 2021 03:32:44 GMT

GET
H2 200 owl.carousel.min.js Show response
www.intezer.com/wp-content/themes/intezer-v2/js/ 42 KB
11 KB 42ms
42ms Script
application/javascript 199.16.172.82
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.intezer.com/wp-content/themes/intezer-v2/js/owl.carousel.min.js

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.172.82 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b394d33b2a7ec654a6b037ebfda6618341b3f897a362be624c923c2711b54a43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/intezer-v2/js/owl.carousel.min.js
pragma: no-cache
cookie: _gcl_au=1.1.303063617.1623036764
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.intezer.com
referer: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Sun, 13 Dec 2020 07:21:10 GMT
server: nginx
etag: W/"5fd5c0e6-a70e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
date: Mon, 07 Jun 2021 03:32:44 GMT
x-ac: 1.hhn _atomic_ams
expires: Mon, 14 Jun 2021 03:32:44 GMT

GET
H2 200 intezer-logo-b.png
149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/images/ 3 KB
4 KB 67ms
50ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/images/intezer-logo-b.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

e85052e09a7415a2ab775cc198a96dc956d9de42b90541a5cdc9c5c176725745

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
x-ac: 2.hhn _atomic_ams
last-modified: Sun, 13 Dec 2020 07:22:31 GMT
server: nginx
strict-transport-security: max-age=15552000
content-type: image/png
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/themes/intezer-v2/images/intezer-logo-b.png>; rel="canonical"
content-length: 3525
expires: Mon, 14 Jun 2021 03:32:44 GMT

GET
H2 200 frontend-legacy.min.css
149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/css/ 4 KB
672 B 47ms
25ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.2.3

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

ffa4270ba21ba229a7f59a6f54eac2ba8a7c8619dbb323548ceaf9d18bcbc41e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Tue, 11 May 2021 13:58:57 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
x-ac: 2.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 custom-frontend.min.css
149520725.v2.pressablecdn.com/wp-content/uploads/elementor/css/ 115 KB
17 KB 48ms
25ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/elementor/css/custom-frontend.min.css?ver=1620741588

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

c1ccd5d2932fb9abb18eb7593746ab59969161721e828b5270ffe8834a78bf4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Tue, 11 May 2021 13:59:48 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-ac: 2.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/uploads/elementor/css/custom-frontend.min.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 post-16929.css
149520725.v2.pressablecdn.com/wp-content/uploads/elementor/css/ 7 KB
1 KB 48ms
26ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/elementor/css/post-16929.css?ver=1620741588

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

798fc2c915359f6150a44c360dfba563290e7d157525b70d9ad3150330fed1ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Tue, 11 May 2021 13:59:48 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-ac: 2.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/uploads/elementor/css/post-16929.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 post-17075.css
149520725.v2.pressablecdn.com/wp-content/uploads/elementor/css/ 10 KB
1 KB 48ms
26ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/elementor/css/post-17075.css?ver=1620741588

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

4135b9ba8f2a5dad50910bff31b4fd8d03ba28d90f77d307bf8d394116d00a9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Tue, 11 May 2021 13:59:48 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-ac: 2.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/uploads/elementor/css/post-17075.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 elementor-icons.min.css
149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/lib/eicons/css/ 17 KB
4 KB 49ms
27ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.11.0

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

e36eaa6e7cebbd4138dfb008ee3d53ab8195f45953b0f4f27d0d8156ab059021

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Tue, 16 Mar 2021 10:31:08 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
x-ac: 1.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 animations.min.css
149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/lib/animations/ 18 KB
3 KB 49ms
25ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.2.3

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Tue, 11 May 2021 13:58:57 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
x-ac: 1.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/elementor/assets/lib/animations/animations.min.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 post-8921.css
149520725.v2.pressablecdn.com/wp-content/uploads/elementor/css/ 1 KB
503 B 49ms
25ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/elementor/css/post-8921.css?ver=1620741589

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

0c58687b5364ec205f8c31b0f4a3635c2db5fdb252b7e8b3ee904b90b046bd41

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Tue, 11 May 2021 13:59:49 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-ac: 1.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/uploads/elementor/css/post-8921.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 custom-pro-frontend.min.css
149520725.v2.pressablecdn.com/wp-content/uploads/elementor/css/ 206 KB
23 KB 49ms
25ms Stylesheet
text/css 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/elementor/css/custom-pro-frontend.min.css?ver=1620741589

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

756d5ab312ed40aca43747b1b8bd8f9886fb2403e4849b96f8a51714b6699adf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Tue, 11 May 2021 13:59:49 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
x-ac: 1.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/uploads/elementor/css/custom-pro-frontend.min.css>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 css
fonts.googleapis.com/ 42 KB
2 KB 36ms
14ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=8cd8feb99bae61375da2ecb5e8330829

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

30a949187cdd1c73e43b3bdee9398a9ae27f403a9481999fc9f5f946d8af0079

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 07 Jun 2021 03:14:57 GMT
server: ESF
date: Mon, 07 Jun 2021 03:32:44 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 07 Jun 2021 03:32:44 GMT

GET
H2 200 wp-polyfill.min.js Show response
c0.wp.com/c/5.7.2/wp-includes/js/dist/vendor/ 97 KB
32 KB 50ms
25ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.7.2/wp-includes/js/dist/vendor/wp-polyfill.min.js

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

d36e5d7328268d21c6941039a7b6a15c7ed7414f60dbee72d2231d11ac9bdaf3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: br
last-modified: Mon, 29 Jun 2020 11:50:29 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Tue, 07 Jun 2022 03:32:44 GMT

GET
H2 200 index.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/contact-form-7/includes/js/ 13 KB
4 KB 55ms
29ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.1

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

927d5436967ebce8a52c4bdcd27cc056c910a72270f74990dfbd1d554840c12d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Tue, 11 May 2021 13:57:37 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 1.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/contact-form-7/includes/js/index.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 dynamic-conditions-public.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/dynamicconditions/Public/js/ 2 KB
841 B 55ms
29ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/dynamicconditions/Public/js/dynamic-conditions-public.js?ver=1.5.1

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

751d5192326ddefce3e87157f7c9355217cdad7b4a969b5dd3161b4453671389

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Sun, 11 Apr 2021 14:39:29 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 1.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/dynamicconditions/Public/js/dynamic-conditions-public.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 5492986.js Show response
js.hs-scripts.com/ 1 KB
942 B 130ms
114ms Script
application/javascript 2606:4700::6811:d2cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/5492986.js?integration=WordPress
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:d2cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 346da8bccb59421d424120ccbc3ca6b9c44eb95213519652c9b6aa2204c4a4df

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: EXPIRED
x-hubspot-correlation-id: 8e72e00f-c6ef-4b5f-b727-a34cfb08a4b0
cf-request-id: 0a8620b87300004e4970aeb000000001
server: cloudflare
x-trace: 2B4E553F33A82B2A18601A5F315D6E7F0EFD4A1D22000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.intezer.com
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 65b6d0a0be184e49-FRA
expires: Mon, 07 Jun 2021 03:33:44 GMT

GET
H2 200 tether.min.js Show response
149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/js/ 24 KB
7 KB 55ms
29ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/js/tether.min.js?ver=8cd8feb99bae61375da2ecb5e8330829

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

80bd626eb6d57112072a508ee4e5ce3c2fe5673fe0a5d029810033b24aaa5e9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Sun, 13 Dec 2020 07:21:07 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 1.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/themes/intezer-v2/js/tether.min.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bootstrap.min.js Show response
149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/js/ 46 KB
12 KB 55ms
29ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/js/bootstrap.min.js?ver=8cd8feb99bae61375da2ecb5e8330829

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

fa421b6ebbd2fb474d3a3866409ce6c1efd120b47ff256fffb8f8f50d556d3d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Sun, 13 Dec 2020 07:21:11 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 1.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/themes/intezer-v2/js/bootstrap.min.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 main.js Show response
149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/js/ 14 KB
3 KB 55ms
29ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/js/main.js?ver=8cd8feb99bae61375da2ecb5e8330829

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

f27202a0093e578bac959e37a4944ad6f55a537a7c2d36d2733046e0d2d42c67

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Wed, 03 Mar 2021 09:45:08 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 1.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/themes/intezer-v2/js/main.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 hooks.min.js Show response
c0.wp.com/c/5.7.2/wp-includes/js/dist/ 7 KB
2 KB 58ms
32ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.7.2/wp-includes/js/dist/hooks.min.js

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

21a9753c3327bf6348a1e76b45a2a620694f77283564c6728068467cf1b3868b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: br
last-modified: Wed, 24 Feb 2021 15:57:54 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Tue, 07 Jun 2022 03:32:44 GMT

GET
H2 200 jquery.ajaxsearchlite.min.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/ajax-search-lite/js/min/ 92 KB
27 KB 55ms
30ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/ajax-search-lite/js/min/jquery.ajaxsearchlite.min.js?ver=4.9.3

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

09e49519e764c6de6610599a3b50980db2a6985d7cb44103d6fe41bf497bbccd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Tue, 11 May 2021 13:57:16 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 1.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/ajax-search-lite/js/min/jquery.ajaxsearchlite.min.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 intersectionobserver-polyfill.min.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/src/js/ 8 KB
3 KB 55ms
30ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/src/js/intersectionobserver-polyfill.min.js?ver=1.1.2

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

88264adf3d3193fb56c229f0b92e2a6096770eb76996d1fedc95f5bcb208ccda

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Tue, 05 Jan 2021 15:42:42 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 2.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/src/js/intersectionobserver-polyfill.min.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 lazy-images.min.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/src/js/ 3 KB
1 KB 55ms
30ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/src/js/lazy-images.min.js?ver=1.1.2

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

51e78e904c795ed5b0154a9995d1ab0b7e3667f5aede719bda86ba38236c5989

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Tue, 05 Jan 2021 15:42:42 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 2.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/src/js/lazy-images.min.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 scripts.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/cf7-conditional-fields/js/ 132 KB
31 KB 55ms
30ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/cf7-conditional-fields/js/scripts.js?ver=2.0.3

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

65f5e116b152127853bcceef2864070a979cfac6f9fac3a6a3800709db4d809c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Tue, 11 May 2021 13:57:46 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 1.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/cf7-conditional-fields/js/scripts.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 884 B
778 B 42ms
17ms Script
text/javascript 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6LewXc8UAAAAADEYz8dYpHTk55uH2MjKqbyc1sXD&ver=3.0

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c51b35355049a1129d46108fd3fd228a8b790d2e139b21434271813f939d144f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 586
x-xss-protection: 1; mode=block
expires: Mon, 07 Jun 2021 03:32:44 GMT

GET
H2 200 index.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/contact-form-7/modules/recaptcha/ 4 KB
2 KB 54ms
30ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.4.1

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

24e5c659dc7089322d8a0bc6d164cea1d703f6cfaa483a4939bc86e5dc172670

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Tue, 11 May 2021 13:57:37 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 1.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/contact-form-7/modules/recaptcha/index.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 webpack-pro.runtime.min.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/elementor-pro/assets/js/ 5 KB
3 KB 54ms
30ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.2.2

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

f63f9da97a793227b906f8baf1ef3299ed5fa10ec94ad03f920a863c613dce1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Tue, 11 May 2021 13:59:10 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 1.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 webpack.runtime.min.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/js/ 5 KB
2 KB 54ms
30ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.2.3

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

9ba02497432cb1d3ca46d8440b481900261a960e19290f85535bcb3e09279dad

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Tue, 11 May 2021 13:58:57 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 1.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend-modules.min.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/js/ 63 KB
22 KB 61ms
37ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.2.3

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

bf36249b751f96358eda5fd74bb5104bb379e0c493e5c7c161e5a24091489dd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Tue, 11 May 2021 13:58:57 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 1.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.sticky.min.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/elementor-pro/assets/lib/sticky/ 6 KB
2 KB 61ms
38ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.2.2

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

a48dea362116d7516a2cf97066a32758d353760ee02dbf900ddff86b02a16473

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Tue, 11 May 2021 13:59:10 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 1.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.min.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/elementor-pro/assets/js/ 56 KB
17 KB 61ms
38ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.2.2

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

12ab3055558fe541bbd70df670dfeaa2f778cc13cd1074b7c5e79ed1a20f86ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Tue, 11 May 2021 13:59:10 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 1.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 waypoints.min.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/lib/waypoints/ 12 KB
3 KB 61ms
38ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Tue, 16 Mar 2021 10:31:08 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 1.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 core.min.js Show response
c0.wp.com/c/5.7.2/wp-includes/js/jquery/ui/ 20 KB
6 KB 56ms
32ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.7.2/wp-includes/js/jquery/ui/core.min.js

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

0cd851e5b33af0fbb354df65506da39807b998e07723f3d08aba5179fa2ed97e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: br
last-modified: Thu, 25 Mar 2021 20:02:19 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Tue, 07 Jun 2022 03:32:44 GMT

GET
H2 200 swiper.min.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/lib/swiper/ 136 KB
35 KB 60ms
38ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

b23f49f504faa32aac548b6662ffd64412f6738496fab8be38da46c5b7121804

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Tue, 16 Mar 2021 10:31:08 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 1.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 share-link.min.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/lib/share-link/ 3 KB
1 KB 60ms
38ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.2.3

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

4a7ee62eb33f3bbb66c2151e5cac6bf4904e28302efc36128f3e3ccae6fde580

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Tue, 11 May 2021 13:58:57 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 1.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 dialog.min.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/lib/dialog/ 11 KB
4 KB 60ms
38ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.8.1

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

2989e0b9e836cb9de3274d641ec6a58c2052f039e790ddd59b22303930bfdeeb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Tue, 16 Mar 2021 10:31:08 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 2.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.min.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/js/ 66 KB
19 KB 60ms
38ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.2.3

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

6876bf16807ef989b32be5002d203ffb26a5814546c28164008fd79261f7cd44

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Tue, 11 May 2021 13:58:57 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 2.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/elementor/assets/js/frontend.min.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 preloaded-elements-handlers.min.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/elementor-pro/assets/js/ 153 KB
37 KB 60ms
38ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js?ver=3.2.2

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

3c3ef9998414972b985076a5202e016ad4a71f9052eb1da62be10ed8f2752cc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Tue, 11 May 2021 13:59:10 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 1.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 preloaded-modules.min.js Show response
149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/js/ 57 KB
17 KB 60ms
38ms Script
application/javascript 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/js/preloaded-modules.min.js?ver=3.2.3

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

72f3361dff4cf033aa1c6175a169dae768512afcbeb9f730f520ddb617674a5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
last-modified: Tue, 11 May 2021 13:58:57 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-ac: 2.hhn _atomic_ams
strict-transport-security: max-age=15552000
link: <http://www.intezer.com/wp-content/plugins/elementor/assets/js/preloaded-modules.min.js>; rel="canonical"
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 e-202123.js Show response
stats.wp.com/ 9 KB
3 KB 83ms
27ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202123.js
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Sun, 29 May 2022 21:21:31 GMT

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 43 KB
16 KB 62ms
41ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

437ab1122de69cfb9f59c9ff5c4b7276183a6b3e6431b35ed8d65f1fb50a23cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16585
x-xss-protection: 0
server: cafe
etag: 3173349984735253481
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 07 Jun 2021 03:32:44 GMT

GET
H2 200 5492986.js Show response
js.hs-scripts.com/ 1 KB
634 B 139ms
139ms Script
application/javascript 2606:4700::6811:d2cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/5492986.js
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:d2cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 346da8bccb59421d424120ccbc3ca6b9c44eb95213519652c9b6aa2204c4a4df

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: EXPIRED
x-hubspot-correlation-id: e02153fa-4330-4ac1-ae66-31106e7aec03
cf-request-id: 0a8620b87400004e4989080000000001
server: cloudflare
x-trace: 2BD568F7F60931A07B79615F174549CE0F52F54901000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.intezer.com
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 65b6d0a0be1d4e49-FRA
expires: Mon, 07 Jun 2021 03:33:44 GMT

GET
H3-29 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 36 KB
14 KB 87ms
39ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KC95766

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

4da18cf3cfa4b3d576d9eda3450e2773c95ad8a660ec2998c7a7287f4191daf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13934
x-xss-protection: 0
server: cafe
etag: 6909554294999178257
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 07 Jun 2021 03:32:44 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 16ms
6ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KC95766

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 1281
date: Mon, 07 Jun 2021 03:11:23 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Mon, 07 Jun 2021 05:11:23 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 98ms
28ms Script
application/javascript 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KC95766
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4cf52cc73734aa71f26f6a10be9aeec89602af45bf0f9abd5c8445a076c1ae1a

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 03:32:44 GMT
via: 1.1 varnish
last-modified: Fri, 04 Dec 2020 00:21:46 GMT
age: 12790
etag: "cbc512946c8abb461c6215ed5b454e5f+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-encoding: gzip
cache-control: no-cache
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 1957
x-timer: S1623036764.391797,VS0,VE0
x-served-by: cache-fra19170-FRA

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 4 KB
2 KB 31ms
6ms Script
application/x-javascript 2a02:26f0:6c00:2b0::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KC95766
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2b0::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 03:32:44 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Jan 2021 22:14:03 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=12013
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1855

GET
H2 200 hotjar-2053093.js Show response
static.hotjar.com/c/ 7 KB
3 KB 143ms
74ms Script
application/javascript 52.85.170.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2053093.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KC95766

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.85.170.51 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-85-170-51.bud50.r.cloudfront.net

Software

Resource Hash

59a52d56e2e1e559b000518213ed14138c1e065d28e766f844be1f0c8ade608a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
x-amz-cf-pop: BUD50-C1
etag: W/b3e65d078cdee988e984a4549085ee81
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-id: kKAhO3okRlY94zH9NHOcpx1gQpGgGx35lcYFuanB5aC36VLX0a1O9g==
via: 1.1 5a8c07b858d219acd503ad0cde74e54b.cloudfront.net (CloudFront)

GET
H2 200 page.js Show response
static.addtoany.com/menu/ 84 KB
27 KB 60ms
32ms Script
application/javascript 2606:4700:10::ac43:2794
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:2794 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f909a31bfd7a13b9dd53e98b5652f13f4782fdfd1653dc4befade7386c087371

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 03:32:44 GMT
via: e1s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 161405
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a8620b8b200002b890a0cd000000001
last-modified: Fri, 14 May 2021 06:41:59 GMT
server: cloudflare
etag: W/"14f2c-5c2448a7281f2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=172800
cf-ray: 65b6d0a11fa52b89-FRA
cf-bgj: minify

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 476ms
476ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 487ms
487ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 465ms
465ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 487ms
486ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 475ms
475ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 447ms
446ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 497ms
484ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 465ms
452ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 459ms
447ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 457ms
445ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 497ms
485ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 497ms
485ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 482ms
477ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 450ms
445ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 471ms
466ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 453ms
448ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 457ms
452ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

POST 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0

GET
H2 200 search-ico-black.png
149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/images/ 508 B
656 B 54ms
49ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/images/search-ico-black.png

Requested by

Host: 149520725.v2.pressablecdn.com
URL: https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/style.css?ver=1623036763

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

993b54391ed7524e6f321326d0f7bd2ed8f92bcf4e08bb1efc988ca16546807c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/style.css?ver=1623036763
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
x-ac: 1.hhn _atomic_ams
last-modified: Sun, 13 Dec 2020 07:22:43 GMT
server: nginx
strict-transport-security: max-age=15552000
content-type: image/png
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/themes/intezer-v2/images/search-ico-black.png>; rel="canonical"
content-length: 508
expires: Mon, 14 Jun 2021 03:32:44 GMT

POST 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0

GET
H2 200 star.png
149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/images/ 899 B
1 KB 52ms
50ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/images/star.png

Requested by

Host: 149520725.v2.pressablecdn.com
URL: https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/style.css?ver=1623036763

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

9bea4073ca8eb9ea977081e0eaa614b3be5d03b818469694825e7849bbe1cc28

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/style.css?ver=1623036763
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
x-ac: 1.hhn _atomic_ams
last-modified: Thu, 25 Feb 2021 11:18:03 GMT
server: nginx
strict-transport-security: max-age=15552000
content-type: image/png
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/themes/intezer-v2/images/star.png>; rel="canonical"
content-length: 899
expires: Mon, 14 Jun 2021 03:32:44 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v20/ 14 KB
14 KB 31ms
6ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v20/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.intezer.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 01 Jun 2021 08:33:12 GMT
x-content-type-options: nosniff
last-modified: Tue, 18 May 2021 21:21:19 GMT
server: sffe
age: 500372
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14440
x-xss-protection: 0
expires: Wed, 01 Jun 2022 08:33:12 GMT

GET
H2 200 fontawesome-webfont.woff2
149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/fonts/ 75 KB
76 KB 89ms
29ms Font
application/font-woff2 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: 149520725.v2.pressablecdn.com
URL: https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/css/font-awesome.min.css?ver=8cd8feb99bae61375da2ecb5e8330829

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Origin: https://www.intezer.com
Referer: https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/css/font-awesome.min.css?ver=8cd8feb99bae61375da2ecb5e8330829
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
x-ac: 2.hhn _atomic_ams
last-modified: Sun, 13 Dec 2020 07:21:24 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/themes/intezer-v2/fonts/fontawesome-webfont.woff2>; rel="canonical"
content-length: 77160
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 museo-500-webfont.woff
149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/fonts/ 55 KB
55 KB 89ms
29ms Font
application/font-woff 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/fonts/museo-500-webfont.woff

Requested by

Host: 149520725.v2.pressablecdn.com
URL: https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/style.css?ver=1623036763

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

c6c82452d4595c717df8f740c6f9ff4e6ae5bc1bb9f716584b27f457f18a1d04

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Origin: https://www.intezer.com
Referer: https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/style.css?ver=1623036763
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
x-ac: 2.hhn _atomic_ams
last-modified: Sun, 13 Dec 2020 07:21:23 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/themes/intezer-v2/fonts/museo-500-webfont.woff>; rel="canonical"
content-length: 56060
expires: Mon, 14 Jun 2021 03:32:44 GMT

POST 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0

GET
H2 200 museo-700-webfont.woff
149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/fonts/ 52 KB
52 KB 36ms
29ms Font
application/font-woff 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/fonts/museo-700-webfont.woff

Requested by

Host: 149520725.v2.pressablecdn.com
URL: https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/style.css?ver=1623036763

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

6bebe6bf7abf43624ab1ed62cabc6a1e1d9d5f1cea38042e516439b5391c1621

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Origin: https://www.intezer.com
Referer: https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/style.css?ver=1623036763
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
x-ac: 2.hhn _atomic_ams
last-modified: Sun, 13 Dec 2020 07:21:20 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/themes/intezer-v2/fonts/museo-700-webfont.woff>; rel="canonical"
content-length: 53376
expires: Mon, 14 Jun 2021 03:32:44 GMT

GET
H2 200 museo-300-webfont.woff
149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/fonts/ 54 KB
54 KB 35ms
29ms Font
application/font-woff 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/fonts/museo-300-webfont.woff

Requested by

Host: 149520725.v2.pressablecdn.com
URL: https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/style.css?ver=1623036763

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

c38df4a2300e1acd22e8547908f1c0815e4232522aed59fd2d45942480b56f4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Origin: https://www.intezer.com
Referer: https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/style.css?ver=1623036763
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
x-ac: 1.hhn _atomic_ams
last-modified: Sun, 13 Dec 2020 07:21:22 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/themes/intezer-v2/fonts/museo-300-webfont.woff>; rel="canonical"
content-length: 55444
expires: Mon, 14 Jun 2021 03:32:44 GMT

POST 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/CdDdhZfPbLLrfYLBdThNS0-Y/ 341 KB
134 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/CdDdhZfPbLLrfYLBdThNS0-Y/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LewXc8UAAAAADEYz8dYpHTk55uH2MjKqbyc1sXD&ver=3.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

734160057d9682a89035825f63793cd0f945523efa3f8d33b8bef89bd7bdef5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.intezer.com
Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:39:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21190
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 136836
x-xss-protection: 0
last-modified: Fri, 04 Jun 2021 04:42:35 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 06 Jun 2022 21:39:34 GMT

GET
H/1.1 200
OK track.js Show response
secure.gaug.es/ 4 KB
4 KB 471ms
118ms Script
application/javascript 3.220.127.53
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.gaug.es/track.js
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.220.127.53 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-220-127-53.compute-1.amazonaws.com
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: df2698e6cf74ed890afa92da10051f880df2ce0b3257b73c5d9ae2f6bea82d3c

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 03:32:45 GMT
Last-Modified: Thu, 07 Jan 2021 06:45:05 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "5ff6adf1-ef5"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3829

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/842858921/ 2 KB
1 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/842858921/?random=1623036764634&cv=9&fst=1623036764634&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fkaiji-new-chinese-linux-malware-turning-to-golang%2F&tiba=Intezer%20-%20New%20Chinese%20Linux%20malware%20turning%20to%20Golang&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

101b5363d0c78d7ee3cfe6f75fa8533c5aca74232bf048ecc2859c2736f85958

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1053
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0

GET
H2 200 g.gif
pixel.wp.com/ 50 B
92 B 28ms
27ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A9.8&blog=186808338&post=8788&tz=0&srv=www.intezer.com&host=www.intezer.com&ref=&fcp=0&rand=0.42556530529182934
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 03:32:44 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H3-29 200 128260767783916 Show response
connect.facebook.net/signals/config/ 254 KB
72 KB 88ms
74ms Script
application/x-javascript 2a03:2880:f045:10:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/128260767783916?v=2.9.40&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

50256cfce97d89e5028589f385b76f7e1ba5af3f5a5a8b85b50ea7a0984208ce

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-fb-rlafr: 0
pragma: public
x-fb-debug: 02Zlats8P6er7lFASavZI1wxrdgmXm2o7HYZoVmrgCzValiueDn1kwStaQGPiZkLU46P5qddai04zhi+g504kQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 07 Jun 2021 03:32:44 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1327356&time=1623036764662&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fkaiji-new-chinese-linux-malware-turning-to-golang%2F
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1327356%26time%3D1623036764662%26url%3Dhttps%253A%252F%252Fwww.intezer.com%252Fbl...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1327356&time=1623036764662&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fkaiji-new-chinese-linux-malware-turning-to-golang%2F&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1327356&time=1623036764662&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fkaiji-new-chinese-linux-malware-turning-to-golang%2F&liSync=true...

0
156 B

366ms
133ms

Image
application/javascript

108.174.10.14
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1327356&time=1623036764662&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fkaiji-new-chinese-linux-malware-turning-to-golang%2F&liSync=true&e_ipv6=AQLSTJNrg0yvAQAAAXnkh6Qq-JnlWMtxghqfjDoc6TGIqXy0Ni9W33vI2Ak5-dpAbII5OCS0
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-10-14.fwd.linkedin.com
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 03:32:45 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-proto: http/2
x-li-pop: prod-lva1
content-type: application/javascript
content-length: 0
x-li-uuid: LLMJzVYvhhbQZpr4LSsAAA==

Redirect headers

date: Mon, 07 Jun 2021 03:32:45 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1327356&time=1623036764662&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fkaiji-new-chinese-linux-malware-turning-to-golang%2F&liSync=true&e_ipv6=AQLSTJNrg0yvAQAAAXnkh6Qq-JnlWMtxghqfjDoc6TGIqXy0Ni9W33vI2Ak5-dpAbII5OCS0
x-li-proto: http/2
x-li-pop: prod-edc2
content-length: 0
x-li-uuid: KHv1t1Yvhhbg/w4PqCsAAA==

POST 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 13ms
13ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=457059645&t=pageview&_s=1&dl=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fkaiji-new-chinese-linux-malware-turning-to-golang%2F&ul=en-us&de=UTF-8&dt=Intezer%20-%20New%20Chinese%20Linux%20malware%20turning%20to%20Golang&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEADQAAAAC~&jid=427267321&gjid=798640219&cid=1965778559.1623036765&tid=UA-97741055-1&_gid=1890616908.1623036765&_r=1&gtm=2wg621KC95766&z=1546879852

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 03:32:44 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.intezer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 js Show response
www.google-analytics.com/gtm/ 90 KB
36 KB 30ms
29ms Script
application/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=OPT-PMZPF7T&t=gtm5&cid=1965778559.1623036765

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1912517df4c9905bfa968af73e0e640b1ec8159d947bd72c6039ab8b3cb7e5e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36378
x-xss-protection: 0
last-modified: Mon, 07 Jun 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 07 Jun 2021 03:32:44 GMT

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 439ms
137ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

GET
H2 200 linux-pop.png
149520725.v2.pressablecdn.com/wp-content/uploads/2021/02/ 3 KB
3 KB 41ms
38ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2021/02/linux-pop.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

969f9c1b72eaa268385c8f1ddf02b07ef971d0e2d4d83921014531a4b9a75969

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: EXPIRED hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
x-ac: 1.hhn _atomic_ams
last-modified: Sun, 28 Feb 2021 09:49:49 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2021/02/linux-pop.png>; rel="canonical"
content-length: 3146
expires: Mon, 14 Jun 2021 03:32:44 GMT

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 428ms
127ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

GET
H2 200 kubernetes-pop.png
149520725.v2.pressablecdn.com/wp-content/uploads/2021/02/ 5 KB
5 KB 41ms
39ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2021/02/kubernetes-pop.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

ef7d760ee20a28f1e59bdd228bb10705687f5397d3c98d108a7f8c1247b9ad18

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: EXPIRED hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
x-ac: 1.hhn _atomic_ams
last-modified: Sun, 28 Feb 2021 09:49:48 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2021/02/kubernetes-pop.png>; rel="canonical"
content-length: 4895
expires: Mon, 14 Jun 2021 03:32:44 GMT

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 429ms
129ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

GET
H2 200 containers-pop.jpg
149520725.v2.pressablecdn.com/wp-content/uploads/2021/02/ 3 KB
3 KB 29ms
27ms Image
image/jpeg 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2021/02/containers-pop.jpg

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

3167a1a4cda80b0f7258edfddb30c6030036358d9b424a71ba473eaa54685f89

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
x-ac: 2.hhn _atomic_ams
last-modified: Sun, 28 Feb 2021 09:49:46 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2021/02/containers-pop.jpg>; rel="canonical"
content-length: 2659
expires: Mon, 14 Jun 2021 03:32:44 GMT

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 430ms
130ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

GET
H2 200 aws-pop.png
149520725.v2.pressablecdn.com/wp-content/uploads/2021/02/ 3 KB
3 KB 43ms
42ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2021/02/aws-pop.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

9026b5846e1d90ce06c0fc69530a30275a1e4e0161e8a72dac9bc2f647d9d1a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: EXPIRED hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
x-ac: 1.hhn _atomic_ams
last-modified: Sun, 28 Feb 2021 09:49:41 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2021/02/aws-pop.png>; rel="canonical"
content-length: 2986
expires: Mon, 14 Jun 2021 03:32:44 GMT

POST 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0

GET
H2 200 google-pop.png
149520725.v2.pressablecdn.com/wp-content/uploads/2021/02/ 3 KB
3 KB 42ms
41ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2021/02/google-pop.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

65ab45f57a63994e78a6cc0186a9b3a42132e97dfe8b1d29d67b0bec86948a8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: EXPIRED hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
x-ac: 2.hhn _atomic_ams
last-modified: Sun, 28 Feb 2021 09:49:47 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2021/02/google-pop.png>; rel="canonical"
content-length: 2714
expires: Mon, 14 Jun 2021 03:32:44 GMT

POST 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0

GET
H2 200 azure-pop.png
149520725.v2.pressablecdn.com/wp-content/uploads/2021/02/ 2 KB
2 KB 28ms
28ms Image
image/png 192.0.77.39
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://149520725.v2.pressablecdn.com/wp-content/uploads/2021/02/azure-pop.png

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.39 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

504d394f183d7c0a768d4604a848894965810382dc6d61f6dded6f09c524ab99

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 07 Jun 2021 03:32:44 GMT
x-ac: 1.hhn _atomic_ams
last-modified: Sun, 28 Feb 2021 09:49:44 GMT
server: nginx
strict-transport-security: max-age=15552000
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
link: <http://www.intezer.com/wp-content/uploads/2021/02/azure-pop.png>; rel="canonical"
content-length: 2361
expires: Mon, 14 Jun 2021 03:32:44 GMT

POST 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0

GET
DATA 200
OK truncated
/ 34 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 81 KB
20 KB 34ms
13ms Script
application/javascript 2606:4700::6811:eccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.usemessages.com/conversations-embed.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/5492986.js?integration=WordPress
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:eccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5cd92ecc87b6f2ed90dd548ba471c8f99507c8118633e3bdbcb5982429c70cc7

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 03:32:44 GMT
via: 1.1 316ff1e97338bc9bbb335af58b00d0ab.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 349
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=conversations-embed/static-1.8903/bundles/project.js&cfRay=65b6c81a8a034a85-EWR
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 0a8620ba4700004a9200a11000000001
last-modified: Wed, 02 Jun 2021 03:45:52 UTC
server: cloudflare
etag: W/"8b232ba8752127aefe4a51935b608ee4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: Ts6q1w2ggAjJnDkBbAYAbN.1NTlh0g.7
cache-control: max-age=600
x-hs-cache-status: EXPIRED
x-amz-cf-pop: IAD66-C2
cf-ray: 65b6d0a3ac2b4a92-FRA
x-amz-cf-id: huLluMokjYpH9EurxW63iNFm1kOAQxV1Y-oJNM9kuH4CJ5KbaNxhqg==
x-hs-target-asset: conversations-embed/static-1.8903/bundles/project.js

GET
H2 200 5492986.js Show response
js.hs-analytics.net/analytics/1623036600000/ 62 KB
19 KB 173ms
153ms Script
text/javascript 2606:4700::6811:44b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1623036600000/5492986.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/5492986.js?integration=WordPress
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:44b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 95f6a0b5a067ad164c47e799f8cc9b10b43eb6ebcbf0da2ec1672491f21e9f33

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: 8K07HHBS1VC2YK0C
x-amz-server-side-encryption: AES256
cf-ray: 65b6d0a3af0a0746-FRA
x-amz-id-2: TTpw5JFUfV18eLd2C3r8LvrTVq4GjMUR+B5KB1WM9QhHUIDGe3LJXPVtebv9VjVJm3xW1n1Lp88=
last-modified: Wed, 12 May 2021 19:56:11 GMT
server: cloudflare
etag: W/"7ccaef261412f82992a4871a07757bfa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: max-age=300, public
access-control-allow-credentials: false
cf-request-id: 0a8620ba4700000746b8a90000000001
content-type: text/javascript
expires: Mon, 07 Jun 2021 03:37:44 GMT

GET
H2 200 5492986.js Show response
js.hs-banner.com/ 61 KB
15 KB 479ms
463ms Script
text/javascript 2606:4700::6812:14bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/5492986.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/5492986.js?integration=WordPress
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:14bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 97763070290ffc306f05f7534349402de64375ab6dbd182513c0a195b8e9d4a3

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 03:32:45 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: Y1XDEJTK84VFJ39R
x-amz-server-side-encryption: AES256
content-type: text/javascript; charset=UTF-8
access-control-max-age: 604800
x-amz-id-2: /F5jaAWdtq6+0NXnp7QWeXAH4dM0T07Y7NXZXlboDRGxweLjv8HJjgYG9q2QP0yZJ1bE6o4lepE=
timing-allow-origin: *
last-modified: Thu, 27 May 2021 17:20:18 GMT
server: cloudflare
etag: W/"4e07fb9fc737f1c9d7ebfcfbe3a38a67"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id: D8GB1o.pELN5JIUQQCuhd8YGiXdBUC7d
access-control-allow-origin: https://www.intezer.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
cf-request-id: 0a8620ba47000032501883a000000001
cf-ray: 65b6d0a39df23250-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Mon, 07 Jun 2021 03:37:45 GMT

GET
H3-29 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/725468766/ 2 KB
1 KB 34ms
19ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/725468766/?random=1623036764726&cv=9&fst=1623036764726&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg621&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fkaiji-new-chinese-linux-malware-turning-to-golang%2F&tiba=Intezer%20-%20New%20Chinese%20Linux%20malware%20turning%20to%20Golang&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f11a7785433cc752677f67bf0787fc92a016405e04470cceafc1f8c37f448d87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1070
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 444ms
144ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
434 B 41ms
14ms XHR
text/plain 2a00:1450:400c:c04::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-97741055-1&cid=1965778559.1623036765&jid=427267321&gjid=798640219&_gid=1890616908.1623036765&_u=YEBAAEACQAAAAC~&z=1363058127

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c04::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 07 Jun 2021 03:32:44 GMT
content-type: text/plain
access-control-allow-origin: https://www.intezer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 icons.29.svg.js Show response
static.addtoany.com/menu/svg/ 78 KB
33 KB 38ms
28ms Script
application/javascript 2606:4700:10::ac43:2794
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons.29.svg.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::ac43:2794 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 03:32:44 GMT
via: e1s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6590211
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a8620ba5200004e6ddcaf9000000001
last-modified: Mon, 31 Dec 2018 23:29:11 GMT
server: cloudflare
etag: W/"13937-57e59c7b88bd6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=315360000, immutable
cf-ray: 65b6d0a3bad54e6d-FRA
cf-bgj: minify

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 776ms
475ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

GET
H2 200 adsct
t.co/i/ 43 B
455 B 204ms
142ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=nzi1c&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fkaiji-new-chinese-linux-malware-turning-to-golang%2F

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Mon, 07 Jun 2021 03:32:44 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: d19ce91924205c567429d4cc58693e37c5f884a8bbec3454e48a50813c50156f
x-transaction: 3f04da32b6fe4629
expires: Tue, 31 Mar 1981 05:00:00 GMT

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 435ms
134ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

GET
H2 200 adsct
t.co/i/ 43 B
118 B 209ms
148ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=nzh93&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fkaiji-new-chinese-linux-malware-turning-to-golang%2F

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 03:32:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Mon, 07 Jun 2021 03:32:44 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: d19ce91924205c567429d4cc58693e37c5f884a8bbec3454e48a50813c50156f
x-transaction: 842e1cddbcbe1d1d
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 modules.734bd4b678d25642f35b.js Show response
script.hotjar.com/ 219 KB
58 KB 90ms
33ms Script
application/javascript 52.85.170.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.734bd4b678d25642f35b.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2053093.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.85.170.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-85-170-122.bud50.r.cloudfront.net

Software

Resource Hash

97d7a6a99d78ef625f666a5eadb2ebc807a035af276abf045f87050e1be2761d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 03 Jun 2021 10:15:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 321459
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 58989
access-control-allow-origin: *
last-modified: Thu, 03 Jun 2021 10:14:54 GMT
etag: "7b5811df19fd9039ed7e0c4af36daa03"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 40b77149d6ba01da8c2f52c235bceed0.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: BUD50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: hzYye466u9Fjx0sNMIa-w_DvvoJs4kKsUEL_qkr74JPGVmFRfxqtEg==

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 431ms
130ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2053093.js?sv=7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

GET
H3-29 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 1D79 38 KB
19 KB 40ms
26ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LewXc8UAAAAADEYz8dYpHTk55uH2MjKqbyc1sXD&co=aHR0cHM6Ly93d3cuaW50ZXplci5jb206NDQz&hl=en&v=CdDdhZfPbLLrfYLBdThNS0-Y&size=invisible&cb=7vwyrt3to004

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/CdDdhZfPbLLrfYLBdThNS0-Y/recaptcha__en.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

771cd20f126a080a69152860df93ce92e3d496576ac5542ce7211571c6990e05

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-QzibOKMadiMlfyo+UPv6+w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LewXc8UAAAAADEYz8dYpHTk55uH2MjKqbyc1sXD&co=aHR0cHM6Ly93d3cuaW50ZXplci5jb206NDQz&hl=en&v=CdDdhZfPbLLrfYLBdThNS0-Y&size=invisible&cb=7vwyrt3to004
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.intezer.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.intezer.com/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 07 Jun 2021 03:32:44 GMT
content-security-policy: script-src 'report-sample' 'nonce-QzibOKMadiMlfyo+UPv6+w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 19281
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 445ms
144ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/842858921/ 42 B
64 B 33ms
20ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/842858921/?random=1623036764634&cv=9&fst=1623034800000&num=1&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fkaiji-new-chinese-linux-malware-turning-to-golang%2F&tiba=Intezer%20-%20New%20Chinese%20Linux%20malware%20turning%20to%20Golang&fmt=3&is_vtc=1&random=660033792&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 03:32:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 756ms
455ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

GET
H2 200 /
www.google.de/pagead/1p-user-list/842858921/ 42 B
108 B 18ms
18ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/842858921/?random=1623036764634&cv=9&fst=1623034800000&num=1&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fkaiji-new-chinese-linux-malware-turning-to-golang%2F&tiba=Intezer%20-%20New%20Chinese%20Linux%20malware%20turning%20to%20Golang&fmt=3&is_vtc=1&random=660033792&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 03:32:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 426ms
125ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

GET
H3-29 200 ga-audiences
www.google.com/ads/ 42 B
63 B 24ms
17ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-97741055-1&cid=1965778559.1623036765&jid=427267321&_u=YEBAAEACQAAAAC~&z=1518651208

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 03:32:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 764ms
464ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 17ms
17ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-97741055-1&cid=1965778559.1623036765&jid=427267321&_u=YEBAAEACQAAAAC~&z=1518651208

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 03:32:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame 7D54 2 KB
1 KB 84ms
27ms Document
text/html 52.85.170.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2053093.js?sv=7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.170.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-170-33.bud50.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.intezer.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.intezer.com/

Response headers

content-type: text/html
content-length: 1044
date: Thu, 03 Jun 2021 10:15:05 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 03 Jun 2021 10:14:54 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c95660782748949d053eb3a230829213.cloudfront.net (CloudFront)
x-amz-cf-pop: BUD50-C1
x-amz-cf-id: 4oPwLapcbebeSkj_-9op2cf4dOSlDSEBGhyfnjgTmEelehCF7n3Qjw==
age: 321459

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 437ms
136ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

POST
H3-29 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 51ms
14ms XHR
text/plain 2a00:1450:400c:c04::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-97741055-8&cid=1965778559.1623036765&jid=337416857&gjid=1945133505&_gid=1890616908.1623036765&_u=aGDAgEADQAAAAG~&z=910846627

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c04::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 07 Jun 2021 03:32:44 GMT
content-type: text/plain
access-control-allow-origin: https://www.intezer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 446ms
144ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
5ms Image
image/gif 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j90&a=457059645&t=pageview&_s=1&dl=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fkaiji-new-chinese-linux-malware-turning-to-golang%2F&ul=en-us&de=UTF-8&dt=Intezer%20-%20New%20Chinese%20Linux%20malware%20turning%20to%20Golang&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAgEADQAAAAC~&jid=337416857&gjid=1945133505&cid=1965778559.1623036765&tid=UA-97741055-8&_gid=1890616908.1623036765&gtm=2wg621KC95766&z=637865620

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Jun 2021 21:05:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 23206
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 441ms
141ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/725468766/ 42 B
64 B 19ms
19ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/725468766/?random=1623036764726&cv=9&fst=1623034800000&num=1&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg621&sendb=1&frm=0&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fkaiji-new-chinese-linux-malware-turning-to-golang%2F&tiba=Intezer%20-%20New%20Chinese%20Linux%20malware%20turning%20to%20Golang&async=1&fmt=3&is_vtc=1&random=2177939193&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 03:32:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 446ms
146ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

GET
H3-29 200 /
www.google.de/pagead/1p-user-list/725468766/ 42 B
64 B 35ms
20ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/725468766/?random=1623036764726&cv=9&fst=1623034800000&num=1&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg621&sendb=1&frm=0&url=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fkaiji-new-chinese-linux-malware-turning-to-golang%2F&tiba=Intezer%20-%20New%20Chinese%20Linux%20malware%20turning%20to%20Golang&async=1&fmt=3&is_vtc=1&random=2177939193&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 03:32:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 752ms
452ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 791ms
491ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

GET
H3-29 200 public Show response
api.hubspot.com/livechat-public/v1/message/ 322 B
1 KB 140ms
131ms XHR
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubspot.com/livechat-public/v1/message/public?portalId=5492986&conversations-embed=static-1.8903&mobile=false&messagesUtk=8db54b02ca514a029d0b7205ffa34def&traceId=8db54b02ca514a029d0b7205ffa34def

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b71548d2537431e416db90a18717075286bc86b2d59da72345956d281ef0adb9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

X-HubSpot-Messages-Uri: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.intezer.com/

Response headers

date: Mon, 07 Jun 2021 03:32:45 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 4141cd60-efce-4c51-b1a3-64f38213991b
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 249
cf-request-id: 0a8620bb4600004a9ebd270000000001
server: cloudflare
x-trace: 2BB7E5A979DF91CDC2B0F5E43E23BDA9129824C0A5000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=oXnSdiuN3j6uwdkytNVtEebMZZnb02zqFtowXMlRzpvkkb7uKVk%2B9bK%2FAUR18mVWUAvqOmom6SHzS394CEfL9Ti7Y3Hbr%2B%2FmSPFiQ85PL6NFU0qxmT5o3JSUHJsZ2cse9755JwU6%2BaA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.intezer.com
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
cf-ray: 65b6d0a53aa24a9e-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

OPTIONS
H2 200 public
api.hubspot.com/livechat-public/v1/message/ Frame 0
0 142ms
127ms Preflight
text/plain 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-hubspot-messages-uri
Origin: https://www.intezer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 07 Jun 2021 03:32:44 GMT
content-type: text/plain; charset=utf-8
content-length: 18
cf-ray: 65b6d0a46b772b7d-FRA
access-control-allow-origin: https://www.intezer.com
allow: HEAD,GET,OPTIONS
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: DYNAMIC
access-control-allow-credentials: false
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
cf-request-id: 0a8620bac000002b7ddf213000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-hubspot-correlation-id: 05b60ed0-f237-4681-b4ef-b8eb0a6fab6a
x-trace: 2B0677E6A72462B9E729696404CA0A5996FE2F5AA6000000000000000000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=LVtcUmFClxSPv47dV4IgKuHSx%2BqD8a0thPae7npTrwebTKWb2a6Zk%2FvNDeaTgKDjPYCx0bgZufruXMmlCRXzPhOIQbW0h%2FY1eS330ByMUULMlNcq8U9pOaqU02nIYsmT6%2Fs%2BtLCLzdA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/CdDdhZfPbLLrfYLBdThNS0-Y/ Frame 1D79 52 KB
25 KB 19ms
6ms Stylesheet
text/css 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/CdDdhZfPbLLrfYLBdThNS0-Y/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LewXc8UAAAAADEYz8dYpHTk55uH2MjKqbyc1sXD&co=aHR0cHM6Ly93d3cuaW50ZXplci5jb206NDQz&hl=en&v=CdDdhZfPbLLrfYLBdThNS0-Y&size=invisible&cb=7vwyrt3to004

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 04 Jun 2021 06:09:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 249786
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25732
x-xss-protection: 0
last-modified: Fri, 04 Jun 2021 04:42:35 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 04 Jun 2022 06:09:38 GMT

GET
H3-29 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/CdDdhZfPbLLrfYLBdThNS0-Y/ Frame 1D79 341 KB
134 KB 22ms
9ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/CdDdhZfPbLLrfYLBdThNS0-Y/recaptcha__en.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

734160057d9682a89035825f63793cd0f945523efa3f8d33b8bef89bd7bdef5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:39:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21190
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 136836
x-xss-protection: 0
last-modified: Fri, 04 Jun 2021 04:42:35 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 06 Jun 2022 21:39:34 GMT

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 436ms
135ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

GET
H3-29 200 ga-audiences
www.google.com/ads/ 42 B
63 B 17ms
16ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-97741055-8&cid=1965778559.1623036765&jid=337416857&_u=aGDAgEADQAAAAG~&z=2055530366

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 03:32:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 770ms
469ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

GET
H3-29 200 ga-audiences
www.google.de/ads/ 42 B
63 B 17ms
16ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-97741055-8&cid=1965778559.1623036765&jid=337416857&_u=aGDAgEADQAAAAG~&z=2055530366

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 03:32:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 1D79 2 KB
2 KB 6ms
6ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/CdDdhZfPbLLrfYLBdThNS0-Y/styles__ltr.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gstatic.com/recaptcha/releases/CdDdhZfPbLLrfYLBdThNS0-Y/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 01 Jun 2021 15:46:15 GMT
x-content-type-options: nosniff
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
age: 474389
content-type: image/png
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
expires: Tue, 08 Jun 2021 15:46:15 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 1D79 15 KB
15 KB 20ms
6ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.google.com
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 01 Jun 2021 05:13:25 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
age: 512359
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
expires: Wed, 01 Jun 2022 05:13:25 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 1D79 15 KB
15 KB 21ms
7ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.google.com
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 02 Jun 2021 03:28:58 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
age: 432226
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15552
x-xss-protection: 0
expires: Thu, 02 Jun 2022 03:28:58 GMT

GET
H3-29 200 webworker.js
www.google.com/recaptcha/api2/ Frame 1D79 102 B
132 B 15ms
15ms Other
text/javascript 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=CdDdhZfPbLLrfYLBdThNS0-Y

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

5a1b737b86a66360a825df3c28f91ca2140a49954967a4f56cc3d90502e24897

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LewXc8UAAAAADEYz8dYpHTk55uH2MjKqbyc1sXD&co=aHR0cHM6Ly93d3cuaW50ZXplci5jb206NDQz&hl=en&v=CdDdhZfPbLLrfYLBdThNS0-Y&size=invisible&cb=7vwyrt3to004
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 03:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Mon, 07 Jun 2021 03:32:45 GMT

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 430ms
129ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

GET
H/1.1 200
OK track.gif
secure.gaug.es/ 35 B
389 B 125ms
125ms Image
image/gif 3.220.127.53
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.gaug.es/track.gif?h[site_id]=5fd5ade352684d3c97554910&h[resource]=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fkaiji-new-chinese-linux-malware-turning-to-golang%2F&h[referrer]=&h[title]=Intezer%20-%20New%20Chinese%20Linux%20malware%20turning%20to%20Golang&h[user_agent]=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&h[unique]=1&h[unique_hour]=1&h[unique_day]=1&h[unique_month]=1&h[unique_year]=1&h[screenx]=1600&h[browserx]=1600&h[browsery]=1200&timestamp=1623036765147

Requested by

Host: www.intezer.com
URL: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.220.127.53 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-220-127-53.compute-1.amazonaws.com

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 03:32:45 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 07 Jun 2021 03:32:45 GMT
Server: nginx/1.10.3 (Ubuntu)
Content-Type: image/gif
Cache-Control: no-store, no-cache, must-revalidate, private
Connection: keep-alive
Content-Length: 35
Expires: Sat, 25 Nov 2000 05:00:00 GMT

POST
H3-29 200 reload Show response
www.google.com/recaptcha/api2/ Frame 1D79 28 KB
15 KB 40ms
40ms XHR
application/json 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/reload?k=6LewXc8UAAAAADEYz8dYpHTk55uH2MjKqbyc1sXD

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/CdDdhZfPbLLrfYLBdThNS0-Y/recaptcha__en.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0ee9c550ecb0df980717f3331dc2a2fb027734a0b09c909e9d06e13515d8cac8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LewXc8UAAAAADEYz8dYpHTk55uH2MjKqbyc1sXD&co=aHR0cHM6Ly93d3cuaW50ZXplci5jb206NDQz&hl=en&v=CdDdhZfPbLLrfYLBdThNS0-Y&size=invisible&cb=7vwyrt3to004
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-protobuffer

Response headers

date: Mon, 07 Jun 2021 03:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private, max-age=0
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15726
x-xss-protection: 1; mode=block
expires: Mon, 07 Jun 2021 03:32:45 GMT

GET
H2 200 refill Show response
www.intezer.com/wp-json/contact-form-7/v1/contact-forms/468/ 2 B
3 KB 52ms
52ms Fetch
application/json 199.16.172.82
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.intezer.com/wp-json/contact-form-7/v1/contact-forms/468/refill

Requested by

Host: 149520725.v2.pressablecdn.com
URL: https://149520725.v2.pressablecdn.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.172.82 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .intezer.com; upgrade-insecure-requests; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' data: .google.com .googleapis.com .intezer.com .youtube.com googletagmanager.com .opendns.com .hsappstatic.net twitter.com .cloudflare.com .comeet.co .twitter.com .gaug.es .wp.com .hsleadflows.net .gstatic.com .usemessages.com .hs-banner.com .licdn.com .hs-analytics.net .ads-twitter.com .hs-scripts.com .googleadservices.com .hotjar.com .googletagmanager.com .doubleclick.net .addtoany.com .facebook.net .google-analytics.com .pressablecdn.com; object-src 'self'; frame-src 'self' .hsappstatic.net .usemessages.com .recaptcha.net .intezer.com .hubspot.com .pressablecdn.com .hotjar.com .googletagmanager.com .wp.com .google.com .twitter.com .comeet.com .comeet.co .doubleclick.net .youtube.com; child-src 'self' .intezer.com; base-uri 'self' .intezer.com; form-action 'self' https://.twitter.com/; worker-src 'self' *.intezer.com; report-uri https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=enforce
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

:path: /wp-json/contact-form-7/v1/contact-forms/468/refill
pragma: no-cache
cookie: _gcl_au=1.1.303063617.1623036764; _ga=GA1.2.1965778559.1623036765; _gid=GA1.2.1890616908.1623036765; _gat_UA-97741055-1=1; _dc_gtm_UA-97741055-8=1; _hjTLDTest=1; _hjid=54fba956-e245-4057-bf82-8b81166fd09f; _hjFirstSeen=1; _gauges_cookie=1; _gauges_unique_hour=1; _gauges_unique_day=1; _gauges_unique_month=1; _gauges_unique_year=1; _gauges_unique=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: application/json, */*;q=0.1
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.intezer.com
referer: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, */*;q=0.1
Referer: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nananana: Batcache-Hit
strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: frame-ancestors 'self' https://www.intezer.com/ http://www.intezer.com/; block-all-mixed-content; default-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' data: https://translate.google.com/ https://translate.googleapis.com/ https://www.intezer.com/ http://www.youtube.com/ https://www.youtube.com/ https://googletagmanager.com/ https://*.opendns.com/ https://static.hsappstatic.net/ https://twitter.com/ https://cdnjs.cloudflare.com/ https://optimize.google.com/ https://ajax.googleapis.com/ https://www.comeet.co/ https://platform.twitter.com/ https://secure.gaug.es/ https://*.wp.com/ https://www.google.com/ https://js.hsleadflows.net/ https://www.gstatic.com/ https://js.usemessages.com/ https://js.hs-banner.com/ https://snap.licdn.com/ https://js.hs-analytics.net/ https://static.ads-twitter.com/ https://js.hs-scripts.com/ https://www.googleadservices.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://analytics.twitter.com/ https://www.googletagmanager.com/ https://googleads.g.doubleclick.net/ https://static.addtoany.com/ https://connect.facebook.net/ https://www.google-analytics.com/ https://*.pressablecdn.com/; style-src 'sha256-A36pRlP2FPaVBYPMDmRWdqe3nTLvokMItNMM9+H4iuY=' 'unsafe-inline' 'unsafe-hashes' https://cdn.jsdelivr.net/npm/timepicker@1.13.14/jquery.timepicker.min.css https://translate.googleapis.com/ https://www.comeet.com/ https://static.hsappstatic.net/ https://www.gstatic.com/ https://cdnjs.cloudflare.com/ https://optimize.google.com/ https://*.wp.com/ https://fonts.googleapis.com/ http://fonts.googleapis.com/ https://*.pressablecdn.com/ https://www.intezer.com/ http://www.intezer.com/; object-src 'none'; frame-src https://static.hsappstatic.net/ https://js.usemessages.com/ https://*.recaptcha.net/ https://www.intezer.com/ https://meetings.hubspot.com/ https://*.pressablecdn.com/ https://static.hotjar.com/ https://www.googletagmanager.com/ https://widgets.wp.com/ https://optimize.google.com/ https://syndication.twitter.com/ https://www.comeet.com/ https://www.comeet.co/ https://platform.twitter.com/ https://bid.g.doubleclick.net/ https://www.youtube.com/ https://app.hubspot.com/ https://vars.hotjar.com/ https://www.google.com/; child-src https://www.intezer.com/; img-src 'self'; font-src 'self'; connect-src 'self'; manifest-src 'self'; base-uri https://www.intezer.com/; form-action 'self' https://*.twitter.com/; media-src 'self'; prefetch-src 'self'; worker-src https://www.intezer.com/; report-uri https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
host-header: Pressable
vary: Accept-Encoding Cookie Origin
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
last-modified: Mon, 07 Jun 2021 03:27:59 GMT
server: nginx
date: Mon, 07 Jun 2021 03:32:45 GMT
allow: GET
content-type: application/json; charset=UTF-8
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
cache-control: max-age=14, must-revalidate
content-security-policy: frame-ancestors 'self' *.intezer.com; upgrade-insecure-requests; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' data: *.google.com *.googleapis.com *.intezer.com *.youtube.com googletagmanager.com *.opendns.com *.hsappstatic.net twitter.com *.cloudflare.com *.comeet.co *.twitter.com *.gaug.es *.wp.com *.hsleadflows.net *.gstatic.com *.usemessages.com *.hs-banner.com *.licdn.com *.hs-analytics.net *.ads-twitter.com *.hs-scripts.com *.googleadservices.com *.hotjar.com *.googletagmanager.com *.doubleclick.net *.addtoany.com *.facebook.net *.google-analytics.com *.pressablecdn.com; object-src 'self'; frame-src 'self' *.hsappstatic.net *.usemessages.com *.recaptcha.net *.intezer.com *.hubspot.com *.pressablecdn.com *.hotjar.com *.googletagmanager.com *.wp.com *.google.com *.twitter.com *.comeet.com *.comeet.co *.doubleclick.net *.youtube.com; child-src 'self' *.intezer.com; base-uri 'self' *.intezer.com; form-action 'self' https://*.twitter.com/; worker-src 'self' *.intezer.com; report-uri https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=enforce
x-ac: 1.hhn _atomic_ams
x-robots-tag: noindex
link: <https://www.intezer.com/wp-json/>; rel="https://api.w.org/"

GET
H2 200 refill Show response
www.intezer.com/wp-json/contact-form-7/v1/contact-forms/15120/ 2 B
3 KB 54ms
54ms Fetch
application/json 199.16.172.82
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.intezer.com/wp-json/contact-form-7/v1/contact-forms/15120/refill

Requested by

Host: 149520725.v2.pressablecdn.com
URL: https://149520725.v2.pressablecdn.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.16.172.82 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .intezer.com; upgrade-insecure-requests; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' data: .google.com .googleapis.com .intezer.com .youtube.com googletagmanager.com .opendns.com .hsappstatic.net twitter.com .cloudflare.com .comeet.co .twitter.com .gaug.es .wp.com .hsleadflows.net .gstatic.com .usemessages.com .hs-banner.com .licdn.com .hs-analytics.net .ads-twitter.com .hs-scripts.com .googleadservices.com .hotjar.com .googletagmanager.com .doubleclick.net .addtoany.com .facebook.net .google-analytics.com .pressablecdn.com; object-src 'self'; frame-src 'self' .hsappstatic.net .usemessages.com .recaptcha.net .intezer.com .hubspot.com .pressablecdn.com .hotjar.com .googletagmanager.com .wp.com .google.com .twitter.com .comeet.com .comeet.co .doubleclick.net .youtube.com; child-src 'self' .intezer.com; base-uri 'self' .intezer.com; form-action 'self' https://.twitter.com/; worker-src 'self' *.intezer.com; report-uri https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=enforce
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

:path: /wp-json/contact-form-7/v1/contact-forms/15120/refill
pragma: no-cache
cookie: _gcl_au=1.1.303063617.1623036764; _ga=GA1.2.1965778559.1623036765; _gid=GA1.2.1890616908.1623036765; _gat_UA-97741055-1=1; _dc_gtm_UA-97741055-8=1; _hjTLDTest=1; _hjid=54fba956-e245-4057-bf82-8b81166fd09f; _hjFirstSeen=1; _gauges_cookie=1; _gauges_unique_hour=1; _gauges_unique_day=1; _gauges_unique_month=1; _gauges_unique_year=1; _gauges_unique=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: application/json, */*;q=0.1
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.intezer.com
referer: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, */*;q=0.1
Referer: https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nananana: Batcache-Hit
strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: frame-ancestors 'self' https://www.intezer.com/ http://www.intezer.com/; block-all-mixed-content; default-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' data: https://translate.google.com/ https://translate.googleapis.com/ https://www.intezer.com/ http://www.youtube.com/ https://www.youtube.com/ https://googletagmanager.com/ https://*.opendns.com/ https://static.hsappstatic.net/ https://twitter.com/ https://cdnjs.cloudflare.com/ https://optimize.google.com/ https://ajax.googleapis.com/ https://www.comeet.co/ https://platform.twitter.com/ https://secure.gaug.es/ https://*.wp.com/ https://www.google.com/ https://js.hsleadflows.net/ https://www.gstatic.com/ https://js.usemessages.com/ https://js.hs-banner.com/ https://snap.licdn.com/ https://js.hs-analytics.net/ https://static.ads-twitter.com/ https://js.hs-scripts.com/ https://www.googleadservices.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://analytics.twitter.com/ https://www.googletagmanager.com/ https://googleads.g.doubleclick.net/ https://static.addtoany.com/ https://connect.facebook.net/ https://www.google-analytics.com/ https://*.pressablecdn.com/; style-src 'sha256-A36pRlP2FPaVBYPMDmRWdqe3nTLvokMItNMM9+H4iuY=' 'unsafe-inline' 'unsafe-hashes' https://cdn.jsdelivr.net/npm/timepicker@1.13.14/jquery.timepicker.min.css https://translate.googleapis.com/ https://www.comeet.com/ https://static.hsappstatic.net/ https://www.gstatic.com/ https://cdnjs.cloudflare.com/ https://optimize.google.com/ https://*.wp.com/ https://fonts.googleapis.com/ http://fonts.googleapis.com/ https://*.pressablecdn.com/ https://www.intezer.com/ http://www.intezer.com/; object-src 'none'; frame-src https://static.hsappstatic.net/ https://js.usemessages.com/ https://*.recaptcha.net/ https://www.intezer.com/ https://meetings.hubspot.com/ https://*.pressablecdn.com/ https://static.hotjar.com/ https://www.googletagmanager.com/ https://widgets.wp.com/ https://optimize.google.com/ https://syndication.twitter.com/ https://www.comeet.com/ https://www.comeet.co/ https://platform.twitter.com/ https://bid.g.doubleclick.net/ https://www.youtube.com/ https://app.hubspot.com/ https://vars.hotjar.com/ https://www.google.com/; child-src https://www.intezer.com/; img-src 'self'; font-src 'self'; connect-src 'self'; manifest-src 'self'; base-uri https://www.intezer.com/; form-action 'self' https://*.twitter.com/; media-src 'self'; prefetch-src 'self'; worker-src https://www.intezer.com/; report-uri https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
host-header: Pressable
vary: Accept-Encoding Cookie Origin
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
last-modified: Mon, 07 Jun 2021 03:29:20 GMT
server: nginx
date: Mon, 07 Jun 2021 03:32:45 GMT
allow: GET
content-type: application/json; charset=UTF-8
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
cache-control: max-age=95, must-revalidate
content-security-policy: frame-ancestors 'self' *.intezer.com; upgrade-insecure-requests; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' data: *.google.com *.googleapis.com *.intezer.com *.youtube.com googletagmanager.com *.opendns.com *.hsappstatic.net twitter.com *.cloudflare.com *.comeet.co *.twitter.com *.gaug.es *.wp.com *.hsleadflows.net *.gstatic.com *.usemessages.com *.hs-banner.com *.licdn.com *.hs-analytics.net *.ads-twitter.com *.hs-scripts.com *.googleadservices.com *.hotjar.com *.googletagmanager.com *.doubleclick.net *.addtoany.com *.facebook.net *.google-analytics.com *.pressablecdn.com; object-src 'self'; frame-src 'self' *.hsappstatic.net *.usemessages.com *.recaptcha.net *.intezer.com *.hubspot.com *.pressablecdn.com *.hotjar.com *.googletagmanager.com *.wp.com *.google.com *.twitter.com *.comeet.com *.comeet.co *.doubleclick.net *.youtube.com; child-src 'self' *.intezer.com; base-uri 'self' *.intezer.com; form-action 'self' https://*.twitter.com/; worker-src 'self' *.intezer.com; report-uri https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=enforce
x-ac: 1.hhn _atomic_ams
x-robots-tag: noindex
link: <https://www.intezer.com/wp-json/>; rel="https://api.w.org/"

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
659 B 210ms
144ms Script
application/javascript 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=nzi1c&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fkaiji-new-chinese-linux-malware-turning-to-golang%2F

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 03:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
pragma: no-cache
last-modified: Mon, 07 Jun 2021 03:32:45 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 544a90319773a65534765f2add36fa180a8ceaf31683010bb66ab79f18c630e9
x-transaction: ec3512baa5dc1e8f
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
234 B 213ms
147ms Script
application/javascript 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=nzh93&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fkaiji-new-chinese-linux-malware-turning-to-golang%2F

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 03:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
pragma: no-cache
last-modified: Mon, 07 Jun 2021 03:32:45 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 544a90319773a65534765f2add36fa180a8ceaf31683010bb66ab79f18c630e9
x-transaction: a396fd2d6c89b713
expires: Tue, 31 Mar 1981 05:00:00 GMT

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 444ms
143ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
820 B 99ms
41ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=5492986&ct=blog-post&rcu=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fkaiji-new-chinese-linux-malware-turning-to-golang%2F&pu=https%3A%2F%2Fwww.intezer.com%2Fblog%2Fresearch%2Fkaiji-new-chinese-linux-malware-turning-to-golang%2F&t=Intezer+-+New+Chinese+Linux+malware+turning+to+Golang&cts=1623036765650&vi=bc6e000b11e13390f32bbcfcf5e3da30&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 03:32:45 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: b6bed151-1343-4764-b7f3-fd5ded2fa637
cf-ray: 65b6d0a9a9112488-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45
cf-request-id: 0a8620be0c00002488430cb000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=gAugNOA4RP5VZUEdFawU5Rk%2F98MO3X7RtEsT4e8mfEGeUDYJIAqIkZ0WNwsl5X%2F3RpgsmznkNxax9wp7FseZMPIkeXDWIs5IR5E8FEUgyLKP4EpIAgV7%2BYsaU6HSjg0xcBnupNopfN4NPA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

POST
H2 200 3
gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/ 0
0 424ms
124ms Other
application/json 2606:4700:e2::ac40:8822
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report
Requested by: Host: js.hs-banner.com
URL: https://js.hs-banner.com/5492986.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8822 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intezer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Domain: gate.rapidsec.net
URL: https://gate.rapidsec.net/g/r/csp/5cd5f496-b9ef-4d2c-8055-977171c1fd61/0/23/3?sct=db605a4e-74e2-43e0-8aac-ec72eefcbad3&dpos=report

Verdicts & Comments Add Verdict or Comment

170 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

19 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.intezer.com/	1970-01-19 18:50:38	Name: __hssc Value: 193884914.1.1623036765648
.intezer.com/	1970-01-20 04:12:12	Name: hubspotutk Value: bc6e000b11e13390f32bbcfcf5e3da30
.intezer.com/	1970-01-20 04:12:12	Name: __hstc Value: 193884914.bc6e000b11e13390f32bbcfcf5e3da30.1623036765648.1623036765648.1623036765648.1
www.intezer.com/	1970-01-20 03:36:12	Name: _gauges_unique Value: 1
www.intezer.com/	1970-01-20 03:36:12	Name: _gauges_unique_year Value: 1
www.intezer.com/	1970-01-19 19:35:15	Name: _gauges_unique_month Value: 1
.intezer.com/	1970-01-19 18:50:38	Name: _hjFirstSeen Value: 1
www.intezer.com/	1970-01-19 18:52:03	Name: _gauges_unique_day Value: 1
www.intezer.com/	1970-01-19 18:50:36	Name: _gauges_cookie Value: 1
.google.com/recaptcha	1970-01-19 23:09:48	Name: _GRECAPTCHA Value: 09APNhq6IpQZC1BkTwZf6h2rg3HD3PH2g6lWVkjNvsbeQm6U5Pbbjkdwk3eVvg2jNhImmTSJsvStOZ1PU_9sN3WFo
.intezer.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.intezer.com/	1970-01-20 03:36:12	Name: _hjid Value: 54fba956-e245-4057-bf82-8b81166fd09f
.intezer.com/	1969-12-31 23:59:59	Name: _hjTLDTest Value: 1
.intezer.com/	1970-01-19 18:50:36	Name: _dc_gtm_UA-97741055-8 Value: 1
www.intezer.com/	1970-01-19 18:50:40	Name: _gauges_unique_hour Value: 1
.intezer.com/	1970-01-20 12:21:48	Name: _ga Value: GA1.2.1965778559.1623036765
.intezer.com/	1970-01-19 18:50:36	Name: _gat_UA-97741055-1 Value: 1
.intezer.com/	1970-01-19 18:52:03	Name: _gid Value: GA1.2.1890616908.1623036765
.intezer.com/	1970-01-19 21:00:12	Name: _gcl_au Value: 1.1.303063617.1623036764

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/js/jquery-3.2.1.min.js?ver=8cd8feb99bae61375da2ecb5e8330829(Line 2) Message: jQuery.Deferred exception: flase is not defined ReferenceError: flase is not defined at HTMLDocument.<anonymous> (https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/:949:18) at j (https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/js/jquery-3.2.1.min.js?ver=8cd8feb99bae61375da2ecb5e8330829:2:29999) at k (https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/js/jquery-3.2.1.min.js?ver=8cd8feb99bae61375da2ecb5e8330829:2:30313) undefined
console-api	warning	URL: https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/js/jquery-3.2.1.min.js?ver=8cd8feb99bae61375da2ecb5e8330829(Line 2) Message: jQuery.Deferred exception: Cannot read property 'getItem' of null TypeError: Cannot read property 'getItem' of null at _default.get (https://149520725.v2.pressablecdn.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.2.3:2:56236) at _default.setViewsAndSessions (https://149520725.v2.pressablecdn.com/wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js?ver=3.2.2:2:94783) at new _default (https://149520725.v2.pressablecdn.com/wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js?ver=3.2.2:2:94534) at Function.<anonymous> (https://149520725.v2.pressablecdn.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.2.2:2:23095) at Function.each (https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/js/jquery-3.2.1.min.js?ver=8cd8feb99bae61375da2ecb5e8330829:2:2765) at ElementorProFrontend.initModules (https://149520725.v2.pressablecdn.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.2.2:2:23060) at ElementorProFrontend.onElementorFrontendInit (https://149520725.v2.pressablecdn.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.2.2:2:23316) at dispatch (https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/js/jquery-3.2.1.min.js?ver=8cd8feb99bae61375da2ecb5e8330829:3:10316) at q.handle (https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/js/jquery-3.2.1.min.js?ver=8cd8feb99bae61375da2ecb5e8330829:3:8343) at Object.trigger (https://149520725.v2.pressablecdn.com/wp-content/themes/intezer-v2/js/jquery-3.2.1.min.js?ver=8cd8feb99bae61375da2ecb5e8330829:4:5628) undefined

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

149520725.v2.pressablecdn.com
analytics.twitter.com
api.hubspot.com
c0.wp.com
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
gate.rapidsec.net
googleads.g.doubleclick.net
intezer.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.usemessages.com
pixel.wp.com
px.ads.linkedin.com
px4.ads.linkedin.com
script.hotjar.com
secure.gaug.es
snap.licdn.com
static.addtoany.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
stats.wp.com
t.co
track.hubspot.com
vars.hotjar.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.intezer.com
www.linkedin.com
gate.rapidsec.net
104.244.42.195
104.244.42.197
108.174.10.14
151.101.12.157
172.217.18.98
192.0.76.3
192.0.77.37
192.0.77.39
199.16.172.82
2606:4700:10::ac43:2794
2606:4700::6811:44b0
2606:4700::6811:d2cc
2606:4700::6811:eccc
2606:4700::6812:14bf
2606:4700::6813:9a53
2606:4700::6813:9b53
2606:4700:e2::ac40:8822
2620:119:50e4:101::6cae:b55
2620:1ec:21::14
2a00:1450:4001:809::2003
2a00:1450:4001:80e::2002
2a00:1450:4001:827::200e
2a00:1450:4001:828::2003
2a00:1450:4001:828::2004
2a00:1450:4001:82a::2008
2a00:1450:4001:831::2003
2a00:1450:4001:831::200a
2a00:1450:400c:c04::9c
2a02:26f0:6c00:2b0::25ea
2a03:2880:f045:10:face:b00c:0:3
3.220.127.53
52.85.170.122
52.85.170.33
52.85.170.51
016ab0bd0de4839680e4a717a57db9b182a8c2c5fdeec4c24db7a8df761fca4d
0293c16af0d73085ea6d8749a3fc4b5180cffbb63164dad93fa89660bf9d7814
070edfef42e0980783d0acf8fa9ca6a9833b994eca13ffaa94e9a2deb47c92cf
09e49519e764c6de6610599a3b50980db2a6985d7cb44103d6fe41bf497bbccd
0c58687b5364ec205f8c31b0f4a3635c2db5fdb252b7e8b3ee904b90b046bd41
0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c
0cd851e5b33af0fbb354df65506da39807b998e07723f3d08aba5179fa2ed97e
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
0ee9c550ecb0df980717f3331dc2a2fb027734a0b09c909e9d06e13515d8cac8
101b5363d0c78d7ee3cfe6f75fa8533c5aca74232bf048ecc2859c2736f85958
12ab3055558fe541bbd70df670dfeaa2f778cc13cd1074b7c5e79ed1a20f86ac
161dab58676b279f43addcbc3f800ac11276f20f15866ba7f7b5c60bc01b065b
176bf34c69ad4b716195073e854bcb902e052f159870b34de9886245f48bec6c
1912517df4c9905bfa968af73e0e640b1ec8159d947bd72c6039ab8b3cb7e5e2
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1d7da068d684e4e7b67a456dc8ebb4cd2fa2a090cb28cf746ce86b82be44aa98
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
20a84f304abfaf56bb829a84199344bca40bf7d4dba451e109a840cbdf728436
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
21a9753c3327bf6348a1e76b45a2a620694f77283564c6728068467cf1b3868b
24e5c659dc7089322d8a0bc6d164cea1d703f6cfaa483a4939bc86e5dc172670
2989e0b9e836cb9de3274d641ec6a58c2052f039e790ddd59b22303930bfdeeb
29a73b0570ae43397755b8a643ec327571875b35a3ae24251e585e022b44ac15
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2cd9de3dd26246204749cff259bc34e8e6a47ae5d6e4528b9b28c75d68d50cde
2f43834f6edfa66b7a0fdc9d6e2178047a399d6e5e5caec34af8212a65973a9a
30a949187cdd1c73e43b3bdee9398a9ae27f403a9481999fc9f5f946d8af0079
3167a1a4cda80b0f7258edfddb30c6030036358d9b424a71ba473eaa54685f89
346da8bccb59421d424120ccbc3ca6b9c44eb95213519652c9b6aa2204c4a4df
3ba5369627fc324f2d2c47f44c8da30769d2a3ccbe8110b9bd5eec9585e42a09
3c3ef9998414972b985076a5202e016ad4a71f9052eb1da62be10ed8f2752cc7
3cd4435683f31935fe9fac4db83d9a8c232cfe0849eb2db5c561b839066b0608
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
4135b9ba8f2a5dad50910bff31b4fd8d03ba28d90f77d307bf8d394116d00a9f
437ab1122de69cfb9f59c9ff5c4b7276183a6b3e6431b35ed8d65f1fb50a23cf
452d513b1ef9c6cb1afbe50a84b02c065daf5f3f459c556fbbbd6daa7fe15bbc
4883aa29da64b6570fc4f5baa4cc519cb5dcf0a7e6d8fa4d218b175479aced0b
4a7ee62eb33f3bbb66c2151e5cac6bf4904e28302efc36128f3e3ccae6fde580
4cf52cc73734aa71f26f6a10be9aeec89602af45bf0f9abd5c8445a076c1ae1a
4da18cf3cfa4b3d576d9eda3450e2773c95ad8a660ec2998c7a7287f4191daf7
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
50256cfce97d89e5028589f385b76f7e1ba5af3f5a5a8b85b50ea7a0984208ce
504d394f183d7c0a768d4604a848894965810382dc6d61f6dded6f09c524ab99
50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1
51e78e904c795ed5b0154a9995d1ab0b7e3667f5aede719bda86ba38236c5989
534708b43bc02cb8910f2c21a92047c6590f02ff62fee2f2b328fbb3839e7e6b
570a4964629f982285ef5282d47767738b4ef2f75cb8bad8ccfc206683ee1d0d
59a52d56e2e1e559b000518213ed14138c1e065d28e766f844be1f0c8ade608a
5a1b737b86a66360a825df3c28f91ca2140a49954967a4f56cc3d90502e24897
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5cd92ecc87b6f2ed90dd548ba471c8f99507c8118633e3bdbcb5982429c70cc7
5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2
5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f
603f9617adb686097437a6be81a71e69ef4f3c80870fb1366853d0a07b8cf8ad
65a52f6e516f0c632596218b193336646905690934acda722c840c621d7e56d4
65ab45f57a63994e78a6cc0186a9b3a42132e97dfe8b1d29d67b0bec86948a8e
65f5e116b152127853bcceef2864070a979cfac6f9fac3a6a3800709db4d809c
6876bf16807ef989b32be5002d203ffb26a5814546c28164008fd79261f7cd44
6bebe6bf7abf43624ab1ed62cabc6a1e1d9d5f1cea38042e516439b5391c1621
703f7529d952cf134c04e123a9960e72123d3b24e3cea4c191bfed9364067502
72f3361dff4cf033aa1c6175a169dae768512afcbeb9f730f520ddb617674a5b
734160057d9682a89035825f63793cd0f945523efa3f8d33b8bef89bd7bdef5e
751d5192326ddefce3e87157f7c9355217cdad7b4a969b5dd3161b4453671389
756d5ab312ed40aca43747b1b8bd8f9886fb2403e4849b96f8a51714b6699adf
771cd20f126a080a69152860df93ce92e3d496576ac5542ce7211571c6990e05
798fc2c915359f6150a44c360dfba563290e7d157525b70d9ad3150330fed1ac
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9
7d803703e5fb2bda3fa193c95eef98250f6f63dba835bf8af97c0b6c44dfcfd4
80bd626eb6d57112072a508ee4e5ce3c2fe5673fe0a5d029810033b24aaa5e9f
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
88264adf3d3193fb56c229f0b92e2a6096770eb76996d1fedc95f5bcb208ccda
8e1d3542f4ea0a232b64a279e38b4cc9d666ae94a91abd25fff1a165194322cb
9026b5846e1d90ce06c0fc69530a30275a1e4e0161e8a72dac9bc2f647d9d1a3
927d5436967ebce8a52c4bdcd27cc056c910a72270f74990dfbd1d554840c12d
95f6a0b5a067ad164c47e799f8cc9b10b43eb6ebcbf0da2ec1672491f21e9f33
969f9c1b72eaa268385c8f1ddf02b07ef971d0e2d4d83921014531a4b9a75969
97763070290ffc306f05f7534349402de64375ab6dbd182513c0a195b8e9d4a3
97d7a6a99d78ef625f666a5eadb2ebc807a035af276abf045f87050e1be2761d
993b54391ed7524e6f321326d0f7bd2ed8f92bcf4e08bb1efc988ca16546807c
9ba02497432cb1d3ca46d8440b481900261a960e19290f85535bcb3e09279dad
9bea4073ca8eb9ea977081e0eaa614b3be5d03b818469694825e7849bbe1cc28
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
a48dea362116d7516a2cf97066a32758d353760ee02dbf900ddff86b02a16473
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
af2e2283ffc4d9ca0e8be05032a6e2d7fe7daa868ad02fa1f61fc648e08336b8
b23f49f504faa32aac548b6662ffd64412f6738496fab8be38da46c5b7121804
b394d33b2a7ec654a6b037ebfda6618341b3f897a362be624c923c2711b54a43
b71548d2537431e416db90a18717075286bc86b2d59da72345956d281ef0adb9
bb434f0328d6d816d30aa942a808091339df83946b3be1e3ef476873cf83d8f6
bf36249b751f96358eda5fd74bb5104bb379e0c493e5c7c161e5a24091489dd9
c1ccd5d2932fb9abb18eb7593746ab59969161721e828b5270ffe8834a78bf4a
c38df4a2300e1acd22e8547908f1c0815e4232522aed59fd2d45942480b56f4c
c40a0cdd5ab5dcc4da78066f70839808bb4ee8fb2f3360dec64fde438770b099
c51b35355049a1129d46108fd3fd228a8b790d2e139b21434271813f939d144f
c6c82452d4595c717df8f740c6f9ff4e6ae5bc1bb9f716584b27f457f18a1d04
c8e4d15df5aa242685561e00e00f25f6771e62d1a60cae70073c58a34b3c324a
d36e5d7328268d21c6941039a7b6a15c7ed7414f60dbee72d2231d11ac9bdaf3
d8c4555b145c6014f44500d8220936eda92233b4de0e6029c43cf702c01fff04
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dc19c2e40e42974f0416a3f4cc97e2dbb85a5b5598b76a75e9254164922e7be0
dc442aa7ed9543e11d71857b9812fad7f17dde2f17c345aebaf6ae4ca9b40ff1
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df2351b3acbe8a38d3844bed5e4fcdc3aaa0b237b9ad3b5948d713fb63cc9641
df2698e6cf74ed890afa92da10051f880df2ce0b3257b73c5d9ae2f6bea82d3c
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb
e36eaa6e7cebbd4138dfb008ee3d53ab8195f45953b0f4f27d0d8156ab059021
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e816ebb5703703e834e7a86dc54fe2405d0a2e6da8042644016bb49b3be6cc92
e85052e09a7415a2ab775cc198a96dc956d9de42b90541a5cdc9c5c176725745
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef7d760ee20a28f1e59bdd228bb10705687f5397d3c98d108a7f8c1247b9ad18
f11a7785433cc752677f67bf0787fc92a016405e04470cceafc1f8c37f448d87
f27202a0093e578bac959e37a4944ad6f55a537a7c2d36d2733046e0d2d42c67
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f63f9da97a793227b906f8baf1ef3299ed5fa10ec94ad03f920a863c613dce1e
f909a31bfd7a13b9dd53e98b5652f13f4782fdfd1653dc4befade7386c087371
fa421b6ebbd2fb474d3a3866409ce6c1efd120b47ff256fffb8f8f50d556d3d9
fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c
ffa4270ba21ba229a7f59a6f54eac2ba8a7c8619dbb323548ceaf9d18bcbc41e

www.intezer.com Open in urlscan Pro 199.16.172.82 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

323 Requests

57 %HTTPS

62 %IPv6

26 Domains

36 Subdomains

33 IPs

4 Countries

1695 kBTransfer

4917 kBSize

19 Cookies

14 Outgoing links

Page URL History

Redirected requests

323 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.intezer.com Open in urlscan Pro
199.16.172.82 Public Scan

Screenshot
Live screenshot

Full Image

323
Requests

57 %
HTTPS

62 %
IPv6

26
Domains

36
Subdomains

33
IPs

4
Countries

1695 kB
Transfer

4917 kB
Size

19
Cookies

323 HTTP transactions
2 data transactions